Recreating PR

docs/doc-exports#546

docs/cbr/umn/cbr_01_0001.html

@@ -10,7 +10,7 @@
 </li>
 <li class="ulchildlink"><strong><a href="cbr_01_0003.html">Functions</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="cbr_01_0011.html">Permissions</a></strong><br>
+<li class="ulchildlink"><strong><a href="cbr_01_0011.html">Permissions Management</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="cbr_01_0014.html">User Permissions</a></strong><br>
 </li>

docs/cbr/umn/cbr_03_0001.html

@@ -12,8 +12,6 @@
 </li>
 <li class="ulchildlink"><strong><a href="cbr_03_0006.html">Expanding Vault Capacity</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="cbr_03_0009.html">Replicating a Vault</a></strong><br>
-</li>
 <li class="ulchildlink"><strong><a href="cbr_03_0010.html">Managing Vault Tags</a></strong><br>
 </li>
 </ul>

docs/cbr/umn/cbr_03_0009.html

@@ -1,44 +0,0 @@
-<a name="cbr_03_0009"></a><a name="cbr_03_0009"></a>
-
-<h1 class="topictitle1">Replicating a Vault</h1>
-<div id="body1552566080380"><p id="cbr_03_0009__p8060118">CBR allows you to replicate any of the following vaults entirely to a replication vault in a different region: a server backup vault or an SFS Turbo backup vault. Replicas of server backups in the destination region can be used to create images and provision servers. Replicas of SFS Turbo backups in the destination region can be used to create file systems.</p>
-<p id="cbr_03_0009__p15126927182516">There are two methods available for replicating a vault.</p>
-<ul id="cbr_03_0009__ul20712163532818"><li id="cbr_03_0009__li1971223522810">Manual replication: Select a backup vault and manually replicate it.</li><li id="cbr_03_0009__li167127356281">Policy-based replication: Configure a replication policy to periodically replicate backups that have not been replicated or failed to be replicated to the destination region.</li></ul>
-<div class="section" id="cbr_03_0009__section789722492715"><h4 class="sectiontitle">Constraints</h4><ul id="cbr_03_0009__ul1267523391913"><li id="cbr_03_0009__li10969185125512">Disk backup vaults cannot be replicated to other regions.</li><li id="cbr_03_0009__li565012315368">The replication speed of a single backup is about 80 MB/s. A maximum of eight backups can be replicated at a time.</li><li id="cbr_03_0009__li7599105694010">Backup data can be replicated to vaults in different regions, and backup replicas occupy the replication vault space.</li><li id="cbr_03_0009__li10231961759">A server backup vault can be replicated only when it contains at least one backup that meets all the following conditions:<ol id="cbr_03_0009__ol9473164220520"><li id="cbr_03_0009__li154738421157">The backup is an ECS backup.</li><li id="cbr_03_0009__li90602061">The backup contains system disk data.</li><li id="cbr_03_0009__li15472157662">The backup is in the <strong id="cbr_03_0009__b697771710419">Available</strong> state.</li></ol>
-</li><li id="cbr_03_0009__li1861429194419">Only backup vaults can be replicated. Replicated vaults cannot be replicated again but their replicas can be used to create images or SFS Turbo file systems.</li><li id="cbr_03_0009__li048874212113">A backup vault can be replicated to different destination regions. The replication rule varies with the replication method:<ul id="cbr_03_0009__ul998911584166"><li id="cbr_03_0009__li17127145716162">Manual replication: A backup can be manually replicated to the destination region as long as it has no replica in that region. A backup can be manually replicated again if its replica in the destination region has been deleted.</li><li id="cbr_03_0009__li5822040101816">Policy-based replication: A backup can only be automatically replicated to a destination region once. It cannot be automatically replicated to that region again, even if its replica has been deleted.</li></ul>
-</li><li id="cbr_03_0009__li6863321132917">Only replication-supported regions can be selected as destination regions.</li></ul>
-</div>
-<div class="section" id="cbr_03_0009__section557592418333"><h4 class="sectiontitle">Procedure</h4><ol id="cbr_03_0009__ol1874051745215"><li id="cbr_03_0009__li21012745223034"><span>Log in to CBR Console.</span><p><ol type="a" id="cbr_03_0009__cbr_02_0003_ol6567385123151"><li id="cbr_03_0009__cbr_02_0003_li5480597823151">Log in to the management console.</li><li id="cbr_03_0009__cbr_02_0003_li69106284253">Click <span><img id="cbr_03_0009__cbr_02_0003_image1844744225011" src="en-us_image_0159365094.png"></span> in the upper left corner and select your region and project.</li><li id="cbr_03_0009__cbr_02_0003_li4225424523410">Choose <strong id="cbr_03_0009__cbr_02_0003_b9848171719318">Storage</strong> &gt; <strong id="cbr_03_0009__cbr_02_0003_b78492017634">Cloud Backup and Recovery</strong>. Choose your desired type of backup from the left navigation pane.</li></ol>
-</p></li><li id="cbr_03_0009__li840501215253"><span>On the <strong id="cbr_03_0009__b7675112910151">Vaults</strong> tab, find the target backup vault.</span></li><li id="cbr_03_0009__li16567191374810"><span>Choose <strong id="cbr_03_0009__b9441124171513">More</strong> &gt; <strong id="cbr_03_0009__b16656165041510">Create Replica</strong> in the <strong id="cbr_03_0009__b1938531520167">Operation</strong> column of the vault.</span><p><p id="cbr_03_0009__p81301051103218"></p>
-<p id="cbr_03_0009__p4444104532418"></p>
-</p></li><li id="cbr_03_0009__li115411032165911"><span>In the displayed dialog box, configure the parameters as described in <a href="#cbr_03_0009__table4829135361311">Table 1</a>.</span><p>
-<div class="tablenoborder"><a name="cbr_03_0009__table4829135361311"></a><a name="table4829135361311"></a><table cellpadding="4" cellspacing="0" summary="" id="cbr_03_0009__table4829135361311" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="cbr_03_0009__row148305532138"><th align="left" class="cellrowborder" valign="top" width="19%" id="mcps1.3.5.2.4.2.1.2.3.1.1"><p id="cbr_03_0009__p083065318138">Parameter</p>
-</th>
-<th align="left" class="cellrowborder" valign="top" width="81%" id="mcps1.3.5.2.4.2.1.2.3.1.2"><p id="cbr_03_0009__p083019532138">Description</p>
-</th>
-</tr>
-</thead>
-<tbody><tr id="cbr_03_0009__row2014994311204"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.5.2.4.2.1.2.3.1.1 "><p id="cbr_03_0009__p191503436203">Destination Region</p>
-</td>
-<td class="cellrowborder" valign="top" width="81%" headers="mcps1.3.5.2.4.2.1.2.3.1.2 "><p id="cbr_03_0009__p1015144311201">Region to which the vault is replicated</p>
-<p id="cbr_03_0009__p72428443214">Only the regions that support replication will be displayed.</p>
-<ul id="cbr_03_0009__ul649081582612"><li id="cbr_03_0009__li949061582616">If the selected region contains only one project, you can directly select the region name.</li><li id="cbr_03_0009__li1281912110273">If the selected region has multiple projects, the default project of the region is selected. You can select another project if needed.</li></ul>
-</td>
-</tr>
-<tr id="cbr_03_0009__row544633365118"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.5.2.4.2.1.2.3.1.1 "><p id="cbr_03_0009__p298818217255">Destination Vault</p>
-</td>
-<td class="cellrowborder" valign="top" width="81%" headers="mcps1.3.5.2.4.2.1.2.3.1.2 "><p id="cbr_03_0009__p1698814210251">A replication vault in the destination region</p>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</p></li><li id="cbr_03_0009__li14342132914300"><span>Click <span class="uicontrol" id="cbr_03_0009__uicontrol1846460528182651"><b>OK</b></span>.</span></li><li id="cbr_03_0009__li12306124623915"><span>After the replication is complete, you can switch to the destination region to view generated replicas. For details, see <a href="cbr_03_0002.html">Querying a Vault</a>. You can then use replicas to create images.</span></li></ol>
-</div>
-</div>
-<div>
-<div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="cbr_03_0001.html">Vault Management</a></div>
-</div>
-</div>
-

docs/cbr/umn/cbr_03_0012.html

@@ -16,8 +16,6 @@
 </li>
 <li class="ulchildlink"><strong><a href="cbr_03_0107.html">Using a Backup to Create a File System</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="cbr_03_0018.html">Replicating a Backup Across Regions</a></strong><br>
-</li>
 </ul>
 </div>
 

docs/cbr/umn/cbr_03_0018.html

@@ -1,64 +0,0 @@
-<a name="cbr_03_0018"></a><a name="cbr_03_0018"></a>
-
-<h1 class="topictitle1">Replicating a Backup Across Regions</h1>
-<div id="body1552374223327"><p id="cbr_03_0018__p14400544191818">CBR enables you to replicate server backups and SFS Turbo backups from one region to another. In the destination region:</p>
-<ul id="cbr_03_0018__ul915245817187"><li id="cbr_03_0018__li19152105861818">Replicas of server backups can be used to create images and provision servers.</li><li id="cbr_03_0018__li115215586186">Replicas of SFS Turbo backups can be used to create file systems.</li></ul>
-<p id="cbr_03_0018__p1193419151918">With cross-region replication, you can quickly deploy services in a different region. Data on the new resource in the destination region is the same as that on the original resource when you took the backup. </p>
-<p id="cbr_03_0018__en-us_topic_0108958938_p8060118">You can replicate backups in either of the following methods on CBR Console:</p>
-<ul id="cbr_03_0018__ul1287051981912"><li id="cbr_03_0018__li188703195199">Select a backup from the backup list and manually perform a replication.</li><li id="cbr_03_0018__li1844029192011">Select a backup vault and manually replicate it. Alternatively, you can configure a replication policy to periodically replicate backups that have not been replicated or failed to be replicated to the destination region.</li></ul>
-<p id="cbr_03_0018__p1292301416555">This section uses the first method to describe how to replicate a backup. For details about the second method, see <a href="cbr_03_0009.html">Replicating a Vault</a>.</p>
-<div class="note" id="cbr_03_0018__note634453912712"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cbr_03_0018__p1634533942710">The replication constraints apply to both replication methods.</p>
-</div></div>
-<div class="section" id="cbr_03_0018__section789722492715"><h4 class="sectiontitle">Constraints</h4><ul id="cbr_03_0018__ul1267523391913"><li id="cbr_03_0018__li57912194596">Cloud disk backups cannot be replicated to other regions.</li><li id="cbr_03_0018__li10231961759">A server backup can be replicated only when it meets all the following conditions:<ol id="cbr_03_0018__ol9473164220520"><li id="cbr_03_0018__li154738421157">It is an ECS backup.</li><li id="cbr_03_0018__li90602061">It contains system disk data.</li><li id="cbr_03_0018__li15472157662">It is in the <strong id="cbr_03_0018__b88811264118">Available</strong> state.</li></ol>
-</li><li id="cbr_03_0018__li1861429194419">Only backups or backup vaults can be replicated. Replicated backups and vaults cannot be replicated again but their replicas can be used to create images or SFS Turbo file systems.</li><li id="cbr_03_0018__li048874212113">A backup can be replicated to multiple regions but can have only one replica in each destination region. The replication rule varies with the replication method:<ul id="cbr_03_0018__ul998911584166"><li id="cbr_03_0018__li17127145716162">Manual replication: A backup can be manually replicated to the destination region as long as it has no replica in that region. A backup can be manually replicated again if its replica in the destination region has been deleted.</li><li id="cbr_03_0018__li5822040101816">Policy-based replication: A backup can only be automatically replicated to a destination region once. It cannot be automatically replicated to that region again, even if its replica has been deleted.</li></ul>
-</li><li id="cbr_03_0018__li6863321132917">Only replication-supported regions can be selected as destination regions.</li></ul>
-</div>
-<div class="section" id="cbr_03_0018__section1724184651718"><h4 class="sectiontitle">Procedure</h4><ol id="cbr_03_0018__ol1874051745215"><li id="cbr_03_0018__li21012745223034"><span>Log in to CBR Console.</span><p><ol type="a" id="cbr_03_0018__cbr_02_0003_ol6567385123151"><li id="cbr_03_0018__cbr_02_0003_li5480597823151">Log in to the management console.</li><li id="cbr_03_0018__cbr_02_0003_li69106284253">Click <span><img id="cbr_03_0018__cbr_02_0003_image1844744225011" src="en-us_image_0159365094.png"></span> in the upper left corner and select your region and project.</li><li id="cbr_03_0018__cbr_02_0003_li4225424523410">Choose <strong id="cbr_03_0018__cbr_02_0003_b9848171719318">Storage</strong> &gt; <strong id="cbr_03_0018__cbr_02_0003_b78492017634">Cloud Backup and Recovery</strong>. Choose your desired type of backup from the left navigation pane.</li></ol>
-</p></li><li id="cbr_03_0018__li840501215253"><span>Click the <span class="wintitle" id="cbr_03_0018__wintitle449818062914"><b>Backups</b></span> tab and locate the desired backup. For details, see <a href="cbr_03_0013.html">Viewing a Backup</a>.</span></li><li id="cbr_03_0018__li21461652192220"><span>Choose <span class="uicontrol" id="cbr_03_0018__uicontrol733024416318"><b>More</b></span> &gt; <span class="uicontrol" id="cbr_03_0018__uicontrol63401344432"><b>Create Replica</b></span> in the <strong id="cbr_03_0018__b441116422054">Operation</strong> column of the backup.</span><p><p id="cbr_03_0018__p67105374116"></p>
-<p id="cbr_03_0018__p18565322154719"></p>
-</p></li><li id="cbr_03_0018__li115411032165911"><span>In the displayed dialog box, configure the parameters as described in <a href="#cbr_03_0018__table4829135361311">Table 1</a>.</span><p>
-<div class="tablenoborder"><a name="cbr_03_0018__table4829135361311"></a><a name="table4829135361311"></a><table cellpadding="4" cellspacing="0" summary="" id="cbr_03_0018__table4829135361311" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="cbr_03_0018__row148305532138"><th align="left" class="cellrowborder" valign="top" width="19%" id="mcps1.3.9.2.4.2.1.2.3.1.1"><p id="cbr_03_0018__p083065318138">Parameter</p>
-</th>
-<th align="left" class="cellrowborder" valign="top" width="81%" id="mcps1.3.9.2.4.2.1.2.3.1.2"><p id="cbr_03_0018__p083019532138">Description</p>
-</th>
-</tr>
-</thead>
-<tbody><tr id="cbr_03_0018__row1783115313136"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.9.2.4.2.1.2.3.1.1 "><p id="cbr_03_0018__p3831135341313">Name</p>
-</td>
-<td class="cellrowborder" valign="top" width="81%" headers="mcps1.3.9.2.4.2.1.2.3.1.2 "><p id="cbr_03_0018__p1183119535130">Replica name</p>
-<p id="cbr_03_0018__p12831145311135">A name must contain 1 to 64 characters including digits, letters, underscores (_), or hyphens (-).</p>
-</td>
-</tr>
-<tr id="cbr_03_0018__row3831195371315"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.9.2.4.2.1.2.3.1.1 "><p id="cbr_03_0018__p9831185391318">Description</p>
-</td>
-<td class="cellrowborder" valign="top" width="81%" headers="mcps1.3.9.2.4.2.1.2.3.1.2 "><p id="cbr_03_0018__p10831853181310">Replica description</p>
-<p id="cbr_03_0018__p10831135391313">It cannot exceed 255 characters.</p>
-</td>
-</tr>
-<tr id="cbr_03_0018__row2014994311204"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.9.2.4.2.1.2.3.1.1 "><p id="cbr_03_0018__p191503436203">Destination Region</p>
-</td>
-<td class="cellrowborder" valign="top" width="81%" headers="mcps1.3.9.2.4.2.1.2.3.1.2 "><p id="cbr_03_0018__p1015144311201">Region to which the backup is replicated</p>
-<p id="cbr_03_0018__p72428443214">Only the regions that support replication will be displayed.</p>
-<ul id="cbr_03_0018__ul649081582612"><li id="cbr_03_0018__li949061582616">If the selected region contains only one project, you can directly select the region name.</li><li id="cbr_03_0018__li1281912110273">If the selected region has multiple projects, the default project of the region is selected. You can select another project if needed.</li></ul>
-</td>
-</tr>
-<tr id="cbr_03_0018__row209875216258"><td class="cellrowborder" valign="top" width="19%" headers="mcps1.3.9.2.4.2.1.2.3.1.1 "><p id="cbr_03_0018__p298818217255">Destination Vault</p>
-</td>
-<td class="cellrowborder" valign="top" width="81%" headers="mcps1.3.9.2.4.2.1.2.3.1.2 "><p id="cbr_03_0018__p1698814210251">A replication vault in the destination region</p>
-<p id="cbr_03_0018__p1593118156108">You can replicate backups to vaults in multiple destination regions. Creating replica will replicate all backups in the source vault to the destination vault.</p>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-<div class="note" id="cbr_03_0018__note7700143719478"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cbr_03_0018__p1670113717472">The traffic for cross-region replication is the size of the replicated backup.</p>
-</div></div>
-</p></li><li id="cbr_03_0018__li14342132914300"><span>Click <span class="uicontrol" id="cbr_03_0018__uicontrol17337161016312"><b>OK</b></span>.</span></li><li id="cbr_03_0018__li12306124623915"><span>After the replication is complete, you can switch to the destination region to view generated replicas. For details, see <a href="cbr_03_0013.html">Viewing a Backup</a>. You can then use replicas to create images.</span></li></ol>
-</div>
-</div>
-<div>
-<div class="familylinks">
-<div class="parentlink"><strong>Parent topic:</strong> <a href="cbr_03_0012.html">Backup Management</a></div>
-</div>
-</div>
-

docs/cbr/umn/cbr_03_0024.html

@@ -6,8 +6,6 @@
 <ul class="ullinks">
 <li class="ulchildlink"><strong><a href="cbr_03_0025.html">Creating a Backup Policy</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="cbr_03_0026.html">Creating a Replication Policy</a></strong><br>
-</li>
 <li class="ulchildlink"><strong><a href="cbr_03_0027.html">Modifying a Policy</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="cbr_03_0028.html">Deleting a Policy</a></strong><br>

docs/cbr/umn/cbr_03_0025.html

@@ -8,7 +8,7 @@
 </div>
 <div class="section" id="cbr_03_0025__section994083714511"><h4 class="sectiontitle">Procedure</h4><ol id="cbr_03_0025__ol27614245223034"><li id="cbr_03_0025__li4260921102020"><span>Log in to CBR Console.</span><p><ol type="a" id="cbr_03_0025__cbr_02_0003_ol6567385123151"><li id="cbr_03_0025__cbr_02_0003_li5480597823151">Log in to the management console.</li><li id="cbr_03_0025__cbr_02_0003_li69106284253">Click <span><img id="cbr_03_0025__cbr_02_0003_image1844744225011" src="en-us_image_0159365094.png"></span> in the upper left corner and select your region and project.</li><li id="cbr_03_0025__cbr_02_0003_li4225424523410">Choose <strong id="cbr_03_0025__cbr_02_0003_b9848171719318">Storage</strong> &gt; <strong id="cbr_03_0025__cbr_02_0003_b78492017634">Cloud Backup and Recovery</strong>. Choose your desired type of backup from the left navigation pane.</li></ol>
 </p></li><li id="cbr_03_0025__li485913287107"><span>Choose <strong id="cbr_03_0025__b1993012214593">Policies</strong> and click the <strong id="cbr_03_0025__b7941182114593">Backup Policies</strong> tab. In the upper right corner, click <strong id="cbr_03_0025__b1394392119592">Create Policy</strong>. See <a href="#cbr_03_0025__fig83663164139">Figure 1</a>.</span><p><div class="fignone" id="cbr_03_0025__fig83663164139"><a name="cbr_03_0025__fig83663164139"></a><a name="fig83663164139"></a><span class="figcap"><b>Figure 1 </b>Creating a backup policy</span></div>
-<p id="cbr_03_0025__p1668624122312"></p>
+<p id="cbr_03_0025__p12130111833"></p>
 <p id="cbr_03_0025__p165862441242"><span><img id="cbr_03_0025__image9166145918536" src="en-us_image_0224255894.png" title="Click to enlarge" class="imgResize"></span></p>
 <p id="cbr_03_0025__p18152163212620"></p>
 <p id="cbr_03_0025__p5865191065212"></p>
@@ -61,7 +61,7 @@
 </td>
 <td class="cellrowborder" valign="top" width="50.505050505050505%" headers="mcps1.3.5.2.3.2.1.2.4.1.2 "><p id="cbr_03_0025__p3110528133312">Select a backup frequency.</p>
 <ul id="cbr_03_0025__ul31107284337"><li id="cbr_03_0025__li4111828123317"><strong id="cbr_03_0025__b648013662219">Week-based cycle</strong><p id="cbr_03_0025__p11111172833311">Specifies on which days of each week the backup task will be executed. You can select multiple days.</p>
-</li><li id="cbr_03_0025__li121117285335"><strong id="cbr_03_0025__b336993650">Custom cycle</strong><p id="cbr_03_0025__p2111928123319">Specifies the interval (every 1 to 30 days) for executing the backup task.</p>
+</li><li id="cbr_03_0025__li121117285335"><strong id="cbr_03_0025__b1953507740">Custom cycle</strong><p id="cbr_03_0025__p2111928123319">Specifies the interval (every 1 to 30 days) for executing the backup task.</p>
 </li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="33.333333333333336%" headers="mcps1.3.5.2.3.2.1.2.4.1.3 "><p id="cbr_03_0025__p311122893310">Every day</p>

docs/cbr/umn/cbr_03_0046.html

@@ -8,13 +8,7 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="cbr_03_0046__row12353149101611"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="cbr_03_0046__p183531981618">2023-04-19</p>
-</td>
-<td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="cbr_03_0046__p11453829111615">This issue is the twenty-first official release, which incorporates the following changes:</p>
-<ul id="cbr_03_0046__ul77922034171614"><li id="cbr_03_0046__li879216347166">Added section "Replicating a Backup Across Regions."</li><li id="cbr_03_0046__li240516242172">Added section "Replicating a Vault."</li><li id="cbr_03_0046__li81683791814">Added section "Creating a Replication Policy."</li></ul>
-</td>
-</tr>
-<tr id="cbr_03_0046__row199071647182911"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="cbr_03_0046__p5820952202912">2023-04-18</p>
+<tbody><tr id="cbr_03_0046__row199071647182911"><td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.1.1.3.1.1 "><p id="cbr_03_0046__p5820952202912">2023-04-18</p>
 </td>
 <td class="cellrowborder" valign="top" width="82%" headers="mcps1.3.1.1.3.1.2 "><p id="cbr_03_0046__p16907104702916">This issue is the twentieth official release, which incorporates the following change:</p>
 <p id="cbr_03_0046__p871014171314">Added some CBR operations that can be recorded by CTS in section "Auditing."</p>

docs/cbr/umn/cbr_03_0047.html

@@ -1,7 +1,8 @@
 <a name="cbr_03_0047"></a><a name="cbr_03_0047"></a>
 
 <h1 class="topictitle1">Permissions Management</h1>
-<div id="body1559549042505"></div>
+<div id="body1559549042505"><p id="cbr_03_0047__p8060118"></p>
+</div>
 <div>
 <ul class="ullinks">
 <li class="ulchildlink"><strong><a href="cbr_03_0048.html">Creating a User and Granting CBR Permissions</a></strong><br>

docs/cbr/umn/cbr_03_0048.html

@@ -5,10 +5,10 @@
 <ul id="cbr_03_0048__ul65145145202"><li id="cbr_03_0048__li351561402014">Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing CBR resources.</li><li id="cbr_03_0048__li0515014192010">Grant only the permissions required for users to perform a specific task.</li><li id="cbr_03_0048__li75155148203">Entrust a cloud account or cloud service to perform efficient O&amp;M on your CBR resources.</li></ul>
 <p id="cbr_03_0048__p1651541420209">If your cloud account does not require individual IAM users, skip this section. If your account cannot meet your requirements, create IAM users by referring to <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0026.html" target="_blank" rel="noopener noreferrer">Identity and Access Management User Guide</a>.</p>
 <p id="cbr_03_0048__p5515114112016">Figure <a href="#cbr_03_0048__fig194521431175317">Figure 1</a> illustrates the procedure for granting permissions.</p>
-<div class="section" id="cbr_03_0048__section1881236181014"><h4 class="sectiontitle">Prerequisites</h4><p id="cbr_03_0048__p9819544172111">Learn about the permissions (see <a href="cbr_01_0011.html">Permissions</a>) supported by CBR and choose policies or roles according to your requirements. For the system policies of other services, see "Permissions".</p>
+<div class="section" id="cbr_03_0048__section1881236181014"><h4 class="sectiontitle">Prerequisites</h4><p id="cbr_03_0048__p9819544172111">You have learnt about <a href="cbr_01_0011.html">Permissions Management</a> and chosen the policies or roles according to your requirements. For the system policies of other services, see "System Permissions".</p>
 </div>
-<div class="section" id="cbr_03_0048__section3858134855017"><h4 class="sectiontitle">Process Flow</h4><div class="fignone" id="cbr_03_0048__fig194521431175317"><a name="cbr_03_0048__fig194521431175317"></a><a name="fig194521431175317"></a><span class="figcap"><b>Figure 1 </b>Process for granting CBR permissions</span><br><span><img id="cbr_03_0048__image11481182911611" src="en-us_image_0000001562229993.png" title="Click to enlarge" class="imgResize"></span></div>
-<ol id="cbr_03_0048__ol46562308273"><li id="cbr_03_0048__li3656183032711"><a name="cbr_03_0048__li3656183032711"></a><a name="li3656183032711"></a>Create a user group and assign permissions.<p id="cbr_03_0048__p166561530182716"><a name="cbr_03_0048__li3656183032711"></a><a name="li3656183032711"></a>Create a user group on the IAM console, and assign the <strong id="cbr_03_0048__b142413164561">CBR ReadOnlyAccess</strong> policy to the group.</p>
+<div class="section" id="cbr_03_0048__section3858134855017"><h4 class="sectiontitle">Process Flow</h4><div class="fignone" id="cbr_03_0048__fig194521431175317"><a name="cbr_03_0048__fig194521431175317"></a><a name="fig194521431175317"></a><span class="figcap"><b>Figure 1 </b>Process for granting CBR permissions</span><br><span><img class="vsd" id="cbr_03_0048__image105401230162018" src="en-us_image_0220982950.png"></span></div>
+<ol id="cbr_03_0048__ol46562308273"><li id="cbr_03_0048__li3656183032711"><a name="cbr_03_0048__li3656183032711"></a><a name="li3656183032711"></a>Create a user group and assign permissions to it.<p id="cbr_03_0048__p166561530182716"><a name="cbr_03_0048__li3656183032711"></a><a name="li3656183032711"></a>Create a user group on the IAM console, and assign the <strong id="cbr_03_0048__b142413164561">CBR ReadOnlyAccess</strong> policy to the group.</p>
 </li><li id="cbr_03_0048__li16561330122713">Create an IAM user and add it to the user group.<p id="cbr_03_0048__p165613052710"><a name="cbr_03_0048__li16561330122713"></a><a name="li16561330122713"></a>Create a user on the IAM console and add the user to the group created in <a href="#cbr_03_0048__li3656183032711">1</a>.</p>
 </li><li id="cbr_03_0048__li8656153082719">Log in and verify permissions.<p id="cbr_03_0048__p865613303275"><a name="cbr_03_0048__li8656153082719"></a><a name="li8656153082719"></a>Log in to CBR Console as the created user and verify that the user has read-only permissions for CBR.</p>
 <ul id="cbr_03_0048__ul162963396234"><li id="cbr_03_0048__li6296133992319">Choose <strong id="cbr_03_0048__b146613445810">Service List</strong> &gt; <strong id="cbr_03_0048__b14525183785814">Cloud Backup and Recovery</strong>. Then click <strong id="cbr_03_0048__b1159977165913">Create Server Backup Vault</strong> on CBR Console. If a message appears indicating that you do not have the permissions to perform the operation, the <strong id="cbr_03_0048__b8128143914592">CBR ReadOnlyAccess</strong> policy has already taken effect.</li><li id="cbr_03_0048__li8296039182311">Choose any other service in <strong id="cbr_03_0048__b4206055112419">Service List</strong>. If a message appears indicating that you do not have the permissions to access the service, the <strong id="cbr_03_0048__b2208125532413">CBR ReadOnlyAccess</strong> policy has already taken effect.</li></ul>
@@ -21,10 +21,3 @@
 </div>
 </div>
 
-
-<script language="JavaScript">
-<!--
-image_size('.imgResize');
-var msg_imageMax = "view original image";
-var msg_imageClose = "close";
-//--></script>

docs/cbr/umn/cbr_03_0050.html

@@ -1,10 +1,10 @@
 <a name="cbr_03_0050"></a><a name="cbr_03_0050"></a>
 
 <h1 class="topictitle1">Creating a Custom Policy</h1>
-<div id="body1559549042505"><p id="cbr_03_0050__p153751340284">You can create custom policies to supplement the system-defined policies of CBR. For the actions supported for custom policies, see section "Permissions Policies and Supported Actions" in <em id="cbr_03_0050__i538411571952">Cloud Backup and Recovery API Reference</em>.</p>
+<div id="body1559549042505"><p id="cbr_03_0050__p153751340284">You can create custom policies to supplement the system-defined policies of CBR. For the actions supported for custom policies, see section "Permissions Policies and Supported Actions" in <em id="cbr_03_0050__i1014319111511">Cloud Backup and Recovery API Reference</em>.</p>
 <p id="cbr_03_0050__p2079563182513">You can create custom policies in either of the following ways:</p>
 <ul id="cbr_03_0050__ul379563122510"><li id="cbr_03_0050__li18795123142512">Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.</li><li id="cbr_03_0050__li294510932511">JSON: Edit JSON policies from scratch or based on an existing policy.</li></ul>
-<p id="cbr_03_0050__p46531328205017">For details about how to create custom policies, see <a href="https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/fine-grained_policy_management/creating_a_custom_policy.html" target="_blank" rel="noopener noreferrer">Creating a Custom Policy</a>. This section provides examples of common CBR custom policies.</p>
+<p id="cbr_03_0050__p8060118">This section provides examples of common custom CBR policies.</p>
 <div class="section" id="cbr_03_0050__section441833517360"><h4 class="sectiontitle">Example Custom Policies</h4><ul id="cbr_03_0050__ul131261824153811"><li id="cbr_03_0050__li15126112423817">Example 1: Allowing users to create, modify, and delete vaults<pre class="screen" id="cbr_03_0050__screen04611727294">{
       "Version": "1.1",
       "Statement": [

docs/cce/api-ref/ALL_META.TXT.json

@@ -140,7 +140,7 @@
 		"githuburl":""
 	},
 	{
-		"uri":"cce_02_0359_0.html",
+		"uri":"cce_02_0359.html",
 		"product_code":"cce",
 		"code":"15",
 		"des":"This API is used to obtain certificates of a specified cluster in form of kubeconfig file.GET /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertTable 1 descr",
@@ -423,7 +423,7 @@
 		"uri":"kubernetesapi.html",
 		"product_code":"cce",
 		"code":"43",
-		"des":"You can use Kubernetes native APIs to manage your Kubernetes clusters. For details, see Kubernetes API Concepts.To find detailed API definitions for different Kubernetes ",
+		"des":"Kubernetes APIs are resource-based (RESTful) programming interfaces provided through HTTP. It supports query, creation, update, and deletion of various cluster resources ",
 		"doc_type":"api2",
 		"kw":"Overview,Kubernetes APIs,API Reference",
 		"title":"Overview",

docs/cce/api-ref/CLASS.TXT.json

@@ -129,7 +129,7 @@
 		"desc":"This API is used to obtain certificates of a specified cluster in form of kubeconfig file.GET /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertTable 1 descr",
 		"product_code":"cce",
 		"title":"Obtaining Cluster Certificates (Deprecated)",
-		"uri":"cce_02_0359_0.html",
+		"uri":"cce_02_0359.html",
 		"doc_type":"api2",
 		"p_code":"6",
 		"code":"15"
@@ -378,7 +378,7 @@
 		"code":"42"
 	},
 	{
-		"desc":"You can use Kubernetes native APIs to manage your Kubernetes clusters. For details, see Kubernetes API Concepts.To find detailed API definitions for different Kubernetes ",
+		"desc":"Kubernetes APIs are resource-based (RESTful) programming interfaces provided through HTTP. It supports query, creation, update, and deletion of various cluster resources ",
 		"product_code":"cce",
 		"title":"Overview",
 		"uri":"kubernetesapi.html",

docs/cce/api-ref/cce_02_0092.html

@@ -20,7 +20,7 @@
 </li>
 <li class="ulchildlink"><strong><a href="cce_02_0248.html">Obtaining Cluster Certificates</a></strong><br>
 </li>
-<li class="ulchildlink"><strong><a href="cce_02_0359_0.html">Obtaining Cluster Certificates (Deprecated)</a></strong><br>
+<li class="ulchildlink"><strong><a href="cce_02_0359.html">Obtaining Cluster Certificates (Deprecated)</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="cce_02_0242.html">Creating a Node</a></strong><br>
 </li>

docs/cce/api-ref/cce_02_0344.html

@@ -3,15 +3,15 @@
 <h1 class="topictitle1">API Usage Guidelines</h1>
 <div id="body1569373330500"><p id="cce_02_0344__p694217218">Cloud APIs comply with the RESTful API design principles. REST-based web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: <em id="cce_02_0344__i8449151122912">https://Endpoint/uri</em>. In the URL, <em id="cce_02_0344__i114521051192914">uri</em> indicates the resource path, that is, the API access path.</p>
 <p id="cce_02_0344__p4816427810259">Cloud APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by <strong id="cce_02_0344__b1025950229154127">Application/json</strong>.</p>
-<ul id="cce_02_0344__ul13319112316819"><li id="cce_02_0344__li43190231280">The URL of APIs described in <a href="cce_02_0092.html">Cluster Management</a> is in the format of <em id="cce_02_0344__i1611453113614">https://Endpoint/uri</em>. In the URL, uri indicates the resource path, that is, the API access path. Use X-Auth-Token as a header.</li><li id="cce_02_0344__li11319132310812">The URL of Kubernetes-native APIs described in <a href="cce_02_0320.html">Add-on Management</a> and <a href="cce_02_0340.html">Kubernetes APIs</a> is in the format of <strong id="cce_02_0344__b1319152318817">https://{clusterid}.Endpoint/uri</strong>. In the URL, {clusterid} indicates a cluster ID, and uri indicates the resource path, that is, the API access path. Use X-Auth-Token as a header.</li><li id="cce_02_0344__li251551565014">The URL of Kubernetes-native APIs is in the format of <strong id="cce_02_0344__b1760920115129">https://{publicip}:5443/uri</strong>. In the URL, <strong id="cce_02_0344__b166093113127">{publicip}</strong> indicates EIP of the cluster, and <strong id="cce_02_0344__b146096111217">uri</strong> indicates the resource path, that is, the API access path. Use X-Remote-User or Authorization as a header.<div class="p" id="cce_02_0344__p1887502514125">Before using X-Remote-User as a header, obtain the required certificate in advance. Two types of certificates are supported:<ul id="cce_02_0344__ul1498525216115"><li id="cce_02_0344__li594175418416">Self-owned certificate uploaded during cluster creation. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0028.html" target="_blank" rel="noopener noreferrer">Creating a Cluster</a>.<p id="cce_02_0344__p519555315"><span><img id="cce_02_0344__image20959154315152" src="en-us_image_0000001121602072.png" title="Click to enlarge" class="imgResize"></span></p>
-</li><li id="cce_02_0344__li119868526113">Cluster certificate generated and downloaded after cluster creation. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0175.html" target="_blank" rel="noopener noreferrer">Obtaining a Cluster Certificate</a>.<p id="cce_02_0344__p2297165721520"><span><img id="cce_02_0344__image97354579155" src="en-us_image_0227096557.png" title="Click to enlarge" class="imgResize"></span></p>
+<ul id="cce_02_0344__ul13319112316819"><li id="cce_02_0344__li43190231280">The URL of APIs described in <a href="cce_02_0092.html">Cluster Management</a> is in the format of <em id="cce_02_0344__i1611453113614">https://Endpoint/uri</em>. In the URL, uri indicates the resource path, that is, the API access path. Use X-Auth-Token as a header.</li><li id="cce_02_0344__li11319132310812">The URL of Kubernetes-native APIs described in <a href="cce_02_0320.html">Add-on Management</a> and <a href="cce_02_0340.html">Kubernetes APIs</a> is in the format of <strong id="cce_02_0344__b1319152318817">https://{clusterid}.Endpoint/uri</strong>. In the URL, {clusterid} indicates a cluster ID, and uri indicates the resource path, that is, the API access path. Use X-Auth-Token as a header.</li><li id="cce_02_0344__li251551565014">The URL of Kubernetes-native APIs is in the format of <strong id="cce_02_0344__b1760920115129">https://{publicip}:5443/uri</strong>. In the URL, <strong id="cce_02_0344__b166093113127">{publicip}</strong> indicates EIP of the cluster, and <strong id="cce_02_0344__b146096111217">uri</strong> indicates the resource path, that is, the API access path. Use X-Remote-User or Authorization as a header.<div class="p" id="cce_02_0344__p1887502514125">Before using X-Remote-User as a header, obtain the required certificate in advance. Two types of certificates are supported:<ul id="cce_02_0344__ul1498525216115"><li id="cce_02_0344__li594175418416">Self-owned certificate uploaded during cluster creation. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0028.html" target="_blank" rel="noopener noreferrer">Creating a Cluster</a>.<p id="cce_02_0344__p519555315"><span><img id="cce_02_0344__image20959154315152" src="en-us_image_0000001121602072.png" title="Click to enlarge" class="imgResize"></span></p>
+</li><li id="cce_02_0344__li119868526113">Cluster certificate generated and downloaded after cluster creation. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0175.html" target="_blank" rel="noopener noreferrer">Obtaining a Cluster Certificate</a>.<p id="cce_02_0344__p2297165721520"><span><img id="cce_02_0344__image97354579155" src="en-us_image_0227096557.png" title="Click to enlarge" class="imgResize"></span></p>
 </li></ul>
 </div>
 </li></ul>
 <p id="cce_02_0344__p156196428514">For details about how to use APIs, see <a href="https://docs.otc.t-systems.com/en-us/api/apiug/apig-en-api-180328001.html?tag=API Documents" target="_blank" rel="noopener noreferrer">API Usage Guidelines</a>.</p>
 <p id="cce_02_0344__p1928010407415">CCE provides two methods to authenticate requests for calling an API: token and AK/SK. Select an authentication method based on actual requirements. If token-based authentication is used, you can call service APIs by using either of the following methods after obtaining a token:</p>
 <ul id="cce_02_0344__ul4552184012514"><li id="cce_02_0344__li17245131773918">Method 1: Add <strong id="cce_02_0344__b16119186394">X-Auth-Token</strong> to the request header and set <strong id="cce_02_0344__b9161823912">X-Auth-Token: ${token}</strong> with the obtained IAM token.</li><li id="cce_02_0344__li1387183419395">Method 2: Add <strong id="cce_02_0344__b1057022318263">Authorization</strong> to the request header and set <strong id="cce_02_0344__b6248243183920">Authorization: Bearer ${token}</strong> with the obtained IAM token or token from Kubernetes service account.</li><li id="cce_02_0344__li89714112401">Method 3: Add <strong id="cce_02_0344__b43089717408">X-Remote-User</strong> to the request header and set <strong id="cce_02_0344__b5208739122619">X-Remote-User</strong>: <strong id="cce_02_0344__b17930741152615">user</strong> with a valid certificate.</li></ul>
-<div class="note" id="cce_02_0344__note162803401947"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_02_0344__p107403334488">Method 3 requires that the CA root certificate must has been uploaded before you create a cluster on the CCE console. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0085.html" target="_blank" rel="noopener noreferrer">Cluster Management Permission Control</a>.</p>
+<div class="note" id="cce_02_0344__note162803401947"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_02_0344__p107403334488">Method 3 requires that the CA root certificate must has been uploaded before you create a cluster on the CCE console.</p>
 </div></div>
 </div>
 

docs/cce/api-ref/kubernetesapi.html

@@ -1,14 +1,11 @@
 <a name="kubernetesapi"></a><a name="kubernetesapi"></a>
 
 <h1 class="topictitle1">Overview</h1>
-<div id="body0000001355453942"><div class="section" id="kubernetesapi__section3701731155417"><h4 class="sectiontitle">Description</h4><p id="kubernetesapi__p155192037173414">You can use Kubernetes native APIs to manage your Kubernetes clusters. For details, see <a href="https://kubernetes.io/docs/reference/using-api/api-concepts/" target="_blank" rel="noopener noreferrer">Kubernetes API Concepts</a>.</p>
-<p id="kubernetesapi__p966734320541">To find detailed API definitions for different Kubernetes versions, visit the following links:</p>
-<ul id="kubernetesapi__ul163062345469"><li id="kubernetesapi__li730693444617">1.19: <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/" target="_blank" rel="noopener noreferrer">https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/</a></li><li id="kubernetesapi__li2277248144615">1.21: <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/" target="_blank" rel="noopener noreferrer">https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/</a></li><li id="kubernetesapi__li1151127194715">1.23: <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/" target="_blank" rel="noopener noreferrer">https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/</a></li><li id="kubernetesapi__li4813199192015">1.25: <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/" target="_blank" rel="noopener noreferrer">https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/</a></li></ul>
-<p id="kubernetesapi__p16108214174613">Based on the open source Kubernetes APIs, CCE enhances and adapts following functions.</p>
-<ul id="kubernetesapi__ul104771927155520"><li id="kubernetesapi__li20477202715511">Ingress: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0252.html" target="_blank" rel="noopener noreferrer">Using kubectl to Create an ELB Ingress</a>.</li><li id="kubernetesapi__li3402181935019">PV and PVC: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0379.html" target="_blank" rel="noopener noreferrer">PV</a> and <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0378.html" target="_blank" rel="noopener noreferrer">PVC</a>.<ul id="kubernetesapi__ul1086971985015"><li id="kubernetesapi__li1477627165520">EVS: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0257.html" target="_blank" rel="noopener noreferrer">Creating a Pod Mounted with an EVS Volume</a>.</li><li id="kubernetesapi__li12263113011517">SFS Turbo: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0274.html" target="_blank" rel="noopener noreferrer">Creating a Deployment Mounted with an SFS Turbo Volume</a> and <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0273.html" target="_blank" rel="noopener noreferrer">Creating a StatefulSet Mounted with an SFS Turbo Volume</a>.</li><li id="kubernetesapi__li916333445011">OBS: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0269.html" target="_blank" rel="noopener noreferrer">Creating a Deployment Mounted with an OBS Volume</a> and <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0268.html" target="_blank" rel="noopener noreferrer">Creating a StatefulSet Mounted with an OBS Volume</a>.</li><li id="kubernetesapi__li1162512911544">SFS: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0263.html" target="_blank" rel="noopener noreferrer">Creating a Deployment Mounted with an SFS Volume</a> and <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0262.html" target="_blank" rel="noopener noreferrer">Creating a StatefulSet Mounted with an SFS Volume</a>.</li></ul>
-</li><li id="kubernetesapi__li8207150145715">Network Policies: For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0059.html" target="_blank" rel="noopener noreferrer">Network Policies</a>.</li></ul>
+<div id="body0000001355453942"><div class="section" id="kubernetesapi__section3701731155417"><h4 class="sectiontitle">Description</h4><p id="kubernetesapi__p8472102118288">Kubernetes APIs are resource-based (RESTful) programming interfaces provided through HTTP. It supports query, creation, update, and deletion of various cluster resources using standard HTTP request methods (POST, PUT, PATCH, DELETE, and GET).</p>
+<p id="kubernetesapi__p8472521172810">CCE allows you to use native <a href="https://kubernetes.io/docs/reference/kubernetes-api/" target="_blank" rel="noopener noreferrer">Kubernetes APIs</a> in the following ways:</p>
+<ul id="kubernetesapi__ul129695315280"><li id="kubernetesapi__li596915313282"><a href="#kubernetesapi__section41207155509">Calling Kubernetes APIs Through API Gateway</a></li><li id="kubernetesapi__li11831714192814"><a href="#kubernetesapi__section14674391312">Calling Kubernetes APIs Through the API Server</a></li></ul>
 </div>
-<div class="section" id="kubernetesapi__section41207155509"><h4 class="sectiontitle">Calling Kubernetes APIs Through API Gateway</h4><p id="kubernetesapi__p1777710173595">You can call Kubernetes native APIs through API Gateway using the URL in the format of <strong id="kubernetesapi__b178956281620">https://{<em id="kubernetesapi__i33322331464">clusterid</em>}.Endpoint/<em id="kubernetesapi__i694334415612">uri</em></strong>. In the URL, <em id="kubernetesapi__i111421351869">{clusterid}</em> indicates the cluster ID, and <em id="kubernetesapi__i121431235169">uri</em> indicates the resource path, that is, the path for API access.</p>
+<div class="section" id="kubernetesapi__section41207155509"><a name="kubernetesapi__section41207155509"></a><a name="section41207155509"></a><h4 class="sectiontitle">Calling Kubernetes APIs Through API Gateway</h4><p id="kubernetesapi__p1777710173595">You can call Kubernetes native APIs through API Gateway using the URL in the format of <strong id="kubernetesapi__b178956281620">https://{<em id="kubernetesapi__i33322331464">clusterid</em>}.Endpoint/<em id="kubernetesapi__i694334415612">uri</em></strong>. In the URL, <em id="kubernetesapi__i111421351869">{clusterid}</em> indicates the cluster ID, and <em id="kubernetesapi__i121431235169">uri</em> indicates the resource path, that is, the path for API access.</p>
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kubernetesapi__table7272144324912" frame="border" border="1" rules="all"><caption><b>Table 1 </b>URL parameters</caption><thead align="left"><tr id="kubernetesapi__en-us_topic_0092901339_row12957510145518"><th align="left" class="cellrowborder" valign="top" width="24.529999999999998%" id="mcps1.3.2.3.2.3.1.1"><p id="kubernetesapi__en-us_topic_0092901339_p195751012559">Parameter</p>
 </th>
@@ -35,7 +32,7 @@
 </table>
 </div>
 </div>
-<div class="section" id="kubernetesapi__section14674391312"><h4 class="sectiontitle">Calling Kubernetes APIs Through the API Server</h4><p id="kubernetesapi__p1248519452209">You can use the API server of a Kubernetes cluster to call Kubernetes native APIs.</p>
+<div class="section" id="kubernetesapi__section14674391312"><a name="kubernetesapi__section14674391312"></a><a name="section14674391312"></a><h4 class="sectiontitle">Calling Kubernetes APIs Through the API Server</h4><p id="kubernetesapi__p1248519452209">You can use the API server of a Kubernetes cluster to call Kubernetes native APIs.</p>
 <ol id="kubernetesapi__ol1420332061712"><li id="kubernetesapi__li1013775412177"><span>Call the <a href="cce_02_0248.html">API for obtaining the cluster certificate</a> to obtain the cluster certificates.</span><p><p id="kubernetesapi__p10926184211419">There are three certificates:</p>
 <ul id="kubernetesapi__ul934641310465"><li id="kubernetesapi__li834691314620">ca.crt</li><li id="kubernetesapi__li8347413184614">client.crt</li><li id="kubernetesapi__li1434717138467">client.key</li></ul>
 </p></li><li id="kubernetesapi__li14730103613179"><span>Go to the cluster details page and obtain the API server address (private or public network address).</span><p><p id="kubernetesapi__p16832192924218">With the certificates and API server address, you can call Kubernetes native APIs.</p>

docs/cce/api-ref/node_storage_example.html

@@ -66,7 +66,7 @@ vgcreate ${vgName} ${storageDevice}</pre>
 		"login": {
 			"userPassword": {
 				"username": "root",
-				"password": "JDYkbzhEbE90ckIkY1c0SWJzRy9WeVIzcDFVbC41NFVqa1pxenE0bW9naERlS2RCWEIyWlhqSlpWSjJrL2NmcmdWeE12NGh4T25DeDhlMTdrREVSM2dicHdZNmYzZXh5dy4="
+				"password": "******"
 			}
 		},
 		"storage": {
@@ -152,7 +152,7 @@ vgcreate ${vgName} ${storageDevice}</pre>
 		"login": {
 			"userPassword": {
 				"username": "root",
-				"password": "JDYkRmJPckIwRkMkR3RXTkFsNmYvNlAxSDdOTUhYSHZmWjQ0b0ttODRzTDk0L1NzMzRIaHBsQVJkRTZiOGI0WTVJbUtSLlF5aTAuTUpwbGZqdHBTdkYxOU9peGZPV2FUYi4="
+				"password": "******"
 			}
 		},
 		"storage": {
@@ -263,7 +263,7 @@ vgcreate ${vgName} ${storageDevice}</pre>
         "login": {
             "userPassword": {
                 "username": "root",
-                "password": "JDYkbzhEbE90ckIkY1c0SWJzRy9WeVIzcDFVbC41NFVqa1pxenE0bW9naERlS2RCWEIyWlhqSlpWSjJrL2NmcmdWeE12NGh4T25DeDhlMTdrREVSM2dicHdZNmYzZXh5dy4="
+                "password": "******"
             }
         },
         "storage": {

docs/cce/umn/cce_01_0091.html

@@ -1,9 +1,16 @@
 <a name="cce_01_0091"></a><a name="cce_01_0091"></a>
 
 <h1 class="topictitle1">What Is Cloud Container Engine?</h1>
-<div id="body0000001151475048"><p id="cce_01_0091__p828704812214">Cloud Container Engine (CCE) provides highly scalable, high-performance, enterprise-class Kubernetes clusters and supports Docker containers. With CCE, you can easily deploy, manage, and scale containerized applications on the cloud.</p>
-<p id="cce_01_0091__p7288114822214">CCE is deeply integrated with the public cloud services, including high-performance computing (ECS), network (VPC, EIP, and ELB), and storage (EVS and SFS) services. It supports heterogeneous computing architectures such as GPU, ARM, and FPGA. By using multi-AZ and multi-region disaster recovery, CCE ensures high availability of Kubernetes clusters.</p>
-<p id="cce_01_0091__p1495073743620">You can use CCE through the console, kubectl, and <a href="https://docs.otc.t-systems.com/en-us/api2/cce/cce_02_0344.html" target="_blank" rel="noopener noreferrer">APIs</a>. Before using the CCE service, learn about the concepts related to Kubernetes. For details, see <a href="https://kubernetes.io/docs/concepts/" target="_blank" rel="noopener noreferrer">https://kubernetes.io/docs/concepts/</a>.</p>
-<ul id="cce_01_0091__ul2085315361497"><li id="cce_01_0091__li1985318365917">Junior users: You are advised to use the console. The console provides an intuitive interface for you to complete operations such as creating clusters or workloads.</li><li id="cce_01_0091__li162315481992">Advanced users: If you have experience in using kubectl, you are advised to use the kubectl, and <a href="https://docs.otc.t-systems.com/en-us/api2/cce/cce_02_0344.html" target="_blank" rel="noopener noreferrer">APIs</a> to perform operations. For details, see <a href="https://kubernetes.io/docs/concepts/overview/kubernetes-api/" target="_blank" rel="noopener noreferrer">Kubernetes APIs</a> and <a href="https://kubernetes.io/docs/reference/kubectl/overview/" target="_blank" rel="noopener noreferrer">kubectl CLI</a>.</li></ul>
+<div id="body32001227"><div class="section" id="cce_01_0091__en-us_topic_0000001499406010_section8343153913519"><h4 class="sectiontitle">Why CCE?</h4><p id="cce_01_0091__en-us_topic_0000001499406010_p72395598519">CCE is a one-stop platform integrating compute, networking, storage, and many other services. Supporting multi-AZ and multi-region disaster recovery, CCE ensures high availability of <a href="https://kubernetes.io/" target="_blank" rel="noopener noreferrer">Kubernetes</a> clusters.</p>
+<p id="cce_01_0091__en-us_topic_0000001499406010_p1220816614522">For more information, see <a href="cce_productdesc_0003.html#cce_productdesc_0003">Product Advantages</a> and <a href="cce_productdesc_0007.html#cce_productdesc_0007">Application Scenarios</a>.</p>
+</div>
+<div class="section" id="cce_01_0091__en-us_topic_0000001499406010_section14578149155310"><h4 class="sectiontitle">Accessing CCE</h4><p id="cce_01_0091__en-us_topic_0000001499406010_p124041812145418">You can use CCE via the CCE console, kubectl, or Kubernetes APIs. <a href="#cce_01_0091__en-us_topic_0000001499406010_fig3404612135411">Figure 1</a> shows the process.</p>
+<div class="fignone" id="cce_01_0091__en-us_topic_0000001499406010_fig3404612135411"><a name="cce_01_0091__en-us_topic_0000001499406010_fig3404612135411"></a><a name="en-us_topic_0000001499406010_fig3404612135411"></a><span class="figcap"><b>Figure 1 </b>Accessing CCE</span><br><span><img id="cce_01_0091__en-us_topic_0000001499406010_image104041112125417" src="en-us_image_0000001499565914.png"></span></div>
+</div>
+</div>
+<div>
+<div class="familylinks">
+<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000001550437509.html">Service Overview</a></div>
+</div>
 </div>
 

docs/cce/umn/cce_01_0300.html

@@ -8,7 +8,12 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="cce_01_0300__row181091826101811"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p1510922618183">2023-02-10</p>
+<tbody><tr id="cce_01_0300__row450749103813"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p195076943820">2023-05-30</p>
+</td>
+<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><ul id="cce_01_0300__ul1843612311567"><li id="cce_01_0300__li14362312065">Added<a href="cce_10_0652.html">Configuring a Node Pool</a>.</li><li id="cce_01_0300__li48641237869">Added<a href="cce_10_0684.html">Configuring Health Check for Multiple Ports</a>.</li><li id="cce_01_0300__li152057919719">Updated<a href="cce_10_0363.html">Creating a Node</a>.</li><li id="cce_01_0300__li53955101178">Updated<a href="cce_10_0012.html">Creating a Node Pool</a>.</li><li id="cce_01_0300__li16648154715219">Updated<a href="cce_bulletin_0301.html">OS Patch Notes for Cluster Nodes</a>.</li><li id="cce_01_0300__li7404516102217">Updated<a href="cce_productdesc_0005.html">Notes and Constraints</a>.</li></ul>
+</td>
+</tr>
+<tr id="cce_01_0300__row181091826101811"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p1510922618183">2023-02-10</p>
 </td>
 <td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><ul id="cce_01_0300__ul262319241116"><li id="cce_01_0300__li192921356122114">Supported the creation of clusters of v1.25.</li><li id="cce_01_0300__li12638261224">Added <a href="cce_10_0466.html">Configuring Pod Security Admission</a>.</li><li id="cce_01_0300__li1238583891617">Added <a href="cce_bulletin_0011.html">Vulnerability Fixing Policies</a>.</li><li id="cce_01_0300__li1132183918530">Updated <a href="cce_10_0252.html">Using kubectl to Create an ELB Ingress</a>.</li></ul>
 </td>

docs/cce/umn/cce_01_9994.html

@@ -1,15 +0,0 @@
-<a name="cce_01_9994"></a><a name="cce_01_9994"></a>
-
-<h1 class="topictitle1">Obtaining Resource Permissions</h1>
-<div id="body32001227"><div class="p" id="cce_01_9994__en-us_topic_0000001162706450_p8060118">CCE works closely with multiple cloud services to support computing, storage, networking, and monitoring functions. When you log in to the CCE console for the first time, CCE automatically requests permissions to access those cloud services in the region where you run your applications. Specifically:<ul id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_ul3701191818917"><li id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li10701131818911">Compute services<p id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_p1087644518126"><a name="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li10701131818911"></a><a name="en-us_topic_0000001162706450_en-us_topic_0130767462_li10701131818911"></a>When you create a node in a cluster, an ECS is created accordingly. The prerequisite is that CCE have obtained the permissions to access Elastic Cloud Service (ECS).</p>
-</li><li id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li183546439915">Storage services<p id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_p1726215716134"><a name="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li183546439915"></a><a name="en-us_topic_0000001162706450_en-us_topic_0130767462_li183546439915"></a>CCE allows you to mount storage to nodes and containers in a cluster. The prerequisite is that CCE have obtained the permissions to access services such as Elastic Volume Service (EVS), Scalable File Service (SFS), and Object Storage Service (OBS).</p>
-</li><li id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li1982014497913">Networking services<p id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_p113391343111318"><a name="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li1982014497913"></a><a name="en-us_topic_0000001162706450_en-us_topic_0130767462_li1982014497913"></a>CCE allows containers in a cluster to be published as services that can be accessed by external systems. The prerequisite is that CCE have obtained the permissions to access services such as Virtual Private Cloud (VPC) and Elastic Load Balance (ELB).</p>
-</li><li id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li1828065516916">Container and monitoring services<p id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_p99237594139"><a name="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_li1828065516916"></a><a name="en-us_topic_0000001162706450_en-us_topic_0130767462_li1828065516916"></a>CCE supports functions such as container image pulling, monitoring, and logging. The prerequisite is that CCE have obtained the permissions to access services such as SoftWare Repository for Container (SWR) and Application Operations Management (AOM).</p>
-</li></ul>
-</div>
-<p id="cce_01_9994__en-us_topic_0000001162706450_p175118118157">After you agree to delegate the permissions, an agency named <strong id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_b1568916310405">cce_admin_trust</strong> will be created for CCE in Identity and Access Management (IAM). The system account <strong id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_b48571932174019">op_svc_cce</strong> will be delegated the <strong id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_b981339420">Tenant Administrator</strong> role to perform operations on other cloud service resources. Tenant Administrator has the permissions on all cloud services except IAM, which calls the cloud services on which CCE depends. The delegation takes effect only in the current region. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0054.html" target="_blank" rel="noopener noreferrer">Delegating Resource Access to Another Account</a>.</p>
-<p id="cce_01_9994__en-us_topic_0000001162706450_p46591740151520">To use CCE in multiple regions, you need to request cloud resource permissions in each region. You can go to the IAM console, choose <strong id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_b867181312472">Agencies</strong>, and click <strong id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_b111022114549">cce_admin_trust</strong> to view the delegation records of each region.</p>
-<div class="note" id="cce_01_9994__en-us_topic_0000001162706450_note158231511201611"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_p124671324103315">CCE may fail to run as expected if the Tenant Administrator role is not assigned. Therefore, do not delete or modify the <strong id="cce_01_9994__en-us_topic_0000001162706450_en-us_topic_0130767462_b17463155175611">cce_admin_trust</strong> agency when using CCE.</p>
-</div></div>
-</div>
-

docs/cce/umn/cce_01_9996.html

@@ -93,7 +93,7 @@
 </td>
 <td class="cellrowborder" valign="top" width="33.33666633336666%" headers="mcps1.3.3.2.2.2.2.2.4.1.2 "><p id="cce_01_9996__p1226813566192">This parameter does not exist in CCE 1.0. Set this parameter based on your requirements.</p>
 </td>
-<td class="cellrowborder" valign="top" width="33.33666633336666%" headers="mcps1.3.3.2.2.2.2.2.4.1.3 "><p id="cce_01_9996__p13737141735611">By default, <span class="uicontrol" id="cce_01_9996__uicontrol13753167101316"><b>RBAC</b></span> is selected. Read <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0189.html" target="_blank" rel="noopener noreferrer">Namespace Permissions (Kubernetes RBAC-based)</a> and select <span class="uicontrol" id="cce_01_9996__uicontrol1663915553130"><b>I am aware of the above limitations and read the CCE Role Management Instructions</b></span>.</p>
+<td class="cellrowborder" valign="top" width="33.33666633336666%" headers="mcps1.3.3.2.2.2.2.2.4.1.3 "><p id="cce_01_9996__p13737141735611">By default, <span class="uicontrol" id="cce_01_9996__uicontrol13753167101316"><b>RBAC</b></span> is selected. Read <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0189.html" target="_blank" rel="noopener noreferrer">Namespace Permissions (Kubernetes RBAC-based)</a> and select <span class="uicontrol" id="cce_01_9996__uicontrol1663915553130"><b>I am aware of the above limitations and read the CCE Role Management Instructions</b></span>.</p>
 <p id="cce_01_9996__p16141515161117">After RBAC is enabled, users access resources in the cluster according to fine-grained permissions policies.</p>
 </td>
 </tr>
@@ -101,7 +101,7 @@
 </td>
 <td class="cellrowborder" valign="top" width="33.33666633336666%" headers="mcps1.3.3.2.2.2.2.2.4.1.2 "><p id="cce_01_9996__p1214101252312">This parameter does not exist in CCE 1.0. Set this parameter based on your requirements.</p>
 </td>
-<td class="cellrowborder" valign="top" width="33.33666633336666%" headers="mcps1.3.3.2.2.2.2.2.4.1.3 "><p id="cce_01_9996__p933784218111">The authentication mechanism performs permission control on resources in a cluster. For example, you can grant user A to read and write applications in a namespace, while granting user B to only read resources in a cluster. For details about role-based permission control, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0085.html" target="_blank" rel="noopener noreferrer">Controlling Cluster Permissions</a>.</p>
+<td class="cellrowborder" valign="top" width="33.33666633336666%" headers="mcps1.3.3.2.2.2.2.2.4.1.3 "><p id="cce_01_9996__p933784218111">The authentication mechanism performs permission control on resources in a cluster. For example, you can grant user A to read and write applications in a namespace, while granting user B to only read resources in a cluster. For details about role-based permission control, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0189.html" target="_blank" rel="noopener noreferrer">Namespace Permissions (Kubernetes RBAC-based)</a>.</p>
 <ul id="cce_01_9996__ul208851410646"><li id="cce_01_9996__li198851101547">By default, X.509 authentication instead of <span class="uicontrol" id="cce_01_9996__uicontrol1371105874614"><b>Enhanced authentication</b></span> is enabled. X.509 is a standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols.</li><li id="cce_01_9996__li1033718534516">If permission control on a cluster is required, select <strong id="cce_01_9996__b1631132022213">Enhanced authentication</strong> and then <strong id="cce_01_9996__b113212042216">Authenticating Proxy</strong>.<p id="cce_01_9996__p129632614510">Click <strong id="cce_01_9996__b185463373227">Upload</strong> next to <strong id="cce_01_9996__b1354616374228">CA Root Certificate</strong> to upload a valid certificate. Select the check box to confirm that the uploaded certificate is valid.</p>
 <p id="cce_01_9996__p36719411534">If the certificate is invalid, the cluster cannot be created. The uploaded certificate file must be smaller than 1 MB and in .crt or .cer format.</p>
 </li></ul>
@@ -159,7 +159,7 @@
 <tr id="cce_01_9996__row178313381813"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.5.2.1.2.4.1.1 "><p id="cce_01_9996__p08318320187">OS</p>
 </td>
 <td class="cellrowborder" valign="top" headers="mcps1.3.3.2.5.2.1.2.4.1.2 "><p id="cce_01_9996__p1258174011292">Select an operating system for the node.</p>
-<p id="cce_01_9996__p47999261331">Reinstalling OSs or modifying OS configurations could make nodes unavailable. Exercise caution when performing these operations. For more information, see <a href="cce_bulletin_0054.html">Risky Operations on Cluster Nodes</a>.</p>
+<p id="cce_01_9996__p47999261331">Reinstalling OSs or modifying OS configurations could make nodes unavailable. Exercise caution when performing these operations. For more information, see <a href="cce_10_0054.html">High-Risk Operations and Solutions</a>.</p>
 </td>
 </tr>
 <tr id="cce_01_9996__row950585532910"><td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.2.5.2.1.2.4.1.1 "><p id="cce_01_9996__p25051955142914">VPC</p>
@@ -290,7 +290,7 @@
 </table>
 </div>
 </p></li><li id="cce_01_9996__li62331449191411"><span>Click <span class="uicontrol" id="cce_01_9996__uicontrol09511938122317"><b>Next</b></span> to install add-ons.</span><p><p id="cce_01_9996__p16242151917508">System resource add-ons must be installed. Advanced functional add-ons are optional.</p>
-<p id="cce_01_9996__p987031411110">You can also install optional add-ons after the cluster is created. To do so, choose <span class="uicontrol" id="cce_01_9996__uicontrol143592045195114"><b>Add-ons</b></span> in the navigation pane of the CCE console and select the add-on you will install. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_01_0064.html" target="_blank" rel="noopener noreferrer">Add-ons</a>.</p>
+<p id="cce_01_9996__p987031411110">You can also install optional add-ons after the cluster is created. To do so, choose <span class="uicontrol" id="cce_01_9996__uicontrol143592045195114"><b>Add-ons</b></span> in the navigation pane of the CCE console and select the add-on you will install. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual2/cce/cce_10_0064.html" target="_blank" rel="noopener noreferrer">Add-ons</a>.</p>
 </p></li><li id="cce_01_9996__li15071642201916"><span>Click <strong id="cce_01_9996__b1627013211343">Create Now</strong>. Check all the configurations, and click <strong id="cce_01_9996__b8661184415419">Submit</strong>.</span><p><p id="cce_01_9996__p1150715424195">It takes 6 to 10 minutes to create a cluster. Information indicating the progress of the creation process will be displayed.</p>
 </p></li></ol>
 </div>

docs/cce/umn/cce_10_0002.html

@@ -12,6 +12,8 @@
 </li>
 <li class="ulchildlink"><strong><a href="cce_10_0068.html">Release Notes</a></strong><br>
 </li>
+<li class="ulchildlink"><strong><a href="cce_10_0405.html">Cluster Patch Version Release Notes</a></strong><br>
+</li>
 </ul>
 
 <div class="familylinks">

docs/cce/umn/cce_10_0006.html

@@ -4,12 +4,12 @@
 <div id="body1522665832344"><p id="cce_10_0006__p11116113204610">CCE provides Kubernetes-native container deployment and management and supports lifecycle management of container workloads, including creation, configuration, monitoring, auto scaling, upgrade, uninstall, service discovery, and load balancing.</p>
 <div class="section" id="cce_10_0006__section9645114684816"><h4 class="sectiontitle">Pod</h4><p id="cce_10_0006__en-us_topic_0254767870_p356108173515">A pod is the smallest and simplest unit in the Kubernetes object model that you create or deploy. A pod encapsulates one or more containers, storage volumes, a unique network IP address, and options that govern how the containers should run.</p>
 <p id="cce_10_0006__en-us_topic_0254767870_p4629172611480">Pods can be used in either of the following ways:</p>
-<ul id="cce_10_0006__en-us_topic_0254767870_ul062982617481"><li id="cce_10_0006__en-us_topic_0254767870_li1629172611482">A container is running in a pod. This is the most common usage of pods in Kubernetes. You can view the pod as a single encapsulated container, but Kubernetes directly manages pods instead of containers.</li><li id="cce_10_0006__en-us_topic_0254767870_li1962932615480">Multiple containers that need to be coupled and share resources run in a pod. In this scenario, an application contains a main container and several sidecar containers, as shown in <a href="#cce_10_0006__en-us_topic_0254767870_fig347141918551">Figure 1</a>. For example, the main container is a web server that provides file services from a fixed directory, and a sidecar container periodically downloads files to the directory.<div class="fignone" id="cce_10_0006__en-us_topic_0254767870_fig347141918551"><a name="cce_10_0006__en-us_topic_0254767870_fig347141918551"></a><a name="en-us_topic_0254767870_fig347141918551"></a><span class="figcap"><b>Figure 1 </b>Pod</span><br><span><img id="cce_10_0006__en-us_topic_0254767870_image1835215316361" src="en-us_image_0258392378.png"></span></div>
+<ul id="cce_10_0006__en-us_topic_0254767870_ul062982617481"><li id="cce_10_0006__en-us_topic_0254767870_li1629172611482">A container is running in a pod. This is the most common usage of pods in Kubernetes. You can view the pod as a single encapsulated container, but Kubernetes directly manages pods instead of containers.</li><li id="cce_10_0006__en-us_topic_0254767870_li1962932615480">Multiple containers that need to be coupled and share resources run in a pod. In this scenario, an application contains a main container and several sidecar containers, as shown in <a href="#cce_10_0006__en-us_topic_0254767870_fig347141918551">Figure 1</a>. For example, the main container is a web server that provides file services from a fixed directory, and a sidecar container periodically downloads files to the directory.<div class="fignone" id="cce_10_0006__en-us_topic_0254767870_fig347141918551"><a name="cce_10_0006__en-us_topic_0254767870_fig347141918551"></a><a name="en-us_topic_0254767870_fig347141918551"></a><span class="figcap"><b>Figure 1 </b>Pod</span><br><span><img id="cce_10_0006__en-us_topic_0254767870_image1835215316361" src="en-us_image_0000001518222716.png"></span></div>
 </li></ul>
 <p id="cce_10_0006__en-us_topic_0254767870_p9163143619182">In Kubernetes, pods are rarely created directly. Instead, controllers such as Deployments and jobs, are used to manage pods. Controllers can create and manage multiple pods, and provide replica management, rolling upgrade, and self-healing capabilities. A controller generally uses a pod template to create corresponding pods.</p>
 </div>
 <div class="section" id="cce_10_0006__section1972719357496"><h4 class="sectiontitle">Deployment</h4><p id="cce_10_0006__en-us_topic_0249851113_p13243347131615">A pod is the smallest and simplest unit that you create or deploy in Kubernetes. It is designed to be an ephemeral, one-off entity. A pod can be evicted when node resources are insufficient and disappears along with a cluster node failure. Kubernetes provides controllers to manage pods. Controllers can create and manage pods, and provide replica management, rolling upgrade, and self-healing capabilities. The most commonly used controller is Deployment.</p>
-<div class="fignone" id="cce_10_0006__en-us_topic_0249851113_fig12546173933714"><span class="figcap"><b>Figure 2 </b>Relationship between a Deployment and pods</span><br><span><img id="cce_10_0006__en-us_topic_0249851113_image5671529113711" src="en-us_image_0258095884.png"></span></div>
+<div class="fignone" id="cce_10_0006__en-us_topic_0249851113_fig12546173933714"><span class="figcap"><b>Figure 2 </b>Relationship between a Deployment and pods</span><br><span><img id="cce_10_0006__en-us_topic_0249851113_image5671529113711" src="en-us_image_0000001569023033.png"></span></div>
 <p id="cce_10_0006__en-us_topic_0249851113_p35371248184511">A Deployment can contain one or more pods. These pods have the same role. Therefore, the system automatically distributes requests to multiple pods of a Deployment.</p>
 <p id="cce_10_0006__en-us_topic_0249851113_p11715188281">A Deployment integrates a lot of functions, including online deployment, rolling upgrade, replica creation, and restoration of online jobs. To some extent, Deployments can be used to realize unattended rollout, which greatly reduces difficulties and operation risks in the rollout process.</p>
 </div>
@@ -18,12 +18,12 @@
 <p id="cce_10_0006__en-us_topic_0249896621_p97277467269">With detailed analysis, it is found that each part of distributed stateful applications plays a different role. For example, the database nodes are deployed in active/standby mode, and pods are dependent on each other. In this case, you need to meet the following requirements for the pods:</p>
 <ul id="cce_10_0006__en-us_topic_0249896621_ul1181724132317"><li id="cce_10_0006__en-us_topic_0249896621_li10181102419231">A pod can be recognized by other pods. Therefore, a pod must have a fixed identifier.</li><li id="cce_10_0006__en-us_topic_0249896621_li81819249237">Each pod has an independent storage device. After a pod is deleted and then restored, the data read from the pod must be the same as the previous one. Otherwise, the pod status is inconsistent.</li></ul>
 <p id="cce_10_0006__en-us_topic_0249896621_p929315724313">To address the preceding requirements, Kubernetes provides StatefulSets.</p>
-<ol id="cce_10_0006__en-us_topic_0249896621_ol117020203559"><li id="cce_10_0006__en-us_topic_0249896621_li183871501692">A StatefulSet provides a fixed name for each pod following a fixed number ranging from 0 to N. After a pod is rescheduled, the pod name and the host name remain unchanged.</li><li id="cce_10_0006__en-us_topic_0249896621_li1789810518913">A StatefulSet provides a fixed access domain name for each pod through the headless Service (described in following sections).</li><li id="cce_10_0006__en-us_topic_0249896621_li43183204569">The StatefulSet creates PersistentVolumeClaims (PVCs) with fixed identifiers to ensure that pods can access the same persistent data after being rescheduled.<p id="cce_10_0006__en-us_topic_0249896621_p8536185392116"><a name="cce_10_0006__en-us_topic_0249896621_li43183204569"></a><a name="en-us_topic_0249896621_li43183204569"></a><span><img id="cce_10_0006__en-us_topic_0249896621_image9125145402111" src="en-us_image_0258203193.png"></span></p>
+<ol id="cce_10_0006__en-us_topic_0249896621_ol117020203559"><li id="cce_10_0006__en-us_topic_0249896621_li183871501692">A StatefulSet provides a fixed name for each pod following a fixed number ranging from 0 to N. After a pod is rescheduled, the pod name and the host name remain unchanged.</li><li id="cce_10_0006__en-us_topic_0249896621_li1789810518913">A StatefulSet provides a fixed access domain name for each pod through the headless Service (described in following sections).</li><li id="cce_10_0006__en-us_topic_0249896621_li43183204569">The StatefulSet creates PersistentVolumeClaims (PVCs) with fixed identifiers to ensure that pods can access the same persistent data after being rescheduled.<p id="cce_10_0006__en-us_topic_0249896621_p8536185392116"><a name="cce_10_0006__en-us_topic_0249896621_li43183204569"></a><a name="en-us_topic_0249896621_li43183204569"></a><span><img id="cce_10_0006__en-us_topic_0249896621_image9125145402111" src="en-us_image_0000001517743628.png"></span></p>
 </li></ol>
 </div>
 <div class="section" id="cce_10_0006__section7846281504"><h4 class="sectiontitle">DaemonSet</h4><p id="cce_10_0006__en-us_topic_0249851114_p441104813815">A DaemonSet runs a pod on each node in a cluster and ensures that there is only one pod. This works well for certain system-level applications, such as log collection and resource monitoring, since they must run on each node and need only a few pods. A good example is kube-proxy.</p>
 <p id="cce_10_0006__en-us_topic_0249851114_p5986375820">DaemonSets are closely related to nodes. If a node becomes faulty, the DaemonSet will not create the same pods on other nodes.</p>
-<div class="fignone" id="cce_10_0006__en-us_topic_0249851114_fig27588261914"><span class="figcap"><b>Figure 3 </b>DaemonSet</span><br><span><img id="cce_10_0006__en-us_topic_0249851114_image13336133243518" src="en-us_image_0258871213.png"></span></div>
+<div class="fignone" id="cce_10_0006__en-us_topic_0249851114_fig27588261914"><span class="figcap"><b>Figure 3 </b>DaemonSet</span><br><span><img id="cce_10_0006__en-us_topic_0249851114_image13336133243518" src="en-us_image_0000001518062772.png"></span></div>
 </div>
 <div class="section" id="cce_10_0006__section153173319578"><h4 class="sectiontitle">Job and Cron Job</h4><p id="cce_10_0006__en-us_topic_0249851115_p10889736123218">Jobs and cron jobs allow you to run short lived, one-off tasks in batch. They ensure the task pods run to completion.</p>
 <ul id="cce_10_0006__en-us_topic_0249851115_ul197714911354"><li id="cce_10_0006__en-us_topic_0249851115_li47711097352">A job is a resource object used by Kubernetes to control batch tasks. Jobs are different from long-term servo tasks (such as Deployments and StatefulSets). The former is started and terminated at specific times, while the latter runs unceasingly unless being terminated. The pods managed by a job will be automatically removed after successfully completing tasks based on user configurations.</li><li id="cce_10_0006__en-us_topic_0249851115_li249061111353">A cron job runs a job periodically on a specified schedule. A cron job object is similar to a line of a crontab file in Linux.</li></ul>

docs/cce/umn/cce_10_0010.html

@@ -4,7 +4,7 @@
 <div id="body1522665832344"><p id="cce_10_0010__p13310145119810">You can learn about a cluster network from the following two aspects:</p>
 <ul id="cce_10_0010__ul65247121891"><li id="cce_10_0010__li14524161214917">What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are running on the nodes. Nodes and containers need to communicate with each other. For details about the cluster network types and their functions, see <a href="#cce_10_0010__section1131733719195">Cluster Network Structure</a>.</li><li id="cce_10_0010__li55241612391">How is pod access implemented in a cluster? Accessing a pod or container is a process of accessing services of a user. Kubernetes provides <a href="#cce_10_0010__section1860619221134">Service</a> and <a href="#cce_10_0010__section1248852094313">Ingress</a> to address pod access issues. This section summarizes common network access scenarios. You can select the proper scenario based on site requirements. For details about the network access scenarios, see <a href="#cce_10_0010__section1286493159">Access Scenarios</a>.</li></ul>
 <div class="section" id="cce_10_0010__section1131733719195"><a name="cce_10_0010__section1131733719195"></a><a name="section1131733719195"></a><h4 class="sectiontitle">Cluster Network Structure</h4><p id="cce_10_0010__p3299181794916">All nodes in the cluster are located in a VPC and use the VPC network. The container network is managed by dedicated network add-ons.</p>
-<p id="cce_10_0010__p452843519446"><span><img id="cce_10_0010__image94831936164418" src="en-us_image_0000001199181334.png"></span></p>
+<p id="cce_10_0010__p452843519446"><span><img id="cce_10_0010__image94831936164418" src="en-us_image_0000001518222536.png"></span></p>
 <ul id="cce_10_0010__ul1916179122617"><li id="cce_10_0010__li13455145754315"><strong id="cce_10_0010__b19468105563811">Node Network</strong><p id="cce_10_0010__p17682193014812">A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. You need to select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.</p>
 </li><li id="cce_10_0010__li16131141644715"><strong id="cce_10_0010__b1975815172433">Container Network</strong><p id="cce_10_0010__p523322010499">A container network assigns IP addresses to containers in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.</p>
 <p id="cce_10_0010__p3753153443514">Currently, CCE supports the following container network models:</p>
@@ -14,20 +14,20 @@
 </li></ul>
 </div>
 <div class="section" id="cce_10_0010__section1860619221134"><a name="cce_10_0010__section1860619221134"></a><a name="section1860619221134"></a><h4 class="sectiontitle">Service</h4><p id="cce_10_0010__p314709111318">A Service is used for pod access. With a fixed IP address, a Service forwards access traffic to pods and performs load balancing for these pods.</p>
-<div class="fignone" id="cce_10_0010__en-us_topic_0249851121_fig163156154816"><span class="figcap"><b>Figure 1 </b>Accessing pods through a Service</span><br><span><img id="cce_10_0010__en-us_topic_0249851121_image1926812771312" src="en-us_image_0258889981.png"></span></div>
+<div class="fignone" id="cce_10_0010__en-us_topic_0249851121_fig163156154816"><span class="figcap"><b>Figure 1 </b>Accessing pods through a Service</span><br><span><img id="cce_10_0010__en-us_topic_0249851121_image1926812771312" src="en-us_image_0000001517743432.png"></span></div>
 <p id="cce_10_0010__p831948183818">You can configure the following types of Services:</p>
 <ul id="cce_10_0010__ul953218444116"><li id="cce_10_0010__li87791418174620">ClusterIP: used to make the Service only reachable from within a cluster.</li><li id="cce_10_0010__li17876227144612">NodePort: used for access from outside a cluster. A NodePort Service is accessed through the port on the node.</li><li id="cce_10_0010__li94953274615">LoadBalancer: used for access from outside a cluster. It is an extension of NodePort, to which a load balancer routes, and external systems only need to access the load balancer.</li></ul>
 <p id="cce_10_0010__p1677717174140">For details about the Service, see <a href="cce_10_0249.html">Service Overview</a>.</p>
 </div>
 <div class="section" id="cce_10_0010__section1248852094313"><a name="cce_10_0010__section1248852094313"></a><a name="section1248852094313"></a><h4 class="sectiontitle">Ingress</h4><p id="cce_10_0010__p96672218193">Services forward requests using layer-4 TCP and UDP protocols. Ingresses forward requests using layer-7 HTTP and HTTPS protocols. Domain names and paths can be used to achieve finer granularities.</p>
-<div class="fignone" id="cce_10_0010__fig816719454212"><span class="figcap"><b>Figure 2 </b>Ingress and Service</span><br><span><img id="cce_10_0010__en-us_topic_0249851122_image8371183511310" src="en-us_image_0258961458.png"></span></div>
+<div class="fignone" id="cce_10_0010__fig816719454212"><span class="figcap"><b>Figure 2 </b>Ingress-Service</span><br><span><img id="cce_10_0010__en-us_topic_0249851122_image8371183511310" src="en-us_image_0000001517903016.png"></span></div>
 <p id="cce_10_0010__p174691141141410">For details about the ingress, see <a href="cce_10_0094.html">Ingress Overview</a>.</p>
 </div>
 <div class="section" id="cce_10_0010__section1286493159"><a name="cce_10_0010__section1286493159"></a><a name="section1286493159"></a><h4 class="sectiontitle">Access Scenarios</h4><p id="cce_10_0010__p1558001514155">Workload access scenarios can be categorized as follows:</p>
-<ul id="cce_10_0010__ul125010117542"><li id="cce_10_0010__li1466355519018">Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.</li><li id="cce_10_0010__li1014011111110">Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.<ul id="cce_10_0010__ul101426119117"><li id="cce_10_0010__li1014213113116">Access through the internet requires an EIP to be bound the node or load balancer.</li><li id="cce_10_0010__li2501311125411">Access through an intranet uses only the intranet IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.</li></ul>
-</li><li id="cce_10_0010__li1066365520014">External access initiated by a workload:<ul id="cce_10_0010__ul17529512239"><li id="cce_10_0010__li26601017165619">Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block. </li><li id="cce_10_0010__li8257105318237">Accessing a public network: You need to assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see <a href="cce_10_0400.html">Accessing Public Networks from a Container</a>.</li></ul>
+<ul id="cce_10_0010__ul125010117542"><li id="cce_10_0010__li1466355519018">Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.</li><li id="cce_10_0010__li1014011111110">Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.<ul id="cce_10_0010__ul101426119117"><li id="cce_10_0010__li8904911447">Access through the internet requires an EIP to be bound the node or load balancer.</li><li id="cce_10_0010__li2501311125411">Access through the intranet requires an internal IP address to be bound the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.</li></ul>
+</li><li id="cce_10_0010__li1066365520014">The workload accesses the external network.<ul id="cce_10_0010__ul17529512239"><li id="cce_10_0010__li26601017165619">Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block. </li><li id="cce_10_0010__li8257105318237">Accessing a public network: You need to assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see <a href="cce_10_0400.html">Accessing Public Networks from a Container</a>.</li></ul>
 </li></ul>
-<div class="fignone" id="cce_10_0010__fig13795829151515"><span class="figcap"><b>Figure 3 </b>Network access diagram</span><br><span><img id="cce_10_0010__image445972519529" src="en-us_image_0000001244261169.png"></span></div>
+<div class="fignone" id="cce_10_0010__fig13795829151515"><span class="figcap"><b>Figure 3 </b>Network access diagram</span><br><span><img id="cce_10_0010__image445972519529" src="en-us_image_0000001568822741.png"></span></div>
 </div>
 </div>
 <div>

docs/cce/umn/cce_10_0011.html

@@ -4,7 +4,7 @@
 <div id="body1522736584192"><div class="section" id="cce_10_0011__section13559184110492"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0011__p32401248184910">ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.</p>
 <p id="cce_10_0011__p653753053815">The cluster-internal domain name format is <em id="cce_10_0011__i8179113533712">&lt;Service name&gt;</em>.<em id="cce_10_0011__i14179133519374">&lt;Namespace of the workload&gt;</em><strong id="cce_10_0011__b164892813716">.svc.cluster.local:</strong><em id="cce_10_0011__i19337102815712">&lt;Port&gt;</em>, for example, <strong id="cce_10_0011__b8115811381">nginx.default.svc.cluster.local:80</strong>.</p>
 <p id="cce_10_0011__p1778412445517"><a href="#cce_10_0011__fig192245420557">Figure 1</a> shows the mapping relationships between access channels, container ports, and access ports.</p>
-<div class="fignone" id="cce_10_0011__fig192245420557"><a name="cce_10_0011__fig192245420557"></a><a name="fig192245420557"></a><span class="figcap"><b>Figure 1 </b>Intra-cluster access (ClusterIP)</span><br><span><img id="cce_10_0011__image1942163010278" src="en-us_image_0000001243981117.png"></span></div>
+<div class="fignone" id="cce_10_0011__fig192245420557"><a name="cce_10_0011__fig192245420557"></a><a name="fig192245420557"></a><span class="figcap"><b>Figure 1 </b>Intra-cluster access (ClusterIP)</span><br><span><img id="cce_10_0011__image1942163010278" src="en-us_image_0000001569023045.png"></span></div>
 </div>
 <div class="section" id="cce_10_0011__section51925078171335"><h4 class="sectiontitle">Creating a ClusterIP Service</h4><ol id="cce_10_0011__ol1321170617144"><li id="cce_10_0011__li41731123658"><span>Log in to the CCE console and access the cluster console.</span></li><li id="cce_10_0011__li836916478329"><span>Choose <strong id="cce_10_0011__b85507206148">Networking</strong> in the navigation pane and click <strong id="cce_10_0011__b1938115214148">Create Service</strong> in the upper right corner.</span></li><li id="cce_10_0011__li3476651017144"><span>Set intra-cluster access parameters.</span><p><ul id="cce_10_0011__ul4446314017144"><li id="cce_10_0011__li6462394317144"><strong id="cce_10_0011__b181470402505">Service Name</strong>: Service name, which can be the same as the workload name.</li><li id="cce_10_0011__li89543531070"><strong id="cce_10_0011__b2091115317145">Service Type</strong>: Select <strong id="cce_10_0011__b291265312145">ClusterIP</strong>.</li><li id="cce_10_0011__li4800017144"><strong id="cce_10_0011__b3997151161512">Namespace</strong>: Namespace to which the workload belongs.</li><li id="cce_10_0011__li43200017144"><strong id="cce_10_0011__b16251723161514">Selector</strong>: Add a label and click <strong id="cce_10_0011__b157041550131611">Add</strong>. A Service selects a pod based on the added label. You can also click <strong id="cce_10_0011__b796831114161">Reference Workload Label</strong> to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click <strong id="cce_10_0011__b1117311264160">OK</strong>.</li><li id="cce_10_0011__li388800117144"><strong id="cce_10_0011__b150413392315954">Port Settings</strong><ul id="cce_10_0011__ul13757123384316"><li id="cce_10_0011__li475711338435"><strong id="cce_10_0011__b712192113108">Protocol</strong>: protocol used by the Service.</li><li id="cce_10_0011__li353122153610"><strong id="cce_10_0011__b2766425101013">Service Port</strong>: port used by the Service. The port number ranges from 1 to 65535.</li><li id="cce_10_0011__li177581033194316"><strong id="cce_10_0011__b2045852761014">Container Port</strong>: port on which the workload listens. For example, Nginx uses port 80 by default.</li></ul>
 </li></ul>

docs/cce/umn/cce_10_0014.html

@@ -4,20 +4,20 @@
 <div id="body1522736584192"><div class="section" id="cce_10_0014__section19854101411508"><a name="cce_10_0014__section19854101411508"></a><a name="section19854101411508"></a><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0014__p1858152125017">A workload can be accessed from public networks through a load balancer, which is more secure and reliable than EIP.</p>
 <p id="cce_10_0014__p18345124185316">The LoadBalancer access address is in the format of &lt;IP address of public network load balancer&gt;:&lt;access port&gt;, for example, <strong id="cce_10_0014__b11546131414542">10.117.117.117:80</strong>.</p>
 <p id="cce_10_0014__p7801158125217">In this access mode, requests are transmitted through an ELB load balancer to a node and then forwarded to the destination pod through the Service.</p>
-<div class="fignone" id="cce_10_0014__fig1454926316508"><span class="figcap"><b>Figure 1 </b>LoadBalancer</span><br><span><img id="cce_10_0014__image846021786" src="en-us_image_0000001244141181.png"></span></div>
+<div class="fignone" id="cce_10_0014__fig1454926316508"><span class="figcap"><b>Figure 1 </b>LoadBalancer</span><br><span><img id="cce_10_0014__image846021786" src="en-us_image_0000001569022961.png"></span></div>
 <p id="cce_10_0014__p3662933103112">When <strong id="cce_10_0014__b7582529103312">CCE Turbo clusters and dedicated load balancers</strong> are used, passthrough networking is supported to reduce service latency and ensure zero performance loss.</p>
 <p id="cce_10_0014__p655815372328">External access requests are directly forwarded from a load balancer to pods. Internal access requests can be forwarded to a pod through a Service.</p>
-<div class="fignone" id="cce_10_0014__fig44531612193618"><span class="figcap"><b>Figure 2 </b>Passthrough networking</span><br><span><img id="cce_10_0014__image5485375324" src="en-us_image_0000001249073211.png"></span></div>
+<div class="fignone" id="cce_10_0014__fig44531612193618"><span class="figcap"><b>Figure 2 </b>Passthrough networking</span><br><span><img id="cce_10_0014__image5485375324" src="en-us_image_0000001517903124.png"></span></div>
 </div>
 <div class="section" id="cce_10_0014__section11642143794611"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0014__ul1801539464"><li id="cce_10_0014__li1529952816473">LoadBalancer Services allow workloads to be accessed from public networks through <strong id="cce_10_0014__b1511118124819">ELB</strong>. This access mode has the following restrictions:<ul id="cce_10_0014__ul1241483374717"><li id="cce_10_0014__li162242024131019">It is recommended that automatically created load balancers not be used by other resources. Otherwise, these load balancers cannot be completely deleted, causing residual resources.</li><li id="cce_10_0014__li1080453124610">Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.</li></ul>
 </li><li id="cce_10_0014__li128551156114310">After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. You are advised not to modify the Service affinity setting after the Service is created. If you need to modify it, create a Service again.</li><li id="cce_10_0014__li1553715571314">If the service affinity is set to the node level (that is, <strong id="cce_10_0014__b16405133417613">externalTrafficPolicy</strong> is set to <strong id="cce_10_0014__b12712364614">Local</strong>), the cluster may fail to access the Service by using the ELB address. For details, see <a href="#cce_10_0014__section52631714117">Why a Cluster Fails to Access Services by Using the ELB Address</a>.</li><li id="cce_10_0014__li62831358182017">CCE Turbo clusters support only cluster-level service affinity.</li><li id="cce_10_0014__li35821536336">Dedicated ELB load balancers can be used only in clusters of v1.17 and later.</li><li id="cce_10_0014__li188391194225">Dedicated load balancers must be the network type (TCP/UDP) supporting private networks (with a private IP). If the Service needs to support HTTP, the specifications of dedicated load balancers must use HTTP/HTTPS (application load balancing) in addition to TCP/UDP (network load balancing).</li><li id="cce_10_0014__li2627549105716">If you create a LoadBalancer Service on the CCE console, a random node port is automatically generated. If you use kubectl to create a LoadBalancer Service, a random node port is generated unless you specify one.</li><li id="cce_10_0014__li93797513138">In a CCE cluster, if the cluster-level affinity is configured for a LoadBalancer Service, requests are distributed to the node ports of each node using SNAT when entering the cluster. The number of node ports cannot exceed the number of available node ports on the node. If the Service affinity is at the node level (local), there is no such constraint. In a CCE Turbo cluster, this constraint applies to shared ELB load balancers, but not dedicated ones. You are advised to use dedicated ELB load balancers in CCE Turbo clusters.</li><li id="cce_10_0014__li1031414582416">When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.</li><li id="cce_10_0014__li202253469362">In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.</li></ul>
 </div>
 <div class="section" id="cce_10_0014__section1325012312139"><h4 class="sectiontitle">Creating a LoadBalancer Service</h4><ol id="cce_10_0014__ol751935681319"><li id="cce_10_0014__li41731123658"><span>Log in to the CCE console and click the cluster name to access the cluster.</span></li><li id="cce_10_0014__li1651955651312"><span>Choose <strong id="cce_10_0014__b20811412124117">Networking</strong> in the navigation pane and click <strong id="cce_10_0014__b4811612104119">Create Service</strong> in the upper right corner.</span></li><li id="cce_10_0014__li185190567138"><span>Set parameters.</span><p><ul id="cce_10_0014__ul4446314017144"><li id="cce_10_0014__li6462394317144"><strong id="cce_10_0014__b186253818421">Service Name</strong>: Specify a Service name, which can be the same as the workload name.</li><li id="cce_10_0014__li89543531070"><strong id="cce_10_0014__b555284112425">Access Type</strong>: Select <strong id="cce_10_0014__b655313416422">LoadBalancer</strong>.</li><li id="cce_10_0014__li4800017144"><strong id="cce_10_0014__b462512137439">Namespace</strong>: Namespace to which the workload belongs.</li><li id="cce_10_0014__li1758110116149"><strong id="cce_10_0014__b325014537434">Service Affinity</strong>: For details, see <a href="cce_10_0142.html#cce_10_0142__section18134208069">externalTrafficPolicy (Service Affinity)</a>.<ul id="cce_10_0014__ul158101161412"><li id="cce_10_0014__li105815113141"><strong id="cce_10_0014__b16659151119444">Cluster level</strong>: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.</li><li id="cce_10_0014__li185817117145"><strong id="cce_10_0014__b187631494415">Node level</strong>: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.</li></ul>
 </li><li id="cce_10_0014__li43200017144"><strong id="cce_10_0014__b964616495410">Selector</strong>: Add a label and click <strong id="cce_10_0014__b1664616492411">Add</strong>. A Service selects a pod based on the added label. You can also click <strong id="cce_10_0014__b13284181916449">Reference Workload Label</strong> to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click <strong id="cce_10_0014__b18284181915445">OK</strong>.</li><li id="cce_10_0014__li14384123818176"><strong id="cce_10_0014__b2310182654418">Load Balancer</strong><p id="cce_10_0014__p4855423189">Select the load balancer to interconnect. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click <strong id="cce_10_0014__b1221291200">Create Load Balancer</strong> to create one on the ELB console.</p>
-<p id="cce_10_0014__p17766202114215">You can click <strong id="cce_10_0014__b135601348463">Edit</strong> and configure load balancer parameters in the <strong id="cce_10_0014__b72171221472">Load Balancer</strong> dialog box.</p>
+<p id="cce_10_0014__p17766202114215">You can click the edit icon in the row of <strong id="cce_10_0014__b4667115817168">Set ELB</strong> to configure load balancer parameters.</p>
 <ul id="cce_10_0014__ul943963914228"><li id="cce_10_0014__li8170555132211"><strong id="cce_10_0014__b169881428124716">Distribution Policy</strong>: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.<div class="note" id="cce_10_0014__note14170205516225"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0014__ul1717075520227"><li id="cce_10_0014__li15170955152215"><strong id="cce_10_0014__b8139183255011">Weighted round robin</strong>: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.</li><li id="cce_10_0014__li12170185532213"><strong id="cce_10_0014__b9879547125012">Weighted least connections</strong>: In addition to the weight assigned to each server, the number of connections processed by each backend server is also considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on <strong id="cce_10_0014__b19132751145011">least connections</strong>, the <strong id="cce_10_0014__b71328516505">weighted least connections</strong> algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.</li><li id="cce_10_0014__li0170105502211"><strong id="cce_10_0014__b8109955125015">Source IP hash</strong>: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.</li></ul>
 </div></div>
-</li><li id="cce_10_0014__li0170115513227"><strong id="cce_10_0014__b43411498117">Type</strong>: This function is disabled by default. You can select <strong id="cce_10_0014__b0394332121213">Source IP address</strong>. Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.</li><li id="cce_10_0014__li14170655112210"><strong id="cce_10_0014__b9887155318122">Health Check</strong>: This function is disabled by default. The health check is for the load balancer. When TCP is selected during the <a href="#cce_10_0014__li388800117144">port settings</a>, you can choose either TCP or HTTP. When UDP is selected during the <a href="#cce_10_0014__li388800117144">port settings</a>, only UDP is supported.. By default, the service port (Node Port and container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named <strong id="cce_10_0014__b159511449710">cce-healthz</strong> will be added for the Service.</li></ul>
+</li><li id="cce_10_0014__li0170115513227"><strong id="cce_10_0014__b43411498117">Type</strong>: This function is disabled by default. You can select <strong id="cce_10_0014__b0394332121213">Source IP address</strong>. Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.</li><li id="cce_10_0014__li14170655112210"><strong id="cce_10_0014__b166191646173">Health Check</strong>: configured for the load balancer. When TCP is selected during the <a href="#cce_10_0014__li388800117144">port settings</a>, you can choose either TCP or HTTP. When UDP is selected during the <a href="#cce_10_0014__li388800117144">port settings</a>, only UDP is supported.. By default, the service port (Node Port and container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named <strong id="cce_10_0014__b159511449710">cce-healthz</strong> will be added for the Service.</li></ul>
 </li><li id="cce_10_0014__li388800117144"><a name="cce_10_0014__li388800117144"></a><a name="li388800117144"></a><strong id="cce_10_0014__b89301584315175">Port Settings</strong><ul id="cce_10_0014__ul3499201217144"><li id="cce_10_0014__li4649265917144"><strong id="cce_10_0014__b147114610479">Protocol</strong>: protocol used by the Service.</li><li id="cce_10_0014__li353122153610"><strong id="cce_10_0014__b69812211813">Service Port</strong>: port used by the Service. The port number ranges from 1 to 65535.</li><li id="cce_10_0014__li475042104417"><strong id="cce_10_0014__b7688424818">Container Port</strong>: port on which the workload listens. For example, Nginx uses port 80 by default.</li></ul>
 </li><li id="cce_10_0014__li104962251243"><strong id="cce_10_0014__b12052012556">Annotation</strong>: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see <a href="cce_10_0385.html">Service Annotations</a>. When you use kubectl to create a container, annotations will be used. For details, see <a href="#cce_10_0014__section1984211714368">Using kubectl to Create a Service (Using an Existing Load Balancer)</a> and <a href="#cce_10_0014__section12168131904611">Using kubectl to Create a Service (Automatically Creating a Load Balancer)</a>.</li></ul>
 </p></li><li id="cce_10_0014__li552017569135"><span>Click <strong id="cce_10_0014__b911916813568">OK</strong>.</span></li></ol>
@@ -272,11 +272,11 @@ spec:
 kubernetes   ClusterIP      10.247.0.1       &lt;none&gt;        443/TCP        3d
 <strong id="cce_10_0014__b1214411223310">nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s</strong></pre>
 </p></li><li id="cce_10_0014__li167017242"><span>Enter the URL in the address box of the browser, for example, <strong id="cce_10_0014__b842352706164951">10.78.42.242:80</strong>. <strong id="cce_10_0014__b84235270616505">10.78.42.242</strong> indicates the IP address of the load balancer, and <strong id="cce_10_0014__b842352706165024">80</strong> indicates the access port displayed on the CCE console.</span><p><p id="cce_10_0014__p167058343415">The Nginx is accessible.</p>
-<div class="fignone" id="cce_10_0014__fig1498213713356"><span class="figcap"><b>Figure 3 </b>Accessing Nginx through the LoadBalancer Service</span><br><span><img id="cce_10_0014__image4983479359" src="en-us_image_0000001243981181.png"></span></div>
+<div class="fignone" id="cce_10_0014__fig1498213713356"><span class="figcap"><b>Figure 3 </b>Accessing Nginx through the LoadBalancer Service</span><br><span><img id="cce_10_0014__image4983479359" src="en-us_image_0000001569182677.png"></span></div>
 </p></li></ol>
 </div>
 <div class="section" id="cce_10_0014__section12168131904611"><a name="cce_10_0014__section12168131904611"></a><a name="section12168131904611"></a><h4 class="sectiontitle">Using kubectl to Create a Service (Automatically Creating a Load Balancer)</h4><p id="cce_10_0014__p1036918271467">You can add a Service when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.</p>
-<ol id="cce_10_0014__ol1236962794610"><li id="cce_10_0014__li103401710124914"><span>Use kubectl to connect to the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0014__li337012724615"><span>Create and edit the <strong id="cce_10_0014__b1160504865">nginx-deployment.yaml</strong> and <strong id="cce_10_0014__b748957890">nginx-elb-svc.yaml</strong> files.</span><p><p id="cce_10_0014__p1137014271463">The file names are user-defined. <strong id="cce_10_0014__b1621345180">nginx-deployment.yaml</strong> and <strong id="cce_10_0014__b83395749">nginx-elb-svc.yaml</strong> are merely example file names.</p>
+<ol id="cce_10_0014__ol1236962794610"><li id="cce_10_0014__li103401710124914"><span>Use kubectl to connect to the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0014__li337012724615"><span>Create and edit the <strong id="cce_10_0014__b1606652833">nginx-deployment.yaml</strong> and <strong id="cce_10_0014__b291529992">nginx-elb-svc.yaml</strong> files.</span><p><p id="cce_10_0014__p1137014271463">The file names are user-defined. <strong id="cce_10_0014__b799277615">nginx-deployment.yaml</strong> and <strong id="cce_10_0014__b594514403">nginx-elb-svc.yaml</strong> are merely example file names.</p>
 <p id="cce_10_0014__p153702275465"><strong id="cce_10_0014__b13370127184617">vi nginx-deployment.yaml</strong></p>
 <pre class="screen" id="cce_10_0014__screen17370112710466">apiVersion: apps/v1
 kind: Deployment
@@ -381,7 +381,7 @@ spec:
 </td>
 <td class="cellrowborder" valign="top" width="49.19%" headers="mcps1.3.5.3.2.2.9.2.5.1.4 "><p id="cce_10_0014__p17331169135014">Select a proper load balancer type as required.</p>
 <p id="cce_10_0014__p143311298508">The value can be:</p>
-<ul id="cce_10_0014__ul3415201212612"><li id="cce_10_0014__cce_10_0014_li735384716395"><strong id="cce_10_0014__cce_10_0014_b3322231123015">union</strong>: shared load balancer</li><li id="cce_10_0014__cce_10_0014_li1535310477392"><strong id="cce_10_0014__cce_10_0014_b1118173493014">performance</strong>: dedicated load balancer, which can be used only in clusters of v1.17 and later.</li></ul>
+<ul id="cce_10_0014__ul3415201212612"><li id="cce_10_0014__en-us_topic_0000001243981073_li735384716395"><strong id="cce_10_0014__b486405467">union</strong>: shared load balancer</li><li id="cce_10_0014__en-us_topic_0000001243981073_li1535310477392"><strong id="cce_10_0014__b167451413695">performance</strong>: dedicated load balancer, which can be used only in clusters of v1.17 and later.</li></ul>
 </td>
 </tr>
 <tr id="cce_10_0014__row790233013543"><td class="cellrowborder" valign="top" width="24.85%" headers="mcps1.3.5.3.2.2.9.2.5.1.1 "><p id="cce_10_0014__p143324917501">kubernetes.io/elb.subnet-id</p>
@@ -422,10 +422,10 @@ spec:
 </td>
 <td class="cellrowborder" valign="top" width="13.639999999999999%" headers="mcps1.3.5.3.2.2.9.2.5.1.3 "><p id="cce_10_0014__p933315995019">String</p>
 </td>
-<td class="cellrowborder" valign="top" width="49.19%" headers="mcps1.3.5.3.2.2.9.2.5.1.4 "><p id="cce_10_0014__p0333699508">This parameter indicates the load balancing algorithm of the backend server group. The default value is <strong id="cce_10_0014__b978088805">ROUND_ROBIN</strong>.</p>
+<td class="cellrowborder" valign="top" width="49.19%" headers="mcps1.3.5.3.2.2.9.2.5.1.4 "><p id="cce_10_0014__p0333699508">This parameter indicates the load balancing algorithm of the backend server group. The default value is <strong id="cce_10_0014__b1080902346">ROUND_ROBIN</strong>.</p>
 <p id="cce_10_0014__p6333198503">Options:</p>
-<ul id="cce_10_0014__ul13337919508"><li id="cce_10_0014__li3333893501"><strong id="cce_10_0014__b917257088">ROUND_ROBIN</strong>: weighted round robin algorithm</li><li id="cce_10_0014__li93331191509"><strong id="cce_10_0014__b463671576">LEAST_CONNECTIONS</strong>: weighted least connections algorithm</li><li id="cce_10_0014__li1333379105016"><strong id="cce_10_0014__b1835281429">SOURCE_IP</strong>: source IP hash algorithm</li></ul>
-<p id="cce_10_0014__p833315910507">When the value is <strong id="cce_10_0014__b1391706822">SOURCE_IP</strong>, the weights of backend servers in the server group are invalid.</p>
+<ul id="cce_10_0014__ul13337919508"><li id="cce_10_0014__li3333893501"><strong id="cce_10_0014__b1497936315">ROUND_ROBIN</strong>: weighted round robin algorithm</li><li id="cce_10_0014__li93331191509"><strong id="cce_10_0014__b1755179996">LEAST_CONNECTIONS</strong>: weighted least connections algorithm</li><li id="cce_10_0014__li1333379105016"><strong id="cce_10_0014__b2003040388">SOURCE_IP</strong>: source IP hash algorithm</li></ul>
+<p id="cce_10_0014__p833315910507">When the value is <strong id="cce_10_0014__b346635155">SOURCE_IP</strong>, the weights of backend servers in the server group are invalid.</p>
 </td>
 </tr>
 <tr id="cce_10_0014__row1533329185018"><td class="cellrowborder" valign="top" width="24.85%" headers="mcps1.3.5.3.2.2.9.2.5.1.1 "><p id="cce_10_0014__p1533313905015">kubernetes.io/elb.health-check-flag</p>
@@ -435,7 +435,7 @@ spec:
 <td class="cellrowborder" valign="top" width="13.639999999999999%" headers="mcps1.3.5.3.2.2.9.2.5.1.3 "><p id="cce_10_0014__p16333993504">String</p>
 </td>
 <td class="cellrowborder" valign="top" width="49.19%" headers="mcps1.3.5.3.2.2.9.2.5.1.4 "><p id="cce_10_0014__p1833315910509">Whether to enable the ELB health check.</p>
-<ul id="cce_10_0014__ul19333199205012"><li id="cce_10_0014__li8333109155020">Enabling health check: Leave blank this parameter or set it to <strong id="cce_10_0014__b750650087">on</strong>.</li><li id="cce_10_0014__li103330914504">Disabling health check: Set this parameter to <strong id="cce_10_0014__b2044845713">off</strong>.</li></ul>
+<ul id="cce_10_0014__ul19333199205012"><li id="cce_10_0014__li8333109155020">Enabling health check: Leave blank this parameter or set it to <strong id="cce_10_0014__b2035367413">on</strong>.</li><li id="cce_10_0014__li103330914504">Disabling health check: Set this parameter to <strong id="cce_10_0014__b522599623">off</strong>.</li></ul>
 <p id="cce_10_0014__p510323641317">If this parameter is enabled, the <a href="#cce_10_0014__table236017471397">kubernetes.io/elb.health-check-option</a> field must also be specified at the same time.</p>
 </td>
 </tr>
@@ -455,7 +455,7 @@ spec:
 <td class="cellrowborder" valign="top" width="13.639999999999999%" headers="mcps1.3.5.3.2.2.9.2.5.1.3 "><p id="cce_10_0014__p43315965016">String</p>
 </td>
 <td class="cellrowborder" valign="top" width="49.19%" headers="mcps1.3.5.3.2.2.9.2.5.1.4 "><p id="cce_10_0014__p533113915503">Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.</p>
-<ul id="cce_10_0014__ul113311191508"><li id="cce_10_0014__li11331189195017">Disabling sticky session: Do not set this parameter.</li><li id="cce_10_0014__li133313914502">Enabling sticky session: Set this parameter to <strong id="cce_10_0014__b1268304995">SOURCE_IP</strong>, indicating that the sticky session is based on the source IP address.</li></ul>
+<ul id="cce_10_0014__ul113311191508"><li id="cce_10_0014__li11331189195017">Disabling sticky session: Do not set this parameter.</li><li id="cce_10_0014__li133313914502">Enabling sticky session: Set this parameter to <strong id="cce_10_0014__b1430522096">SOURCE_IP</strong>, indicating that the sticky session is based on the source IP address.</li></ul>
 </td>
 </tr>
 <tr id="cce_10_0014__row1421317512156"><td class="cellrowborder" valign="top" width="24.85%" headers="mcps1.3.5.3.2.2.9.2.5.1.1 "><p id="cce_10_0014__p12624252121514">kubernetes.io/elb.session-affinity-option</p>
@@ -633,8 +633,8 @@ spec:
 <pre class="screen" id="cce_10_0014__screen94033273464">NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
 kubernetes   ClusterIP      10.247.0.1       &lt;none&gt;        443/TCP        3d
 <strong id="cce_10_0014__b15405527194615">nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s</strong></pre>
-</p></li><li id="cce_10_0014__li1940672734614"><span>Enter the URL in the address box of the browser, for example, <strong id="cce_10_0014__b737105175">10.78.42.242:80</strong>. <strong id="cce_10_0014__b2104019463">10.78.42.242</strong> indicates the IP address of the load balancer, and <strong id="cce_10_0014__b1360465659">80</strong> indicates the access port displayed on the CCE console.</span><p><p id="cce_10_0014__p184066272466">The Nginx is accessible.</p>
-<div class="fignone" id="cce_10_0014__fig2406102717469"><span class="figcap"><b>Figure 4 </b>Accessing Nginx through the LoadBalancer Service</span><br><span><img id="cce_10_0014__image13406827194620" src="en-us_image_0000001199021334.png"></span></div>
+</p></li><li id="cce_10_0014__li1940672734614"><span>Enter the URL in the address box of the browser, for example, <strong id="cce_10_0014__b1816549858">10.78.42.242:80</strong>. <strong id="cce_10_0014__b1608201852">10.78.42.242</strong> indicates the IP address of the load balancer, and <strong id="cce_10_0014__b152673428">80</strong> indicates the access port displayed on the CCE console.</span><p><p id="cce_10_0014__p184066272466">The Nginx is accessible.</p>
+<div class="fignone" id="cce_10_0014__fig2406102717469"><span class="figcap"><b>Figure 4 </b>Accessing Nginx through the LoadBalancer Service</span><br><span><img id="cce_10_0014__image13406827194620" src="en-us_image_0000001517743552.png"></span></div>
 </p></li></ol>
 </div>
 <div class="section" id="cce_10_0014__section18120261746"><h4 class="sectiontitle">ELB Forwarding</h4><p id="cce_10_0014__p394033612383">After a Service of the LoadBalancer type is created, you can view the listener forwarding rules of the load balancer on the ELB console.</p>
@@ -651,11 +651,11 @@ kubernetes   ClusterIP      10.247.0.1       &lt;none&gt;        443/TCP
 </td>
 <td class="cellrowborder" valign="top" width="10.768923107689233%"><p id="cce_10_0014__p895021493310">Client</p>
 </td>
-<td class="cellrowborder" valign="top" width="15.608439156084392%"><p id="cce_10_0014__p7950111483311">Tunnel Network Cluster (IPVS)</p>
+<td class="cellrowborder" valign="top" width="15.608439156084392%"><p id="cce_10_0014__p7950111483311">Container Tunnel Network Cluster (IPVS)</p>
 </td>
 <td class="cellrowborder" valign="top" width="17.588241175882413%"><p id="cce_10_0014__p995011423320">VPC Network Cluster (IPVS)</p>
 </td>
-<td class="cellrowborder" valign="top" width="18.21817818218178%"><p id="cce_10_0014__p18950201416330">Tunnel Network Cluster (iptables)</p>
+<td class="cellrowborder" valign="top" width="18.21817818218178%"><p id="cce_10_0014__p18950201416330">Container Tunnel Network Cluster (iptables)</p>
 </td>
 <td class="cellrowborder" valign="top" width="19.52804719528047%"><p id="cce_10_0014__p1595151433311">VPC Network Cluster (iptables)</p>
 </td>

docs/cce/umn/cce_10_0018.html

@@ -4,7 +4,7 @@
 <div id="body1522667123001"><p id="cce_10_0018__p78381781804">CCE works with AOM to collect workload logs. When creating a node, CCE installs the ICAgent for you (the DaemonSet named <strong id="cce_10_0018__b3710330164314">icagent</strong> in the kube-system namespace of the cluster). After the ICAgent collects workload logs and reports them to AOM, you can view workload logs on the CCE or AOM console.</p>
 <div class="section" id="cce_10_0018__section17884754413"><h4 class="sectiontitle">Notes and Constraints</h4><p id="cce_10_0018__p23831558355">The ICAgent only collects <strong id="cce_10_0018__b39280572146">*.log</strong>, <strong id="cce_10_0018__b1793513574146">*.trace</strong>, and <strong id="cce_10_0018__b29351157191412">*.out</strong> text log files.</p>
 </div>
-<div class="section" id="cce_10_0018__section1951732710"><h4 class="sectiontitle">Using ICAgent to Collect Logs</h4><ol id="cce_10_0018__ol1253654833013"><li id="cce_10_0018__li19284854163014"><span>When <a href="cce_10_0047.html">creating a workload</a>, set logging for the container.</span></li><li id="cce_10_0018__li2427158104715"><span>Click <span><img id="cce_10_0018__image134281583473" src="en-us_image_0000001206876656.png"></span> to add a log policy.</span><p><div class="p" id="cce_10_0018__p9862125810472">The following uses Nginx as an example. Log policies vary depending on workloads.<div class="fignone" id="cce_10_0018__fig19856172153216"><span class="figcap"><b>Figure 1 </b>Adding a log policy</span><br><span><img id="cce_10_0018__image168953502558" src="en-us_image_0000001199181298.png"></span></div>
+<div class="section" id="cce_10_0018__section1951732710"><h4 class="sectiontitle">Using ICAgent to Collect Logs</h4><ol id="cce_10_0018__ol1253654833013"><li id="cce_10_0018__li19284854163014"><span>When <a href="cce_10_0047.html">creating a workload</a>, set logging for the container.</span></li><li id="cce_10_0018__li2427158104715"><span>Click <span><img id="cce_10_0018__image134281583473" src="en-us_image_0000001569182673.png"></span> to add a log policy.</span><p><div class="p" id="cce_10_0018__p9862125810472">The following uses Nginx as an example. Log policies vary depending on workloads.<div class="fignone" id="cce_10_0018__fig19856172153216"><span class="figcap"><b>Figure 1 </b>Adding a log policy</span><br><span><img id="cce_10_0018__image168953502558" src="en-us_image_0000001569022957.png"></span></div>
 </div>
 </p></li><li id="cce_10_0018__li1479392315150"><span>Set <strong id="cce_10_0018__b5461630195419">Storage Type</strong> to <span class="uicontrol" id="cce_10_0018__uicontrol105212302547"><b>Host Path</b></span> or <span class="uicontrol" id="cce_10_0018__uicontrol1752103095410"><b>Container Path</b></span>.</span><p>
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0018__table115901715550" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuring log policies</caption><thead align="left"><tr id="cce_10_0018__row45851074554"><th align="left" class="cellrowborder" valign="top" width="22.12%" id="mcps1.3.3.2.3.2.1.2.3.1.1"><p id="cce_10_0018__p115843785517">Parameter</p>
@@ -135,7 +135,7 @@ spec:
 
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0018__table1332817095114" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameter description</caption><thead align="left"><tr id="cce_10_0018__row63291603518"><th align="left" class="cellrowborder" valign="top" width="17.06%" id="mcps1.3.4.7.2.4.1.1"><p id="cce_10_0018__p53291009514">Parameter</p>
 </th>
-<th align="left" class="cellrowborder" valign="top" width="19.23%" id="mcps1.3.4.7.2.4.1.2"><p id="cce_10_0018__p3329208519">Explanation</p>
+<th align="left" class="cellrowborder" valign="top" width="19.23%" id="mcps1.3.4.7.2.4.1.2"><p id="cce_10_0018__p3329208519">Description</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="63.71%" id="mcps1.3.4.7.2.4.1.3"><p id="cce_10_0018__p93291706517">Description</p>
 </th>
@@ -146,8 +146,8 @@ spec:
 <td class="cellrowborder" valign="top" width="19.23%" headers="mcps1.3.4.7.2.4.1.2 "><p id="cce_10_0018__p6329709512">Extended host path</p>
 </td>
 <td class="cellrowborder" valign="top" width="63.71%" headers="mcps1.3.4.7.2.4.1.3 "><p id="cce_10_0018__p32881805119">Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.</p>
-<p id="cce_10_0018__p1728888115112">A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single <span class="keyword" id="cce_10_0018__keyword2000378939">Pod</span>.</p>
-<ul id="cce_10_0018__ul2028828105113"><li id="cce_10_0018__li428815865110"><strong id="cce_10_0018__b379208072">None</strong>: No extended path is configured. </li><li id="cce_10_0018__li62889814517"><strong id="cce_10_0018__b1336006828">PodUID</strong>: ID of a pod.</li><li id="cce_10_0018__li528818135113"><strong id="cce_10_0018__b1360762071">PodName</strong>: name of a pod.</li><li id="cce_10_0018__li62882084517"><strong id="cce_10_0018__b1925991408">PodUID/ContainerName</strong>: ID of a pod or name of a container.</li><li id="cce_10_0018__li528898175110"><strong id="cce_10_0018__b8818125942116">PodName/ContainerName</strong>: name of a pod or container.</li></ul>
+<p id="cce_10_0018__p1728888115112">A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single <span class="keyword" id="cce_10_0018__keyword1766445251">Pod</span>.</p>
+<ul id="cce_10_0018__ul2028828105113"><li id="cce_10_0018__li428815865110"><strong id="cce_10_0018__b466439911">None</strong>: No extended path is configured. </li><li id="cce_10_0018__li62889814517"><strong id="cce_10_0018__b746148577">PodUID</strong>: ID of a pod.</li><li id="cce_10_0018__li528818135113"><strong id="cce_10_0018__b678656736">PodName</strong>: name of a pod.</li><li id="cce_10_0018__li62882084517"><strong id="cce_10_0018__b1079307725">PodUID/ContainerName</strong>: ID of a pod or name of a container.</li><li id="cce_10_0018__li528898175110"><strong id="cce_10_0018__b8818125942116">PodName/ContainerName</strong>: name of a pod or container.</li></ul>
 </td>
 </tr>
 <tr id="cce_10_0018__row732915085118"><td class="cellrowborder" valign="top" width="17.06%" headers="mcps1.3.4.7.2.4.1.1 "><p id="cce_10_0018__p17329004514">policy.logs.rotate</p>
@@ -155,7 +155,7 @@ spec:
 <td class="cellrowborder" valign="top" width="19.23%" headers="mcps1.3.4.7.2.4.1.2 "><p id="cce_10_0018__p123292055113">Log dump</p>
 </td>
 <td class="cellrowborder" valign="top" width="63.71%" headers="mcps1.3.4.7.2.4.1.3 "><p id="cce_10_0018__p1017113396539">Log dump refers to rotating log files on a local host.</p>
-<ul id="cce_10_0018__ul1617120398533"><li id="cce_10_0018__li71711639105316"><strong id="cce_10_0018__b1526956635">Enabled</strong>: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new <strong id="cce_10_0018__b530318652">.zip</strong> file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 <strong id="cce_10_0018__b816695388">.zip</strong> files. When the number of <strong id="cce_10_0018__b589371906">.zip</strong> files exceeds 20, earlier <strong id="cce_10_0018__b54563225">.zip</strong> files will be deleted. After the dump is complete, the log file in AOM will be cleared.</li><li id="cce_10_0018__li817133985315"><strong id="cce_10_0018__b1482156256">Disabled</strong>: AOM does not dump log files.</li></ul>
+<ul id="cce_10_0018__ul1617120398533"><li id="cce_10_0018__li71711639105316"><strong id="cce_10_0018__b228801547">Enabled</strong>: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new <strong id="cce_10_0018__b618877522">.zip</strong> file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 <strong id="cce_10_0018__b67462932">.zip</strong> files. When the number of <strong id="cce_10_0018__b478147095">.zip</strong> files exceeds 20, earlier <strong id="cce_10_0018__b1992183573">.zip</strong> files will be deleted. After the dump is complete, the log file in AOM will be cleared.</li><li id="cce_10_0018__li817133985315"><strong id="cce_10_0018__b1231713624">Disabled</strong>: AOM does not dump log files.</li></ul>
 <div class="note" id="cce_10_0018__note121711639195319"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0018__ul817183918533"><li id="cce_10_0018__li9171183945310">AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.</li><li id="cce_10_0018__li1117153914535">Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have set rotation for log files, skip the configuration. Otherwise, conflicts may occur.</li><li id="cce_10_0018__li317113915532">You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.</li></ul>
 </div></div>
 </td>

docs/cce/umn/cce_10_0026.html

@@ -3,13 +3,13 @@
 <h1 class="topictitle1">Querying CTS Logs</h1>
 <div id="body1525226397666"><div class="section" id="cce_10_0026__section19908104613460"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0026__p1349415403233">After you enable CTS, the system starts recording operations on CCE resources. Operation records of the last 7 days can be viewed on the CTS management console.</p>
 </div>
-<div class="section" id="cce_10_0026__section208814582456"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0026__ol968681862911"><li id="cce_10_0026__li18356228445"><span>Log in to the management console.</span></li><li id="cce_10_0026__li14905725134512"><span>Click <span><img id="cce_10_0026__image1180502423211" src="en-us_image_0000001244141141.gif"></span> in the upper left corner and select a region.</span></li><li id="cce_10_0026__li56856187296"><span>Choose <strong id="cce_10_0026__b161841334316020">Service List</strong> from the main menu. Choose <strong id="cce_10_0026__b14174101155814">Management &amp; Deployment</strong> &gt; <strong id="cce_10_0026__b1917414113585">Cloud Trace Service</strong>.</span></li><li id="cce_10_0026__li6685018122920"><span>In the navigation pane of the CTS console, choose <strong id="cce_10_0026__b091641316584">Cloud Trace Service</strong> &gt; <strong id="cce_10_0026__b6917813165811">Trace List</strong>.</span></li><li id="cce_10_0026__li0686618152911"><span>On the <strong id="cce_10_0026__b156310494616044">Trace List</strong> page, query operation records based on the search criteria. Currently, the trace list supports trace query based on the combination of the following search criteria:</span><p><ul id="cce_10_0026__ul2686318142919"><li id="cce_10_0026__li9685018132914"><strong id="cce_10_0026__b147767585916113">Trace Source</strong>, <strong id="cce_10_0026__b33843206916113">Resource Type</strong>, and <strong id="cce_10_0026__b104136949616113">Search By</strong><p id="cce_10_0026__p068517181297">Select the search criteria from the drop-down lists. Select <strong id="cce_10_0026__b987393825817">CCE</strong> from the <strong id="cce_10_0026__b1287312387583">Trace Source</strong> drop-down list.</p>
+<div class="section" id="cce_10_0026__section208814582456"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0026__ol968681862911"><li id="cce_10_0026__li18356228445"><span>Log in to the management console.</span></li><li id="cce_10_0026__li14905725134512"><span>Click <span><img id="cce_10_0026__image1180502423211" src="en-us_image_0000001569182497.gif"></span> in the upper left corner and select a region.</span></li><li id="cce_10_0026__li56856187296"><span>Choose <strong id="cce_10_0026__b161841334316020">Service List</strong> from the main menu. Choose <strong id="cce_10_0026__b14174101155814">Management &amp; Deployment</strong> &gt; <strong id="cce_10_0026__b1917414113585">Cloud Trace Service</strong>.</span></li><li id="cce_10_0026__li6685018122920"><span>In the navigation pane of the CTS console, choose <strong id="cce_10_0026__b091641316584">Cloud Trace Service</strong> &gt; <strong id="cce_10_0026__b6917813165811">Trace List</strong>.</span></li><li id="cce_10_0026__li0686618152911"><span>On the <strong id="cce_10_0026__b156310494616044">Trace List</strong> page, query operation records based on the search criteria. Currently, the trace list supports trace query based on the combination of the following search criteria:</span><p><ul id="cce_10_0026__ul2686318142919"><li id="cce_10_0026__li9685018132914"><strong id="cce_10_0026__b147767585916113">Trace Source</strong>, <strong id="cce_10_0026__b33843206916113">Resource Type</strong>, and <strong id="cce_10_0026__b104136949616113">Search By</strong><p id="cce_10_0026__p068517181297">Select the search criteria from the drop-down lists. Select <strong id="cce_10_0026__b987393825817">CCE</strong> from the <strong id="cce_10_0026__b1287312387583">Trace Source</strong> drop-down list.</p>
 <p id="cce_10_0026__p26851618102915">If you select <strong id="cce_10_0026__b23175131216221">Trace name</strong> from the <strong id="cce_10_0026__b172899127516221">Search By</strong> drop-down list, specify the trace name.</p>
 <p id="cce_10_0026__p7685191818293">If you select <strong id="cce_10_0026__b33083335616231">Resource ID</strong> from the <strong id="cce_10_0026__b153919820216231">Search By</strong> drop-down list, select or enter a specific resource ID.</p>
 <p id="cce_10_0026__p166851718102917">If you select <strong id="cce_10_0026__b50135831116238">Resource name</strong> from the <strong id="cce_10_0026__b186507588316238">Search By</strong> drop-down list, select or enter a specific resource name.</p>
 </li><li id="cce_10_0026__li1968671815297"><strong id="cce_10_0026__b168444573616245">Operator</strong>: Select a specific operator (at user level rather than account level).</li><li id="cce_10_0026__li368641832910"><strong id="cce_10_0026__b113712261116258">Trace Status</strong>: Set this parameter to any of the following values: <strong id="cce_10_0026__b135890568716258">All trace statuses</strong>, <strong id="cce_10_0026__b192911413716258">normal</strong>, <strong id="cce_10_0026__b59570413316258">warning</strong>, and <strong id="cce_10_0026__b169117565716258">incident</strong>.</li><li id="cce_10_0026__li12686118112916">Time range: You can query traces generated during any time range in the last seven days.</li></ul>
-</p></li><li id="cce_10_0026__li01301836122914"><span>Click <span><img id="cce_10_0026__image07291172331" src="en-us_image_0000001199341250.png"></span> on the left of a trace to expand its details, as shown below.</span><p><div class="fignone" id="cce_10_0026__fig1324117817394"><span class="figcap"><b>Figure 1 </b>Expanding trace details</span><br><span><img id="cce_10_0026__image19242788396" src="en-us_image_0000001243981141.png"></span></div>
-</p></li><li id="cce_10_0026__li186863182294"><span>Click <strong id="cce_10_0026__b25871212163720">View Trace</strong> in the <strong id="cce_10_0026__b1597141217374">Operation</strong> column. The trace details are displayed.</span><p><div class="fignone" id="cce_10_0026__fig365411360512"><span class="figcap"><b>Figure 2 </b>Viewing event details</span><br><span><img id="cce_10_0026__image21436386418" src="en-us_image_0000001244141139.png"></span></div>
+</p></li><li id="cce_10_0026__li01301836122914"><span>Click <span><img id="cce_10_0026__image07291172331" src="en-us_image_0000001569182505.png"></span> on the left of a trace to expand its details, as shown below.</span><p><div class="fignone" id="cce_10_0026__fig1324117817394"><span class="figcap"><b>Figure 1 </b>Expanding trace details</span><br><span><img id="cce_10_0026__image19242788396" src="en-us_image_0000001569022781.png"></span></div>
+</p></li><li id="cce_10_0026__li186863182294"><span>Click <strong id="cce_10_0026__b25871212163720">View Trace</strong> in the <strong id="cce_10_0026__b1597141217374">Operation</strong> column. The trace details are displayed.</span><p><div class="fignone" id="cce_10_0026__fig365411360512"><span class="figcap"><b>Figure 2 </b>Viewing event details</span><br><span><img id="cce_10_0026__image21436386418" src="en-us_image_0000001517743372.png"></span></div>
 </p></li></ol>
 </div>
 </div>

docs/cce/umn/cce_10_0028.html

@@ -3,7 +3,7 @@
 <h1 class="topictitle1">Creating a CCE Cluster</h1>
 <div id="body1505899032898"><p id="cce_10_0028__p126541913151116">On the CCE console, you can easily create Kubernetes clusters. Kubernetes can manage container clusters at scale. A cluster manages a group of node resources.</p>
 <p id="cce_10_0028__p162026117205">In CCE, you can create a CCE cluster to manage VMs. By using high-performance network models, hybrid clusters provide a multi-scenario, secure, and stable runtime environment for containers.</p>
-<div class="section" id="cce_10_0028__section1386743114294"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0028__ul686414167496"><li id="cce_10_0028__li190817135320">During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.</li><li id="cce_10_0028__li124606217339">You can create a maximum of 50 clusters in a single region.</li><li id="cce_10_0028__li1186441616491">After a cluster is created, the following items cannot be changed:<ul id="cce_10_0028__ul1386431634910"><li id="cce_10_0028__li6864131614492">Cluster type</li><li id="cce_10_0028__li359558115311">Number of master nodes in the cluster</li><li id="cce_10_0028__li452948112016">AZ of a master node</li><li id="cce_10_0028__li1686412165496">Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, and kube-proxy (forwarding) settings</li><li id="cce_10_0028__li1686451618494">Network model. For example, change <strong id="cce_10_0028__b16979154810810">Tunnel network</strong> to <strong id="cce_10_0028__b1297916485820">VPC network</strong>.</li></ul>
+<div class="section" id="cce_10_0028__section1386743114294"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0028__ul686414167496"><li id="cce_10_0028__li190817135320">During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the DNS server address of the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.</li><li id="cce_10_0028__li124606217339">You can create a maximum of 50 clusters in a single region.</li><li id="cce_10_0028__li1186441616491">After a cluster is created, the following items cannot be changed:<ul id="cce_10_0028__ul1386431634910"><li id="cce_10_0028__li6864131614492">Cluster type</li><li id="cce_10_0028__li359558115311">Number of master nodes in the cluster</li><li id="cce_10_0028__li452948112016">AZ of a master node</li><li id="cce_10_0028__li1686412165496">Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, and kube-proxy (forwarding) settings</li><li id="cce_10_0028__li1686451618494">Network model. For example, change <strong id="cce_10_0028__b16979154810810">Tunnel network</strong> to <strong id="cce_10_0028__b1297916485820">VPC network</strong>.</li></ul>
 </li></ul>
 </div>
 <div class="section" id="cce_10_0028__section176228482126"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0028__ol1233331493511"><li id="cce_10_0028__li833491416359"><span>Log in to the CCE console. Choose <strong id="cce_10_0028__b1563535515135">Clusters</strong>. On the displayed page, click <strong id="cce_10_0028__b1861116237141">Create</strong> next to <strong id="cce_10_0028__b1563618552135">CCE cluster</strong>.</span></li><li id="cce_10_0028__li1569162220359"><span>Set cluster parameters.</span><p><div class="p" id="cce_10_0028__p5653205823718"><strong id="cce_10_0028__b14641318112618">Basic Settings</strong><ul id="cce_10_0028__ul5395195853710"><li id="cce_10_0028__li1739455810379"><strong id="cce_10_0028__b15847145841720">Cluster Name</strong></li><li id="cce_10_0028__li163957587379"><strong id="cce_10_0028__b89145218188">Cluster Version</strong>: Select the Kubernetes version used by the cluster.</li><li id="cce_10_0028__li5395358163711"><strong id="cce_10_0028__b01681447141713">Cluster Scale</strong>: maximum number of nodes that can be managed by the cluster. </li><li id="cce_10_0028__li467617271013"><strong id="cce_10_0028__b1538713714413">HA</strong>: distribution mode of master nodes. By default, master nodes are randomly distributed in different AZs to improve DR capabilities.<div class="p" id="cce_10_0028__p15811036101">You can also expand advanced settings and customize the master node distribution mode. The following two modes are supported:<ul id="cce_10_0028__ul729432918812"><li id="cce_10_0028__li1529418293815"><strong id="cce_10_0028__b939210361624">Random</strong>: Master nodes are created in different AZs for DR.</li><li id="cce_10_0028__li103958393117"><strong id="cce_10_0028__b5810610331">Custom</strong>: You can determine the location of each master node.<ul id="cce_10_0028__ul1220719413117"><li id="cce_10_0028__li62941529381"><strong id="cce_10_0028__b292085817517">Host</strong>: Master nodes are created on different hosts in the same AZ.</li><li id="cce_10_0028__li32946293815"><strong id="cce_10_0028__b01923920215">Custom</strong>: You can determine the location of each master node.</li></ul>
@@ -20,12 +20,14 @@
 </div></div>
 </li></ul>
 </li><li id="cce_10_0028__li8833185203815"><strong id="cce_10_0028__b891711174919">Description</strong>: The value can contain a maximum of 200 English characters.</li></ul>
-</p></li><li id="cce_10_0028__li9641724418"><span>Click <strong id="cce_10_0028__cce_10_0298_b05029251885">Next: Add-on Configuration</strong>.</span><p><p id="cce_10_0028__cce_10_0298_p292215338261">By default, <a href="cce_10_0129.html">cordens</a> and <a href="cce_10_0066.html">everest</a> add-ons are installed.</p>
-<div class="p" id="cce_10_0028__cce_10_0298_p1042341817336"><strong id="cce_10_0028__cce_10_0298_b54341755383">Service log</strong><ul id="cce_10_0028__cce_10_0298_ul1532032363417"><li id="cce_10_0028__cce_10_0298_li078322903611"><strong id="cce_10_0028__cce_10_0298_b111439411113">ICAgent</strong>:<p id="cce_10_0028__cce_10_0298_p5238153093619">A log collector provided by Application Operations Management (AOM), reporting logs to AOM and Log Tank Service (LTS) according to the log collection rules you configured.</p>
-<p id="cce_10_0028__cce_10_0298_p161195033716">You can collect stdout logs as required.</p>
+</p></li><li id="cce_10_0028__li9641724418"><span>Click <strong id="cce_10_0028__b194907314482">Next: Add-on Configuration</strong>.</span><p><p id="cce_10_0028__en-us_topic_0000001243981077_p157905523575"><strong id="cce_10_0028__b595244015487">Domain Name Resolution</strong>: Uses the <a href="cce_10_0129.html">coredns</a> add-on, installed by default, to resolve domain names and connect to the cloud DNS server.</p>
+<p id="cce_10_0028__en-us_topic_0000001243981077_p292215338261"><strong id="cce_10_0028__b3546177134911">Container Storage</strong>: Uses the <a href="cce_10_0066.html">everest</a> add-on, installed by default, to provide container storage based on CSI and connect to cloud storage services such as EVS.</p>
+<div class="p" id="cce_10_0028__en-us_topic_0000001243981077_p1042341817336"><strong id="cce_10_0028__b078412875610">Service logs</strong><ul id="cce_10_0028__en-us_topic_0000001243981077_ul1532032363417"><li id="cce_10_0028__en-us_topic_0000001243981077_li078322903611">Using ICAgent:<p id="cce_10_0028__en-us_topic_0000001243981077_p5238153093619"><a name="cce_10_0028__en-us_topic_0000001243981077_li078322903611"></a><a name="en-us_topic_0000001243981077_li078322903611"></a>A log collector provided by Application Operations Management (AOM), reporting logs to AOM and Log Tank Service (LTS) according to the log collection rules you configured.</p>
+<p id="cce_10_0028__en-us_topic_0000001243981077_p161195033716">You can collect stdout logs as required.</p>
 </li></ul>
 </div>
-</p></li><li id="cce_10_0028__li72711456163617"><span>After the parameters are specified, click <span class="uicontrol" id="cce_10_0028__uicontrol36131794526"><b>Next: Confirm</b></span>. The cluster resource list is displayed. Confirm the information and click <span class="uicontrol" id="cce_10_0028__uicontrol1752232819449"><b>Submit</b></span>.</span><p><p id="cce_10_0028__p1020211168316">It takes about 6 to 10 minutes to create a cluster. You can click <strong id="cce_10_0028__b1712383711547">Back to Cluster List</strong> to perform other operations on the cluster or click <strong id="cce_10_0028__b3123193725416">Go to Cluster Events</strong> to view the cluster details.</p>
+<p id="cce_10_0028__en-us_topic_0000001243981077_p357714145121"><strong id="cce_10_0028__b167302337554">Overload Control</strong>: If overload control is enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.</p>
+</p></li><li id="cce_10_0028__li72711456163617"><span>After setting the parameters, click <span class="uicontrol" id="cce_10_0028__uicontrol677013344165"><b>Next: Confirm</b></span>. After confirming that the cluster configuration information is correct, select <strong id="cce_10_0028__b10770193415164">I have read and understand the preceding instructions</strong> and click <strong id="cce_10_0028__b4771183411610">Submit</strong>.</span><p><p id="cce_10_0028__p1020211168316">It takes about 6 to 10 minutes to create a cluster. You can click <strong id="cce_10_0028__b1712383711547">Back to Cluster List</strong> to perform other operations on the cluster or click <strong id="cce_10_0028__b3123193725416">Go to Cluster Events</strong> to view the cluster details.</p>
 </p></li></ol>
 </div>
 <div class="section" id="cce_10_0028__section125261255139"><h4 class="sectiontitle">Related Operations</h4><ul id="cce_10_0028__ul912451119262"><li id="cce_10_0028__li1030825181117">After creating a cluster, you can use the Kubernetes command line (CLI) tool kubectl to connect to the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</li><li id="cce_10_0028__li312413114263">Add nodes to the cluster. For details, see <a href="cce_10_0363.html">Creating a Node</a>.</li></ul>

docs/cce/umn/cce_10_0031.html

@@ -4,7 +4,7 @@
 <div id="body1506157580881"></div>
 <div>
 <ul class="ullinks">
-<li class="ulchildlink"><strong><a href="cce_10_0213.html">Managing Cluster Components</a></strong><br>
+<li class="ulchildlink"><strong><a href="cce_10_0213.html">Cluster Configuration Management</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="cce_10_0212.html">Deleting a Cluster</a></strong><br>
 </li>

docs/cce/umn/cce_10_00356.html

@@ -0,0 +1,22 @@
+<a name="cce_10_00356"></a><a name="cce_10_00356"></a>
+
+<h1 class="topictitle1">Accessing a Container</h1>
+<div id="body0000001151211236"><div class="section" id="cce_10_00356__section7379040716"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_00356__p1134114511811">If you encounter unexpected problems when using a container, you can log in to the container for debugging.</p>
+</div>
+<div class="section" id="cce_10_00356__section1293318163114"><h4 class="sectiontitle">Logging In to a Container Using kubectl</h4><ol id="cce_10_00356__ol1392823394416"><li id="cce_10_00356__li1681024195710"><span>Use kubectl to connect to the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_00356__li1020013819415"><span id="cce_10_00356__p49510201338">Run the following command to view the created pod:</span><p><pre class="screen" id="cce_10_00356__screen156898195914">kubectl get pod</pre>
+<div class="p" id="cce_10_00356__p18257204595920">The example output is as follows:<pre class="screen" id="cce_10_00356__screen7944553592">NAME                               READY   STATUS    RESTARTS       AGE
+nginx-59d89cb66f-mhljr             1/1     Running   0              11m</pre>
+</div>
+</p></li><li id="cce_10_00356__li356233617436"><span>Query the name of the container in the pod.</span><p><pre class="screen" id="cce_10_00356__screen5352174217439">kubectl get po <i><span class="varname" id="cce_10_00356__varname373018473433">nginx-59d89cb66f-mhljr</span></i> -o jsonpath='{range .spec.containers[*]}{.name}{end}{"\n"}'</pre>
+<div class="p" id="cce_10_00356__p3651112824414">The example output is as follows:<pre class="screen" id="cce_10_00356__screen1965142811442">container-1</pre>
+</div>
+</p></li><li id="cce_10_00356__li15567184714456"><span>Run the following command to log in to the container named <strong id="cce_10_00356__b1875816432427">container-1</strong> in <strong id="cce_10_00356__b46855020427">nginx-59d89cb66f-mhljrPod</strong>:</span><p><pre class="screen" id="cce_10_00356__screen208681724173519">kubectl exec -it <i><span class="varname" id="cce_10_00356__varname42937231455">nginx-59d89cb66f-mhljr</span></i> -c <i><span class="varname" id="cce_10_00356__varname115981226164513">container-1</span></i> -- /bin/sh</pre>
+</p></li><li id="cce_10_00356__li1582141517375"><span>To exit the container, run the <strong id="cce_10_00356__b15873927134616">exit</strong> command.</span></li></ol>
+</div>
+</div>
+<div>
+<div class="familylinks">
+<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0046.html">Workloads</a></div>
+</div>
+</div>
+

docs/cce/umn/cce_10_0036.html

@@ -5,7 +5,7 @@
 </div>
 <div class="section" id="cce_10_0036__section1489437103610"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0036__ul0917755162415"><li id="cce_10_0036__li1891719552246">Deleting a node will lead to pod migration, which may affect services. Therefore, delete nodes during off-peak hours.</li><li id="cce_10_0036__li791875552416">Unexpected risks may occur during node deletion. Back up related data in advance.</li><li id="cce_10_0036__li15918105582417">While the node is being deleted, the backend will set the node to the unschedulable state.</li><li id="cce_10_0036__li12918145520241">Only worker nodes can be stopped.</li></ul>
 </div>
-<div class="section" id="cce_10_0036__section14341135612442"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0036__ol5687174923613"><li id="cce_10_0036__li133915311359"><span>Log in to the CCE console and click the cluster name to access the cluster.</span></li><li id="cce_10_0036__li6687049203616"><span>In the navigation pane, choose <strong id="cce_10_0036__b06131727172613">Nodes</strong>. In the right pane, click the name of the node to be stopped.</span></li><li id="cce_10_0036__li117301253183717"><span>In the upper right corner of the ECS details page, click <strong id="cce_10_0036__b1247467161417">Stop</strong> in the instance status area. In the displayed dialog box, click <strong id="cce_10_0036__b12474177131414">Yes</strong>.</span><p><div class="fignone" id="cce_10_0036__fig19269101385311"><span class="figcap"><b>Figure 1 </b>ECS details page</span><br><span><img id="cce_10_0036__image6847636155" src="en-us_image_0000001244261119.png"></span></div>
+<div class="section" id="cce_10_0036__section14341135612442"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0036__ol5687174923613"><li id="cce_10_0036__li133915311359"><span>Log in to the CCE console and click the cluster name to access the cluster.</span></li><li id="cce_10_0036__li6687049203616"><span>In the navigation pane, choose <strong id="cce_10_0036__b06131727172613">Nodes</strong>. In the right pane, click the name of the node to be stopped.</span></li><li id="cce_10_0036__li117301253183717"><span>In the upper right corner of the ECS details page, click <strong id="cce_10_0036__b1247467161417">Stop</strong> in the instance status area. In the displayed dialog box, click <strong id="cce_10_0036__b12474177131414">Yes</strong>.</span><p><div class="fignone" id="cce_10_0036__fig19269101385311"><span class="figcap"><b>Figure 1 </b>ECS details page</span><br><span><img id="cce_10_0036__image6847636155" src="en-us_image_0000001518062704.png"></span></div>
 </p></li></ol>
 </div>
 </div>

docs/cce/umn/cce_10_0045.html

@@ -1,6 +1,6 @@
 <a name="cce_10_0045"></a><a name="cce_10_0045"></a>
 
-<h1 class="topictitle1">Configuration Center</h1>
+<h1 class="topictitle1">ConfigMaps and Secrets</h1>
 <div id="body1507606688948"></div>
 <div>
 <ul class="ullinks">

docs/cce/umn/cce_10_0046.html

@@ -24,6 +24,8 @@
 </li>
 <li class="ulchildlink"><strong><a href="cce_10_0551.html">CPU Core Binding</a></strong><br>
 </li>
+<li class="ulchildlink"><strong><a href="cce_10_00356.html">Accessing a Container</a></strong><br>
+</li>
 <li class="ulchildlink"><strong><a href="cce_10_0386.html">Pod Labels and Annotations</a></strong><br>
 </li>
 <li class="ulchildlink"><strong><a href="cce_10_0423.html">Volcano Scheduling</a></strong><br>