forked from docs/doc-exports
Compare commits
1 Commits
sgode-patc
...
sgode-patc
| Author | SHA1 | Date | |
|---|---|---|---|
| 8895b50c2b |
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -8,48 +8,7 @@
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody><tr id="cce_01_0300__row1672312793610"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p372317712362">2025-05-23</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p37306202368">Update:</p>
|
||||
<ul id="cce_01_0300__ul7135332163612"><li id="cce_01_0300__li013619326366">Updated <a href="cce_10_0059.html">Configuring Network Policies to Restrict Pod Access</a>.</li><li id="cce_01_0300__li10221163312367">Updated <a href="cce_10_0462.html">Container Engines</a>.</li><li id="cce_01_0300__li299616330369">Updated <a href="cce_10_0476.html">Node OSs</a></li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row1257516131090"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p105762136919">2025-05-12</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p18781417100">Add:</p>
|
||||
<ul id="cce_01_0300__ul5695118161019"><li id="cce_01_0300__li1499432111019">Added <a href="cce_bulletin_0099.html">Kubernetes 1.31 Release Notes</a>.</li><li id="cce_01_0300__li1587543134516">Added <a href="cce_10_0955.html">GPU Metrics</a>.</li><li id="cce_01_0300__li5947371701">Added <a href="cce_10_0967.html">Specifying Node Scale-in Conditions for a Node Pool</a>.</li><li id="cce_01_0300__li1957411417107">Added <a href="cce_faq_00468.html">How Can I Locate a Fault That Occurs with a Node?</a>.</li><li id="cce_01_0300__li19429124771011">Added <a href="cce_faq_00404.html">How Can I Locate Faults Using an Exit Code?</a>.</li><li id="cce_01_0300__li115981858111019">Added <a href="cce_faq_00487.html">How Do I Troubleshoot a Pod Exit Caused by a Node Label Update?</a></li><li id="cce_01_0300__li1935117590107">Added <a href="cce_faq_00455.html">What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?</a>.</li><li id="cce_01_0300__li14905202191110">Added <a href="cce_faq_00418.html">Why Cannot I Delete a PV or PVC Using the kubectl delete Command?</a>.</li><li id="cce_01_0300__li496113141512">Added <a href="cce_faq_00484.html">What Is an OBS Global Access Key and How Do I Check Whether a Global Access Key Is Used in a Cluster?</a>.</li></ul>
|
||||
<p id="cce_01_0300__p14690740141010">Update:</p>
|
||||
<ul id="cce_01_0300__ul14690194019105"><li id="cce_01_0300__li1069034011013">Updated <a href="cce_10_0405.html">Patch Version Release Notes</a>.</li><li id="cce_01_0300__li866562185712">Updated <a href="cce_10_0215.html">Upgrading a Cluster</a>.</li><li id="cce_01_0300__li6503129113014">Updated <a href="cce_10_0673.html">Creating a Workload</a>.</li><li id="cce_01_0300__li3565193316580">Updated <a href="cce_10_0675.html">Pod Network Settings</a>.</li><li id="cce_01_0300__li517511521325">Updated <a href="cce_10_0247.html">Service</a>.</li><li id="cce_01_0300__li1885111617310">Updated <a href="cce_10_0248.html">Ingresses</a>.</li><li id="cce_01_0300__li63201528464">Updated <a href="cce_10_0278.html">Creating a Namespace</a>.</li><li id="cce_01_0300__li036617441184">Updated <a href="cce_10_0064.html">Add-ons</a>.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row12762115711020"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p1576265711109">2025-04-28</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p17621957121011">Updated <a href="cce_bestpractice_10001.html">Overview</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row19988104361114"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p1098910431118">2025-03-31</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p84969551112">Update:</p>
|
||||
<ul id="cce_01_0300__ul1074915179422"><li id="cce_01_0300__li1274951704212">Updated <a href="cce_faq_00020.html">How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?</a></li><li id="cce_01_0300__li7682171934212">Updated <a href="cce_10_0555.html">Collecting Container Logs Using Cloud Native Log Collection</a>.</li><li id="cce_01_0300__li17158133213818">Updated <a href="cce_10_0940.html">Configuring Advanced Forwarding Rules for a LoadBalancer Ingress</a>.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row176951955145713"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p2695135595716">2025-03-10</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p13369114325817">Add:</p>
|
||||
<ul id="cce_01_0300__ul53691243145816"><li id="cce_01_0300__li18369154315583">Added <a href="cce_10_0416.html">Cloud Native Log Collection</a>.</li><li id="cce_01_0300__li1821495310520">Added <a href="cce_10_0799.html">FAQ</a>.</li><li id="cce_01_0300__li197821142755">Added <a href="cce_bestpractice_10021.html">Reporting Prometheus Monitoring Data to a Third-Party Monitoring Platform</a>.</li></ul>
|
||||
<p id="cce_01_0300__p786213367018">Update:</p>
|
||||
<ul id="cce_01_0300__ul12862173616011"><li id="cce_01_0300__li15862103618010">Updated <a href="cce_10_0553.html">Logging</a>.</li><li id="cce_01_0300__li246418364115">Updated <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</li></ul>
|
||||
<p id="cce_01_0300__p1517175911">Delete:</p>
|
||||
<ul id="cce_01_0300__ul10511195911"><li id="cce_01_0300__li154113599">Deleted "Kubernetes Version Policy".</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row8219537163217"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p162191037193218">2025-02-28</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p13785184816323">Update:</p>
|
||||
<ul id="cce_01_0300__ul18785104819325"><li id="cce_01_0300__li12785104843215">Updated <a href="cce_10_0150.html">Creating a Job</a>.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row138537511817"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p6853195171815">2025-02-10</p>
|
||||
<tbody><tr id="cce_01_0300__row138537511817"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p6853195171815">2025-02-10</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p205161934133412">Add:</p>
|
||||
<ul id="cce_01_0300__ul25161034163419"><li id="cce_01_0300__li15161034173411">Added <a href="cce_10_0836.html">Monitoring</a>.</li><li id="cce_01_0300__li12059215016">Added <a href="cce_bestpractice_00222.html">Creating an IPv4/IPv6 Dual-Stack Cluster in CCE</a>.</li></ul>
|
||||
@ -62,7 +21,7 @@
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><p id="cce_01_0300__p192721921121010">Add:</p>
|
||||
<ul id="cce_01_0300__ul17913134010215"><li id="cce_01_0300__li19303826141118">Added <a href="cce_bulletin_0095.html">Kubernetes 1.30 Release Notes</a>.</li><li id="cce_01_0300__li11914154019214">Added <a href="cce_bulletin_0098.html">EOM of CentOS</a>.</li><li id="cce_01_0300__li16371103993217">Added <a href="cce_10_0744.html">Revoking a Credential to Access the Corresponding Cluster</a>, <a href="cce_10_0927.html">Preventing Cluster Deletion</a>.</li><li id="cce_01_0300__li16703013312">Added <a href="cce_10_0889.html">Scheduling a Workload</a>.</li><li id="cce_01_0300__li145106513332">Added <a href="cce_10_0916.html">Enabling a LoadBalancer Service to Obtain the Client IP Address</a>, <a href="cce_10_0924.html">Configuring a Custom EIP for a LoadBalancer Service</a>.</li><li id="cce_01_0300__li174261762330">Added <a href="cce_10_0944.html">Creating an HPA Policy with Custom Metrics</a>, <a href="cce_10_0934.html">Creating an AHPA Policy</a>.</li><li id="cce_01_0300__li109660172323">Added <a href="cce_10_0781.html">Settings</a>.</li><li id="cce_01_0300__li57551076338">Added <a href="cce_bestpractice_10047.html">Configuration Suggestions on CCE Container Image Security</a>.</li><li id="cce_01_0300__li106387810331">Added <a href="cce_faq_00445.html">What Are the Impacts of Changing the Flavor of a Node in a CCE Node Pool?</a>, <a href="cce_faq_00185.html">How Do I Obtain a TLS Key Certificate?</a>, <a href="cce_faq_00446.html">How Can I Check Whether an ENI Is Used by a Cluster?</a>, <a href="cce_faq_00447.html">How Can I Delete a Security Group Rule Associated with a Deleted Subnet?</a>, <a href="cce_faq_00460.html">How Can I Determine Which Ingress the Listener Settings Have Been Applied To?</a>.</li></ul>
|
||||
<p id="cce_01_0300__p9546114511102">Update:</p>
|
||||
<ul id="cce_01_0300__ul1548895761012"><li id="cce_01_0300__li186619511116">Updated <a href="cce_10_0405.html">Patch Version Release Notes</a>.</li><li id="cce_01_0300__li1893312092314">Update <a href="cce_productdesc_0005.html">Notes and Constraints</a>.</li><li id="cce_01_0300__li366715119369">Updated <a href="cce_10_0550.html">Troubleshooting for Pre-upgrade Check Exceptions</a>.</li><li id="cce_01_0300__li648519410397">Updated <a href="cce_10_0476.html">Node OS</a>, <a href="cce_10_0363.html">Creating a Node</a>, <a href="cce_10_0198.html">Accepting Nodes for Management</a>, <a href="cce_10_0003.html">Resetting a Node</a>, <a href="cce_10_0605.html">Draining a Node</a>.</li><li id="cce_01_0300__li142324894314">Updated <a href="cce_10_0012.html">Creating a Node Pool</a>, <a href="cce_10_0653.html">Updating a Node Pool</a>, <a href="cce_10_0652.html">Modifying Node Pool Configurations</a>, <a href="cce_10_0886.html">Accepting Nodes in a Node Pool</a>, <a href="cce_10_0656.html">Migrating a Node</a>.</li><li id="cce_01_0300__li1876317325492">Updated <a href="cce_10_0673.html">Creating a Workload</a>.</li><li id="cce_01_0300__li1279632145720">Updated <a href="cce_10_0681.html">Configuring LoadBalancer Services Using Annotations</a>, <a href="cce_10_0831.html">Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service</a>, <a href="cce_10_0935.html">Advanced Setting Examples of LoadBalancer Ingresses</a>, <a href="cce_10_0936.html">Advanced Setting Examples of Nginx Ingresses</a>.</li><li id="cce_01_0300__li179611212577">Updated <a href="cce_10_0615.html">Using an EVS Disk Through a Dynamic PV</a>, <a href="cce_10_0616.html">Dynamically Mounting an EVS Disk to a StatefulSet</a>, <a href="cce_10_0620.html">Using an SFS File System Through a Dynamic PV</a>, <a href="cce_10_0839.html">(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV</a>, <a href="cce_10_0630.html">Using an OBS Bucket Through a Dynamic PV</a>, <a href="cce_10_0634.html">Using a Local PV Through a Dynamic PV</a>, <a href="cce_10_0635.html">Dynamically Mounting a Local PV to a StatefulSet</a>, <a href="cce_10_0380.html">StorageClass</a>.</li><li id="cce_01_0300__li850116582361">Updated <a href="cce_10_0290.html">Workload Scaling Rules</a>.</li><li id="cce_01_0300__li1499064232117">Updated <a href="cce_10_0064.html">Add-ons</a>.</li></ul>
|
||||
<ul id="cce_01_0300__ul1548895761012"><li id="cce_01_0300__li186619511116">Updated <a href="cce_10_0405.html">Patch Version Release Notes</a>.</li><li id="cce_01_0300__li06015221333">Updated <a href="cce_bulletin_0033.html">Kubernetes Version Policy</a>.</li><li id="cce_01_0300__li1893312092314">Update <a href="cce_productdesc_0005.html">Notes and Constraints</a>.</li><li id="cce_01_0300__li366715119369">Updated <a href="cce_10_0550.html">Troubleshooting for Pre-upgrade Check Exceptions</a>.</li><li id="cce_01_0300__li648519410397">Updated <a href="cce_10_0476.html">Node OS</a>, <a href="cce_10_0363.html">Creating a Node</a>, <a href="cce_10_0198.html">Accepting Nodes for Management</a>, <a href="cce_10_0003.html">Resetting a Node</a>, <a href="cce_10_0605.html">Draining a Node</a>.</li><li id="cce_01_0300__li142324894314">Updated <a href="cce_10_0012.html">Creating a Node Pool</a>, <a href="cce_10_0653.html">Updating a Node Pool</a>, <a href="cce_10_0652.html">Modifying Node Pool Configurations</a>, <a href="cce_10_0886.html">Accepting Nodes in a Node Pool</a>, <a href="cce_10_0656.html">Migrating a Node</a>.</li><li id="cce_01_0300__li1876317325492">Updated <a href="cce_10_0673.html">Creating a Workload</a>.</li><li id="cce_01_0300__li1279632145720">Updated <a href="cce_10_0681.html">Configuring LoadBalancer Services Using Annotations</a>, <a href="cce_10_0831.html">Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service</a>, <a href="cce_10_0935.html">Advanced Setting Examples of LoadBalancer Ingresses</a>, <a href="cce_10_0936.html">Advanced Setting Examples of Nginx Ingresses</a>.</li><li id="cce_01_0300__li179611212577">Updated <a href="cce_10_0615.html">Using an EVS Disk Through a Dynamic PV</a>, <a href="cce_10_0616.html">Dynamically Mounting an EVS Disk to a StatefulSet</a>, <a href="cce_10_0620.html">Using an SFS File System Through a Dynamic PV</a>, <a href="cce_10_0839.html">(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV</a>, <a href="cce_10_0630.html">Using an OBS Bucket Through a Dynamic PV</a>, <a href="cce_10_0634.html">Using a Local PV Through a Dynamic PV</a>, <a href="cce_10_0635.html">Dynamically Mounting a Local PV to a StatefulSet</a>, <a href="cce_10_0380.html">StorageClass</a>.</li><li id="cce_01_0300__li850116582361">Updated <a href="cce_10_0290.html">Workload Scaling Rules</a>.</li><li id="cce_01_0300__li1499064232117">Updated <a href="cce_10_0064.html">Add-ons</a>.</li></ul>
|
||||
<p id="cce_01_0300__p1655218110146">Delete:</p>
|
||||
<ul id="cce_01_0300__ul2028721331311"><li id="cce_01_0300__li68421328181312">Deleted "CCE Console Upgrade".</li><li id="cce_01_0300__li109481512526">Deleted "Scheduling Policies (Affinity/Anti-affinity)".</li></ul>
|
||||
</td>
|
||||
@ -119,7 +78,7 @@
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row058713234347"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p25882023143415">2024-06-26</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><ul id="cce_01_0300__ul118110437342"><li id="cce_01_0300__li38254316343">Supported the creation of clusters of v1.29. For details, see <a href="cce_bulletin_0089.html">Kubernetes 1.29 Release Notes</a> and <a href="cce_10_0405.html">Patch Version Release Notes</a>.</li><li id="cce_01_0300__li668895417342">Added the Cloud Native Cluster Monitoring add-on. For details, see <a href="cce_10_0406.html">Cloud Native Cluster Monitoring</a>.</li><li id="cce_01_0300__li16457344123612">Added <a href="cce_10_0373.html">Monitoring Custom Metrics Using Cloud Native Cluster Monitoring</a>.</li><li id="cce_01_0300__li19403177171618">Deleted section "Kubernetes Version Support Mechanism".</li><li id="cce_01_0300__li184038711166">Added Kubernetes Version Policy.</li><li id="cce_01_0300__li7668108144413">Added <a href="cce_10_0734.html">Configuring an EIP for a Pod</a>.</li><li id="cce_01_0300__li1389051010459">Added <a href="cce_10_0651.html">Configuring a Static EIP for a Pod</a>.</li><li id="cce_01_0300__li14982191412301">Update <a href="cce_10_0476.html">Node OS</a>.</li><li id="cce_01_0300__li38112312311">Update <a href="cce_productdesc_0005.html">Notes and Constraints</a>.</li></ul>
|
||||
<td class="cellrowborder" valign="top" width="80.99%" headers="mcps1.3.1.2.3.1.2 "><ul id="cce_01_0300__ul118110437342"><li id="cce_01_0300__li38254316343">Supported the creation of clusters of v1.29. For details, see <a href="cce_bulletin_0089.html">Kubernetes 1.29 Release Notes</a> and <a href="cce_10_0405.html">Patch Version Release Notes</a>.</li><li id="cce_01_0300__li668895417342">Added the Cloud Native Cluster Monitoring add-on. For details, see <a href="cce_10_0406.html">Cloud Native Cluster Monitoring</a>.</li><li id="cce_01_0300__li16457344123612">Added <a href="cce_10_0373.html">Monitoring Custom Metrics Using Cloud Native Cluster Monitoring</a>.</li><li id="cce_01_0300__li19403177171618">Deleted section "Kubernetes Version Support Mechanism".</li><li id="cce_01_0300__li184038711166">Added <a href="cce_bulletin_0033.html">Kubernetes Version Policy</a>.</li><li id="cce_01_0300__li7668108144413">Added <a href="cce_10_0734.html">Configuring an EIP for a Pod</a>.</li><li id="cce_01_0300__li1389051010459">Added <a href="cce_10_0651.html">Configuring a Static EIP for a Pod</a>.</li><li id="cce_01_0300__li14982191412301">Update <a href="cce_10_0476.html">Node OS</a>.</li><li id="cce_01_0300__li38112312311">Update <a href="cce_productdesc_0005.html">Notes and Constraints</a>.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_01_0300__row450133482720"><td class="cellrowborder" valign="top" width="19.009999999999998%" headers="mcps1.3.1.2.3.1.1 "><p id="cce_01_0300__p1051163432712">2024-05-30</p>
|
||||
|
||||
@ -1,9 +1,11 @@
|
||||
<a name="cce_10_0002"></a><a name="cce_10_0002"></a>
|
||||
|
||||
<h1 class="topictitle1">Cluster Version Release Notes</h1>
|
||||
<h1 class="topictitle1">Cluster Overview</h1>
|
||||
<div id="body1522665832344"></div>
|
||||
<div>
|
||||
<ul class="ullinks">
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0430.html">Basic Cluster Information</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0068.html">Kubernetes Version Release Notes</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0405.html">Patch Version Release Notes</a></strong><br>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
</div>
|
||||
<div class="section" id="cce_10_0003__section0339185914138"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0003__ul975585510397"><li id="cce_10_0003__li15755125513910">To enable node resetting in CCE standard clusters or CCE Turbo clusters, the version must be v1.13 or later.</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0003__section83421713122615"><h4 class="sectiontitle">Precautions</h4><ul id="cce_10_0003__ul189321612123615"><li id="cce_10_0003__li139331412133615">Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.</li><li id="cce_10_0003__li133748101461"><strong id="cce_10_0003__b161591159125218">After a node is reset, the node OS will be reinstalled. Before resetting a node, <a href="cce_10_0605.html">drain</a> the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.</strong></li><li id="cce_10_0003__li11336171744612"><strong id="cce_10_0003__b3113619509">After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.</strong></li><li id="cce_10_0003__li159325122367"><strong id="cce_10_0003__b18976436631">If you reset a worker node that has an additional data disk attached on the ECS console, the attachment will be removed. To keep the data, you need to reattach the disk.</strong></li><li id="cce_10_0003__li18904821103817">The IP addresses of the workload pods on the node will change, but the container network access is not affected.</li><li id="cce_10_0003__li33901348389">There is remaining EVS disk quota.</li><li id="cce_10_0003__li893261218365">When a node is reset, the backend will make it unschedulable.</li><li id="cce_10_0003__li49618284552">Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.</li><li id="cce_10_0003__li551825451813">Resetting a node will cause PVC/PV data loss for the <a href="cce_10_0391.html">local PV</a> associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.</li></ul>
|
||||
<div class="section" id="cce_10_0003__section83421713122615"><h4 class="sectiontitle">Precautions</h4><ul id="cce_10_0003__ul189321612123615"><li id="cce_10_0003__li139331412133615">Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.</li><li id="cce_10_0003__li133748101461"><strong id="cce_10_0003__b161591159125218">After a node is reset, the node OS will be reinstalled. Before resetting a node, <a href="cce_10_0605.html">drain</a> the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.</strong></li><li id="cce_10_0003__li11336171744612"><strong id="cce_10_0003__b3113619509">After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.</strong></li><li id="cce_10_0003__li159325122367"><strong id="cce_10_0003__b18976436631">If you reset a worker node that has an additional data disk attached on the ECS console, the attachment will be removed. To keep the data, you need to reattach the disk.</strong></li><li id="cce_10_0003__li18904821103817">The IP addresses of the workload pods on the node will change, but the container network access is not affected.</li><li id="cce_10_0003__li33901348389">There is remaining EVS disk quota.</li><li id="cce_10_0003__li893261218365">When a node is reset, the backend will make it unschedulable.</li><li id="cce_10_0003__li49618284552">Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.</li><li id="cce_10_0003__li551825451813">Resetting a node will cause PVC/PV data loss for the <a href="cce_10_0391.html">local PV</a> associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the reset node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0003__section13505122310576"><h4 class="sectiontitle">Resetting Nodes in the Default Pool</h4><ol id="cce_10_0003__ol19107956331"><li id="cce_10_0003__li12107195613316"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0003__li314420611592"><span>In the navigation pane, choose <span class="uicontrol" id="cce_10_0003__uicontrol226720045103631"><b>Nodes</b></span>. On the displayed page, click the <strong id="cce_10_0003__b200115353103631">Nodes</strong> tab.</span></li><li id="cce_10_0003__li36690501449"><span>In the node list of the default pool, select one or more nodes to be reset and choose <strong id="cce_10_0003__b75704965116">More</strong> > <strong id="cce_10_0003__b4241551145119">Reset Node</strong> in the <strong id="cce_10_0003__b9468195465310">Operation</strong> column.</span></li><li id="cce_10_0003__li2062015811615"><span>In the displayed dialog box, click <strong id="cce_10_0003__b143401521627">Next</strong>.</span></li><li id="cce_10_0003__li1646785611239"><span>Specify node parameters.</span><p><div class="p" id="cce_10_0003__en-us_topic_0000001244141037_p67901445163816"><strong id="cce_10_0003__b31796610207">Compute Settings</strong>
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0003__en-us_topic_0000001244141037_table0668137185810" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration parameters</caption><thead align="left"><tr id="cce_10_0003__en-us_topic_0000001244141037_row46680715812"><th align="left" class="cellrowborder" valign="top" width="20.02%" id="mcps1.3.4.2.5.2.1.2.2.3.1.1"><p id="cce_10_0003__en-us_topic_0000001244141037_p186688710581">Parameter</p>
|
||||
@ -67,9 +67,10 @@
|
||||
</tr>
|
||||
<tr id="cce_10_0003__cce_10_0198_row1966913718588"><td class="cellrowborder" valign="top" width="20.02%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.1 "><p id="cce_10_0003__cce_10_0198_p0669147185817">Data Disk</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.2 "><ul id="cce_10_0003__cce_10_0198_ul184351126605"><li id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_li103472126407"><strong id="cce_10_0003__cce_10_0198_b53311531183510">At least one default data disk must be added</strong> for storing container runtime and kubelet components if <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol113317316358"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol12331831193518"><b>Data Disk</b></span>. <strong id="cce_10_0003__cce_10_0198_b1633103163515">This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</strong> This function is available for clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0.</li><li id="cce_10_0003__cce_10_0198_en-us_topic_0000001199021246_li18830161664015">If <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol16275444867446"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol5641816837446"><b>System Disk</b></span>, you do not need to add a default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB. This function is available for clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later versions.</li></ul>
|
||||
<p id="cce_10_0003__cce_10_0198_p3752312011">Click <strong id="cce_10_0003__cce_10_0198_b513813367555">Expand</strong> to configure <strong id="cce_10_0003__cce_10_0198_b13265825195416">Data Disk Space Allocation</strong>. This allocates space for container engines, images, and ephemeral storage to ensure their proper running. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</p>
|
||||
<p id="cce_10_0003__cce_10_0198_p1391618153118">For other data disks, a raw disk is created without any processing by default. You can also click <strong id="cce_10_0003__cce_10_0198_b16127101911540">Expand</strong> and select <strong id="cce_10_0003__cce_10_0198_b21351519135417">Mount Disk</strong> to mount the data disk to a specified directory. Data disks can also be used as <a href="cce_10_0391.html">local PVs</a> or <a href="cce_10_0726.html">local EVs</a>.</p>
|
||||
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.4.2.5.2.3.1.2.3.1.2 "><p id="cce_10_0003__cce_10_0198_p17207615113820"><strong id="cce_10_0003__cce_10_0198_b18519306218">At least one data disk is required</strong> for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. <strong id="cce_10_0003__cce_10_0198_b17851123017214">This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.</strong></p>
|
||||
<p id="cce_10_0003__cce_10_0198_p16639453192911">In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol138446827241742"><b>System Component Storage</b></span> is set to <span class="uicontrol" id="cce_10_0003__cce_10_0198_uicontrol130024400641742"><b>System Disk</b></span>, you have the option not to add the default data disk.</p>
|
||||
<p id="cce_10_0003__cce_10_0198_p3752312011">Click <strong id="cce_10_0003__cce_10_0198_b513813367555">Expand</strong> to configure <strong id="cce_10_0003__cce_10_0198_b13265825195416">Data Disk Space Allocation</strong>, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</p>
|
||||
<p id="cce_10_0003__cce_10_0198_p1391618153118">For other data disks, a raw disk is created without any processing by default. You can also click <strong id="cce_10_0003__cce_10_0198_b16127101911540">Expand</strong> and select <strong id="cce_10_0003__cce_10_0198_b21351519135417">Mount Disk</strong> to mount the data disk to a specified directory. </p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
@ -86,7 +87,7 @@
|
||||
<tbody><tr id="cce_10_0003__en-us_topic_0000001244141037_row25394514014"><td class="cellrowborder" valign="top" width="23.66%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.1 "><p id="cce_10_0003__en-us_topic_0000001244141037_p25391859406">Resource Tag</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76.34%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.2 "><p id="cce_10_0003__en-us_topic_0000001244141037_p275333410342">You can add resource tags to classify resources. A maximum of eight resource tags can be added.</p>
|
||||
<p id="cce_10_0003__en-us_topic_0000001244141037_p117537347346">You can create <span class="uicontrol" id="cce_10_0003__en-us_topic_0000001244141037_uicontrol1975314345344"><b>predefined tags</b></span> on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. </p>
|
||||
<p id="cce_10_0003__en-us_topic_0000001244141037_p117537347346">You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. </p>
|
||||
<p id="cce_10_0003__en-us_topic_0000001244141037_p16753133419348">CCE will automatically create the <strong id="cce_10_0003__b955154034416">CCE-Dynamic-Provisioning-Node=</strong><em id="cce_10_0003__i69622340388">Node ID</em> tag.</p>
|
||||
</td>
|
||||
</tr>
|
||||
@ -106,7 +107,7 @@
|
||||
</tr>
|
||||
<tr id="cce_10_0003__en-us_topic_0000001244141037_row155390520404"><td class="cellrowborder" valign="top" width="23.66%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.1 "><p id="cce_10_0003__en-us_topic_0000001244141037_p054015516406">Max. Pods</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76.34%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.2 "><p id="cce_10_0003__en-us_topic_0000001244141037_p18611194424216">Maximum number of pods that can run on the node, including the default system pods. </p>
|
||||
<td class="cellrowborder" valign="top" width="76.34%" headers="mcps1.3.4.2.5.2.4.2.2.3.1.2 "><p id="cce_10_0003__en-us_topic_0000001244141037_p18611194424216">Maximum number of pods that can run on the node, including the default system pods.</p>
|
||||
<p id="cce_10_0003__en-us_topic_0000001244141037_p272611351429">This limit prevents the node from being overloaded with pods.</p>
|
||||
</td>
|
||||
</tr>
|
||||
@ -150,9 +151,9 @@
|
||||
<tr id="cce_10_0003__row127363012593"><td class="cellrowborder" valign="top" width="20.02%" headers="mcps1.3.5.3.4.2.1.2.3.1.1 "><p id="cce_10_0003__p67383005917">Data Disk</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="79.97999999999999%" headers="mcps1.3.5.3.4.2.1.2.3.1.2 "><p id="cce_10_0003__p03064368411">Configure advanced settings for each data disk.</p>
|
||||
<p id="cce_10_0003__p107314309596">For the <strong id="cce_10_0003__b740312810019">default data disk</strong>, click <strong id="cce_10_0003__b1640320813012">Expand</strong> to configure <strong id="cce_10_0003__b114041682013">Data Disk Space Allocation</strong>. This allocates space for container engines, images, and ephemeral storage to ensure their proper running. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</p>
|
||||
<p id="cce_10_0003__p1622814294610">For a <strong id="cce_10_0003__b107940351202">common data disk</strong>, click <strong id="cce_10_0003__b3795103518018">Expand</strong> and configure mount options.</p>
|
||||
<ul id="cce_10_0003__ul620114531568"><li id="cce_10_0003__li12201145310612"><strong id="cce_10_0003__b118375413015">Default</strong>: The data disk is attached as a raw disk without any settings.</li><li id="cce_10_0003__li61621841770"><strong id="cce_10_0003__b521235811010">Mount Disk</strong>: The data disk is attached to the service directory path. This parameter cannot be left blank or set to a key OS path such as the root directory.</li><li id="cce_10_0003__li139157151778"><strong id="cce_10_0003__b345592310110">Use as PV</strong>: The data disk is used as persistent storage volumes for PVCs. For details, see <a href="cce_10_0391.html">Local PVs</a>.</li><li id="cce_10_0003__li820115531269"><strong id="cce_10_0003__b191603551371">Use as ephemeral volume</strong>: The data disk is used as ephemeral storage volumes for PVCs. For details, see <a href="cce_10_0726.html">Local EV</a>.</li></ul>
|
||||
<p id="cce_10_0003__p107314309596">For the <strong id="cce_10_0003__b740312810019">default data disk</strong>, click <strong id="cce_10_0003__b1640320813012">Expand</strong> to configure <strong id="cce_10_0003__b114041682013">Data Disk Space Allocation</strong>, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see <a href="cce_10_0341.html">Space Allocation of a Data Disk</a>.</p>
|
||||
<p id="cce_10_0003__p1622814294610">For a <strong id="cce_10_0003__b107940351202">common data disk</strong>, click <strong id="cce_10_0003__b3795103518018">Expand</strong> and select attachment settings.</p>
|
||||
<ul id="cce_10_0003__ul620114531568"><li id="cce_10_0003__li12201145310612"><strong id="cce_10_0003__b118375413015">Default</strong>: The data disk is attached as a raw disk without any settings.</li><li id="cce_10_0003__li61621841770"><strong id="cce_10_0003__b521235811010">Mount Disk</strong>: The data disk is attached to the service directory path. This parameter cannot be left blank or set to a key OS path such as the root directory.</li><li id="cce_10_0003__li139157151778"><strong id="cce_10_0003__b345592310110">Use as PV</strong>: The data disk is used as persistent storage volumes for PVCs. For details, see <a href="cce_10_0391.html">Local PVs</a>.</li><li id="cce_10_0003__li820115531269"><strong id="cce_10_0003__b191603551371">Use as ephemeral volume</strong>: The data disk is used as ephemeral storage volumes for PVCs. For details, see <a href="cce_10_0726.html">Using a Local EV</a>.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
@ -105,7 +105,7 @@
|
||||
<ol id="cce_10_0007__en-us_topic_0107283638_ol1188315418332"><li id="cce_10_0007__en-us_topic_0107283638_li1388334119335"><span>Log in to the CCE console, go to an existing cluster, and choose <strong id="cce_10_0007__b11769141672918">Workloads</strong> in the navigation pane.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li1588424111338"><span>Click the <strong id="cce_10_0007__b199921814299">Deployments</strong> tab and choose <strong id="cce_10_0007__b1799951820293">More</strong> > <strong id="cce_10_0007__b17031913299">Disable/Enable Upgrade</strong> in the <strong id="cce_10_0007__b180719162911">Operation</strong> column of the workload.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li1288404118334"><span>In the dialog box that is displayed, click <strong id="cce_10_0007__b1688621162914">Yes</strong>.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0007__en-us_topic_0107283638_section5931193015488"><a name="cce_10_0007__en-us_topic_0107283638_section5931193015488"></a><a name="en-us_topic_0107283638_section5931193015488"></a><h4 class="sectiontitle">Managing Labels</h4><p id="cce_10_0007__en-us_topic_0107283638_p13735621112611">Labels are key-value pairs and can be attached to workloads. You can manage and select workloads by labels. You can add labels to multiple workloads or a specified workload.</p>
|
||||
<ol id="cce_10_0007__en-us_topic_0107283638_ol6251112511220"><li id="cce_10_0007__en-us_topic_0107283638_li53548551606"><span>Log in to the CCE console, go to an existing cluster, and choose <strong id="cce_10_0007__b1335702382915">Workloads</strong> in the navigation pane.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li22871259152611"><span>Click the <strong id="cce_10_0007__b1838219256291">Deployments</strong> tab and choose <strong id="cce_10_0007__b4383162552919">More</strong> > <strong id="cce_10_0007__b2383225142917">Manage Label</strong> in the <strong id="cce_10_0007__b18383182512912">Operation</strong> column of the target workload.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li47616189277"><span>Click <span><img id="cce_10_0007__image3143153919236" src="en-us_image_0000002253620001.png"></span>, enter a key and a value, and click <span class="uicontrol" id="cce_10_0007__uicontrol1277618274294"><b>OK</b></span>.</span><p><div class="note" id="cce_10_0007__en-us_topic_0107283638_note163751811133416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0007__en-us_topic_0107283638_p03751011133411">A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.</p>
|
||||
<ol id="cce_10_0007__en-us_topic_0107283638_ol6251112511220"><li id="cce_10_0007__en-us_topic_0107283638_li53548551606"><span>Log in to the CCE console, go to an existing cluster, and choose <strong id="cce_10_0007__b1335702382915">Workloads</strong> in the navigation pane.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li22871259152611"><span>Click the <strong id="cce_10_0007__b1838219256291">Deployments</strong> tab and choose <strong id="cce_10_0007__b4383162552919">More</strong> > <strong id="cce_10_0007__b2383225142917">Manage Label</strong> in the <strong id="cce_10_0007__b18383182512912">Operation</strong> column of the target workload.</span></li><li id="cce_10_0007__en-us_topic_0107283638_li47616189277"><span>Click <span><img id="cce_10_0007__image3143153919236" src="en-us_image_0000002065638710.png"></span>, enter a key and a value, and click <span class="uicontrol" id="cce_10_0007__uicontrol1277618274294"><b>OK</b></span>.</span><p><div class="note" id="cce_10_0007__en-us_topic_0107283638_note163751811133416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0007__en-us_topic_0107283638_p03751011133411">A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.</p>
|
||||
</div></div>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
<p id="cce_10_0009__p819111064514">Enter the username and password used to access the third-party image repository.</p>
|
||||
</p></li><li id="cce_10_0009__li13221161713456"><span>When creating a workload, enter a private image path in the format of <em id="cce_10_0009__i127371150203116">domainname/namespace/imagename:tag</em> in <span class="uicontrol" id="cce_10_0009__uicontrol153963238313"><b>Image Name</b></span> and select the key created in <a href="#cce_10_0009__li16481144064414">1</a>.</span></li><li id="cce_10_0009__li1682113518595"><span>Set other parameters and click <span class="uicontrol" id="cce_10_0009__uicontrol14664142510020"><b>Create Workload</b></span>.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0009__section18217101117197"><h4 class="sectiontitle">Using kubectl</h4><ol id="cce_10_0009__ol84677271516"><li id="cce_10_0009__li2338171784610"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0009__li54671627213"><span>Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.</span><p><pre class="screen" id="cce_10_0009__screen1466527017">kubectl create secret docker-registry <i><span class="varname" id="cce_10_0009__varname20740165882418">myregistrykey</span></i> -n <i><span class="varname" id="cce_10_0009__varname846884372519">default</span></i> --docker-server=<i><span class="varname" id="cce_10_0009__varname153949106259">DOCKER_REGISTRY_SERVER</span></i> --docker-username=<i><span class="varname" id="cce_10_0009__varname6836161311251">DOCKER_USER</span></i> --docker-password=<i><span class="varname" id="cce_10_0009__varname321011555243">DOCKER_PASSWORD</span></i> --docker-email=<i><span class="varname" id="cce_10_0009__varname17516111722514">DOCKER_EMAIL</span></i></pre>
|
||||
<div class="section" id="cce_10_0009__section18217101117197"><h4 class="sectiontitle">Using kubectl</h4><ol id="cce_10_0009__ol84677271516"><li id="cce_10_0009__li2338171784610"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0009__li54671627213"><span>Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.</span><p><pre class="screen" id="cce_10_0009__screen1466527017">kubectl create secret docker-registry <i><span class="varname" id="cce_10_0009__varname20740165882418">myregistrykey</span></i> -n <i><span class="varname" id="cce_10_0009__varname846884372519">default</span></i> --docker-server=<i><span class="varname" id="cce_10_0009__varname153949106259">DOCKER_REGISTRY_SERVER</span></i> --docker-username=<i><span class="varname" id="cce_10_0009__varname6836161311251">DOCKER_USER</span></i> --docker-password=<i><span class="varname" id="cce_10_0009__varname321011555243">DOCKER_PASSWORD</span></i> --docker-email=<i><span class="varname" id="cce_10_0009__varname17516111722514">DOCKER_EMAIL</span></i></pre>
|
||||
<p id="cce_10_0009__p164665271714">In the preceding command, <em id="cce_10_0009__i18443812102618">myregistrykey</em> indicates the key name, <em id="cce_10_0009__i8904529112612">default</em> indicates the namespace where the key is located, and other parameters are as follows:</p>
|
||||
<ul id="cce_10_0009__ul84670278112"><li id="cce_10_0009__li4467142711112"><strong id="cce_10_0009__b640184594119">DOCKER_REGISTRY_SERVER</strong>: address of a third-party image repository, for example, <strong id="cce_10_0009__b240104584114">www.3rdregistry.com</strong> or <strong id="cce_10_0009__b1440215458415">10.10.10.10:443</strong></li><li id="cce_10_0009__li13467127716"><strong id="cce_10_0009__b164021745114117">DOCKER_USER</strong>: account used for logging in to a third-party image repository</li><li id="cce_10_0009__li746782712110"><strong id="cce_10_0009__b1539245574117">DOCKER</strong><strong id="cce_10_0009__b4392185511418">_PASSWORD</strong>: password used for logging in to a third-party image repository</li><li id="cce_10_0009__li1546712278117"><strong id="cce_10_0009__b10402845154110">DOCKER_EMAIL</strong>: email of a third-party image repository</li></ul>
|
||||
</p></li><li id="cce_10_0009__li161523518110"><span>Use a third-party image to create a workload.</span><p><div class="p" id="cce_10_0009__p13583471429">A kubernetes.io/dockerconfigjson secret is used for authentication when you obtain a private image. The following is an example of using the myregistrykey for authentication.<pre class="screen" id="cce_10_0009__screen0583771125">apiVersion: v1
|
||||
|
||||
@ -4,11 +4,11 @@
|
||||
<div id="body1522665832344"><p id="cce_10_0010__p13310145119810">You can learn about a cluster network from the following two aspects:</p>
|
||||
<ul id="cce_10_0010__ul65247121891"><li id="cce_10_0010__li14524161214917">What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are running on the nodes. Nodes and containers need to communicate with each other. For details about the cluster network types and their functions, see <a href="#cce_10_0010__section1131733719195">Cluster Network Structure</a>.</li><li id="cce_10_0010__li55241612391">How is pod access implemented in a cluster? Accessing a pod or container is a process of accessing services of a user. Kubernetes provides <a href="#cce_10_0010__section1860619221134">Service</a> and <a href="#cce_10_0010__section1248852094313">Ingress</a> to address pod access issues. This section summarizes common network access scenarios. You can select the proper scenario based on site requirements. For details about the network access scenarios, see <a href="#cce_10_0010__section1286493159">Access Scenarios</a>.</li></ul>
|
||||
<div class="section" id="cce_10_0010__section1131733719195"><a name="cce_10_0010__section1131733719195"></a><a name="section1131733719195"></a><h4 class="sectiontitle">Cluster Network Structure</h4><p id="cce_10_0010__p3299181794916">All nodes in the cluster are located in a VPC and use the VPC network. The container network is managed by dedicated network add-ons.</p>
|
||||
<p id="cce_10_0010__p452843519446"><span><img id="cce_10_0010__image94831936164418" src="en-us_image_0000002218819838.png"></span></p>
|
||||
<ul id="cce_10_0010__ul1916179122617"><li id="cce_10_0010__li13455145754315"><strong id="cce_10_0010__b19468105563811">Node Network</strong><p id="cce_10_0010__p17682193014812">A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This number is also affected by the container network. For details, see the container network model.</p>
|
||||
<p id="cce_10_0010__p452843519446"><span><img id="cce_10_0010__image94831936164418" src="en-us_image_0000002101597285.png"></span></p>
|
||||
<ul id="cce_10_0010__ul1916179122617"><li id="cce_10_0010__li13455145754315"><strong id="cce_10_0010__b19468105563811">Node Network</strong><p id="cce_10_0010__p17682193014812">A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.</p>
|
||||
</li><li id="cce_10_0010__li16131141644715"><strong id="cce_10_0010__b1975815172433">Container Network</strong><p id="cce_10_0010__p523322010499">A container network assigns IP addresses to pods in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.</p>
|
||||
<p id="cce_10_0010__p3753153443514">Currently, CCE supports the following container network models:</p>
|
||||
<ul id="cce_10_0010__ul1751111534368"><li id="cce_10_0010__li133611549182410">Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.</li><li id="cce_10_0010__li285944033514">VPC network: The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. Each node is assigned a CIDR block of a fixed size. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.</li><li id="cce_10_0010__li5395140132618">Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.</li></ul>
|
||||
<ul id="cce_10_0010__ul1751111534368"><li id="cce_10_0010__li133611549182410">Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.</li><li id="cce_10_0010__li285944033514">VPC network: The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. Each node is assigned a CIDR block of a fixed size. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.</li><li id="cce_10_0010__li5395140132618">Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.</li></ul>
|
||||
<p id="cce_10_0010__p397482011109">The performance, networking scale, and application scenarios of a container network vary according to the container network model. For details about the functions and features of different container network models, see <a href="cce_10_0281.html">Overview</a>.</p>
|
||||
</li><li id="cce_10_0010__li9139522183714"><strong id="cce_10_0010__b1885317214113">Service Network</strong><p id="cce_10_0010__p584703114499">Service is also a Kubernetes object. Each Service has a static IP address. When creating a cluster on CCE, you can specify the Service CIDR block. The Service CIDR block cannot overlap with the node or container CIDR block. The Service CIDR block can be used only within a cluster.</p>
|
||||
</li></ul>
|
||||
@ -25,9 +25,9 @@
|
||||
</div>
|
||||
<div class="section" id="cce_10_0010__section1286493159"><a name="cce_10_0010__section1286493159"></a><a name="section1286493159"></a><h4 class="sectiontitle">Access Scenarios</h4><p id="cce_10_0010__p1558001514155">Workload access scenarios can be categorized as follows:</p>
|
||||
<ul id="cce_10_0010__ul125010117542"><li id="cce_10_0010__li1466355519018">Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.</li><li id="cce_10_0010__li1014011111110">Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.<ul id="cce_10_0010__ul101426119117"><li id="cce_10_0010__li8904911447">Access through the public network: An EIP should be bound to the node or load balancer.</li><li id="cce_10_0010__li2501311125411">Access through the private network: The workload can be accessed through the internal IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.</li></ul>
|
||||
</li><li id="cce_10_0010__li1066365520014">The workload can access the external network as follows:<ul id="cce_10_0010__ul17529512239"><li id="cce_10_0010__li26601017165619">Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block.</li><li id="cce_10_0010__li8257105318237">Accessing a public network: Assign an EIP to the node where the workload runs (when a VPC network or tunnel network is used), bind an EIP to the pod IP address (when Cloud Native Network 2.0 is used), or configure SNAT rules through the NAT gateway. For details, see <a href="cce_10_0400.html">Accessing the Internet from a Container</a>.</li></ul>
|
||||
</li><li id="cce_10_0010__li1066365520014">The workload can access the external network as follows:<ul id="cce_10_0010__ul17529512239"><li id="cce_10_0010__li26601017165619">Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block.</li><li id="cce_10_0010__li8257105318237">Accessing a public network: Assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see <a href="cce_10_0400.html">Accessing the Internet from a Container</a>.</li></ul>
|
||||
</li></ul>
|
||||
<div class="fignone" id="cce_10_0010__fig13795829151515"><span class="figcap"><b>Figure 3 </b>Network access diagram</span><br><span><img id="cce_10_0010__image445972519529" src="en-us_image_0000002253619737.png"></span></div>
|
||||
<div class="fignone" id="cce_10_0010__fig13795829151515"><span class="figcap"><b>Figure 3 </b>Network access diagram</span><br><span><img id="cce_10_0010__image445972519529" src="en-us_image_0000002101678773.png"></span></div>
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -18,13 +18,13 @@
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0831.html">Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0684.html">Configuring Health Check on Multiple LoadBalancer Service Ports</a></strong><br>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0684.html">Configuring Health Check on Multiple Ports of a LoadBalancer Service</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0355.html">Configuring Passthrough Networking for a LoadBalancer Service</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0916.html">Enabling a LoadBalancer Service to Obtain the Client IP Address</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0924.html">Changing a Custom EIP for a LoadBalancer Service</a></strong><br>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0924.html">Configuring a Custom EIP for a LoadBalancer Service</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0685.html">Setting the Pod Ready Status Through the ELB Health Check</a></strong><br>
|
||||
</li>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -28,7 +28,7 @@ data:
|
||||
<p id="cce_10_0016__p413944715257">If the output is the same as the content in the secret, the secret has been set as an environment variable of the workload.</p>
|
||||
</p></li></ol>
|
||||
<p id="cce_10_0016__p2562105044215"><strong id="cce_10_0016__b6015467293411">Using kubectl</strong></p>
|
||||
<ol id="cce_10_0016__ol6921167164"><li id="cce_10_0016__li159211618168"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0016__li10921362161"><span>Create a file named <strong id="cce_10_0016__b1059510157499">nginx-secret.yaml</strong> and edit it.</span><p><pre class="screen" id="cce_10_0016__screen18276152918442">vi nginx-secret.yaml</pre>
|
||||
<ol id="cce_10_0016__ol6921167164"><li id="cce_10_0016__li159211618168"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0016__li10921362161"><span>Create a file named <strong id="cce_10_0016__b1059510157499">nginx-secret.yaml</strong> and edit it.</span><p><p id="cce_10_0016__p1492110621619"><strong id="cce_10_0016__b192116619168">vi nginx-secret.yaml</strong></p>
|
||||
<p id="cce_10_0016__p192114614169">Content of the YAML file:</p>
|
||||
<ul id="cce_10_0016__ul11105134234513"><li id="cce_10_0016__li6846103416564"><strong id="cce_10_0016__b1715838155610">Added from secret</strong>: To add all data in a secret to environment variables, use the <strong id="cce_10_0016__b415816875619">envFrom</strong> parameter. The keys in the secret will become names of environment variables in a workload.<pre class="screen" id="cce_10_0016__screen104944321312">apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@ -83,7 +83,7 @@ spec:
|
||||
imagePullSecrets:
|
||||
- name: default-secret</pre>
|
||||
</li></ul>
|
||||
</p></li><li id="cce_10_0016__li788331518303"><span>Create a workload.</span><p><pre class="screen" id="cce_10_0016__screen1941819415442">kubectl apply -f nginx-secret.yaml</pre>
|
||||
</p></li><li id="cce_10_0016__li788331518303"><span>Create a workload.</span><p><p id="cce_10_0016__p3315182011255"><strong id="cce_10_0016__b56467233250">kubectl apply -f nginx-secret.yaml</strong></p>
|
||||
</p></li><li id="cce_10_0016__li122061852125612"><span>View the environment variables in the pod.</span><p><ol type="a" id="cce_10_0016__ol15446171295717"><li id="cce_10_0016__li1467620112574">Run the following command to view the created pod:<pre class="screen" id="cce_10_0016__screen156898195914">kubectl get pod | grep nginx-secret</pre>
|
||||
<div class="p" id="cce_10_0016__p18257204595920">Expected output:<pre class="screen" id="cce_10_0016__screen7944553592">nginx-secret-*** 1/1 Running 0 2m18s</pre>
|
||||
</div>
|
||||
@ -119,7 +119,7 @@ spec:
|
||||
<tr id="cce_10_0016__row1513114150251"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.8.4.3.2.1.2.3.1.1 "><p id="cce_10_0016__p2345192619215">Subpath</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="85%" headers="mcps1.3.8.4.3.2.1.2.3.1.2 "><p id="cce_10_0016__p199608476216">Enter a subpath of the mount path.</p>
|
||||
<ul id="cce_10_0016__ul92301146622"><li id="cce_10_0016__li823017469215">A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.</li><li id="cce_10_0016__li102311346420">The subpath can be the key and value of a secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.</li><li id="cce_10_0016__li112312463217">The data imported by specifying a subpath will not be updated along with the secret updates.</li></ul>
|
||||
<ul id="cce_10_0016__ul92301146622"><li id="cce_10_0016__li823017469215">A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.</li><li id="cce_10_0016__li102311346420">The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.</li><li id="cce_10_0016__li112312463217">The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0016__row561113158259"><td class="cellrowborder" valign="top" width="15%" headers="mcps1.3.8.4.3.2.1.2.3.1.1 "><p id="cce_10_0016__p1133273015218">Permission</p>
|
||||
@ -136,7 +136,7 @@ spec:
|
||||
<p id="cce_10_0016__p151342044102718">The expected output is the same as the content in the secret.</p>
|
||||
</p></li></ol>
|
||||
<p id="cce_10_0016__p146758020252"><strong id="cce_10_0016__b9979523373411">Using kubectl</strong></p>
|
||||
<ol id="cce_10_0016__ol1392823394416"><li id="cce_10_0016__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0016__li1020013819415"><span>Create a file named <strong id="cce_10_0016__b10773122084914">nginx-secret.yaml</strong> and edit it.</span><p><pre class="screen" id="cce_10_0016__screen369965515440">vi nginx-secret.yaml</pre>
|
||||
<ol id="cce_10_0016__ol1392823394416"><li id="cce_10_0016__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0016__li1020013819415"><span>Create a file named <strong id="cce_10_0016__b10773122084914">nginx-secret.yaml</strong> and edit it.</span><p><p id="cce_10_0016__p106999147413"><strong id="cce_10_0016__b6469155655719">vi nginx-secret.yaml</strong></p>
|
||||
<div class="p" id="cce_10_0016__p9949138153913">In the following example, the username and password in the <strong id="cce_10_0016__b14926152314461">mysecret</strong> secret are saved in the <strong id="cce_10_0016__b8927122313461">/etc/foo</strong> directory as files.<pre class="screen" id="cce_10_0016__screen11489958268">apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -155,15 +155,15 @@ spec:
|
||||
- name: container-1
|
||||
image: nginx:latest
|
||||
volumeMounts:
|
||||
- name: foo
|
||||
- name: foo
|
||||
<strong id="cce_10_0016__b18575135753213">mountPath: <i><span class="varname" id="cce_10_0016__varname4119192103311">/etc/foo</span></i></strong> # Mount to the <strong id="cce_10_0016__b1447725184717">/etc/foo</strong> directory.
|
||||
readOnly: true
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: foo
|
||||
secret:
|
||||
<strong id="cce_10_0016__b36219545326">secretName: <i><span class="varname" id="cce_10_0016__varname349176133315">mysecret</span></i></strong> # Name of the referenced secret.</pre>
|
||||
</div>
|
||||
<div class="p" id="cce_10_0016__p0584145214576">You can also use the <strong id="cce_10_0016__b9112142711143">items</strong> field to control the mapping path of secret keys. For example, store username in the <strong id="cce_10_0016__b11522419143">/etc/foo/my-group/my-username</strong> directory in the container.<div class="note" id="cce_10_0016__note24861219212"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0016__ul1161238410"><li id="cce_10_0016__li116153444">If you use the <strong id="cce_10_0016__b1735161011513">items</strong> field to specify the mapping path of the secret keys, the keys that are not specified will not be created as files. For example, if the <strong id="cce_10_0016__b319210431615">password</strong> key in the following example is not specified, the file will not be created.</li><li id="cce_10_0016__li2474193111412">If you want to use all keys in a secret, you must list all keys in the <strong id="cce_10_0016__b951512816165">items</strong> field.</li><li id="cce_10_0016__li2478216656">All keys listed in <strong id="cce_10_0016__b156241335151616">items</strong> must exist in target secrets. Otherwise, the volume is not created.</li></ul>
|
||||
<div class="p" id="cce_10_0016__p0584145214576">You can also use the <strong id="cce_10_0016__b9112142711143">items</strong> field to control the mapping path of secret keys. For example, store username in the <strong id="cce_10_0016__b11522419143">/etc/foo/my-group/my-username</strong> directory in the container.<div class="note" id="cce_10_0016__note24861219212"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0016__ul1161238410"><li id="cce_10_0016__li116153444">If you use the <strong id="cce_10_0016__b1735161011513">items</strong> field to specify the mapping path of the secret keys, the keys that are not specified will not be created as files. For example, if the <strong id="cce_10_0016__b319210431615">password</strong> key in the following example is not specified, the file will not be created.</li><li id="cce_10_0016__li2474193111412">If you want to use all keys in a secret, you must list all keys in the <strong id="cce_10_0016__b951512816165">items</strong> field.</li><li id="cce_10_0016__li2478216656">All keys listed in the <strong id="cce_10_0016__b156241335151616">items</strong> field must exist in the corresponding secret. Otherwise, the volume is not created.</li></ul>
|
||||
</div></div>
|
||||
<pre class="screen" id="cce_10_0016__screen188391528598">apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@ -183,9 +183,9 @@ spec:
|
||||
- name: container-1
|
||||
image: nginx:latest
|
||||
volumeMounts:
|
||||
- name: foo
|
||||
- name: foo
|
||||
<strong id="cce_10_0016__b1484262414471">mountPath: <i><span class="varname" id="cce_10_0016__varname188424242475">/etc/foo</span></i></strong> # Mount to the <strong id="cce_10_0016__b1084212424710">/etc/foo</strong> directory.
|
||||
readOnly: true
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: foo
|
||||
secret:
|
||||
@ -194,8 +194,8 @@ spec:
|
||||
<strong id="cce_10_0016__b1281104895917"> - key: <i><span class="varname" id="cce_10_0016__varname378295716596">username</span></i></strong> # Name of the referenced key.
|
||||
<strong id="cce_10_0016__b8812648175913"> path: <i><span class="varname" id="cce_10_0016__varname47351403019">my-group/my-username</span></i></strong> # Mapping path of the secret key</pre>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0016__li495018318575"><span>Create a workload.</span><p><pre class="screen" id="cce_10_0016__screen107461411104413">kubectl apply -f nginx-secret.yaml</pre>
|
||||
</p></li><li id="cce_10_0016__li1274142215365"><span>After the workload runs properly, the <strong id="cce_10_0016__b10278740101718">username</strong> and <strong id="cce_10_0016__b82791940161710">password</strong> files will be generated in the <strong id="cce_10_0016__b1028164041719">/etc/foo</strong> directory.</span><p><ol type="a" id="cce_10_0016__ol1741321912365"><li id="cce_10_0016__li144131419153619">Run the following command to view the created pod:<pre class="screen" id="cce_10_0016__screen3413111914364">kubectl get pod | grep nginx-secret</pre>
|
||||
</p></li><li id="cce_10_0016__li495018318575"><span>Create a workload.</span><p><p id="cce_10_0016__p2955123118577"><strong id="cce_10_0016__b1695511311579">kubectl apply -f nginx-secret.yaml</strong></p>
|
||||
</p></li><li id="cce_10_0016__li1274142215365"><span>After the workload runs properly, the <strong id="cce_10_0016__b10278740101718">username</strong> and <strong id="cce_10_0016__b82791940161710">password</strong> files are generated in the <strong id="cce_10_0016__b1028164041719">/etc/foo</strong> directory.</span><p><ol type="a" id="cce_10_0016__ol1741321912365"><li id="cce_10_0016__li144131419153619">Run the following command to view the created pod:<pre class="screen" id="cce_10_0016__screen3413111914364">kubectl get pod | grep nginx-secret</pre>
|
||||
<div class="p" id="cce_10_0016__p1641311983616">Expected output:<pre class="screen" id="cce_10_0016__screen54139198367">nginx-secret-*** 1/1 Running 0 2m18s</pre>
|
||||
</div>
|
||||
</li><li id="cce_10_0016__li1341318199369">Run the following command to view the <strong id="cce_10_0016__b4613214181814">username</strong> or <strong id="cce_10_0016__b6614121431810">password</strong> file in the pod:<pre class="screen" id="cce_10_0016__screen4413161973617">kubectl exec <i><span class="varname" id="cce_10_0016__varname841331963619">nginx-secret-***</span></i> -- cat /etc/foo/username</pre>
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
<div id="body1522667123001"><p id="cce_10_0018__p78381781804">CCE works with AOM to collect workload logs. When a node is created, ICAgent (a DaemonSet named <strong id="cce_10_0018__b13829819578">icagent</strong> in the <strong id="cce_10_0018__b697274313582">kube-system</strong> namespace of a cluster) of AOM is installed by default. ICAgent collects workload logs and reports them to AOM. You can view workload logs on the CCE or AOM console.</p>
|
||||
<div class="section" id="cce_10_0018__section17884754413"><h4 class="sectiontitle">Constraints</h4><p id="cce_10_0018__p23831558355">ICAgent only collects text logs in .log, .trace, and .out formats.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0018__section1951732710"><h4 class="sectiontitle">Using ICAgent to Collect Logs</h4><ol id="cce_10_0018__ol1253654833013"><li id="cce_10_0018__li19284854163014"><span>When <a href="cce_10_0047.html">creating a workload</a>, set logging for the container.</span></li><li id="cce_10_0018__li2427158104715"><span>Click <span><img id="cce_10_0018__image134281583473" src="en-us_image_0000002218820458.png"></span> to add a log policy.</span><p><p id="cce_10_0018__p9862125810472">The following uses Nginx as an example. Log policies vary depending on workloads.</p>
|
||||
<div class="section" id="cce_10_0018__section1951732710"><h4 class="sectiontitle">Using ICAgent to Collect Logs</h4><ol id="cce_10_0018__ol1253654833013"><li id="cce_10_0018__li19284854163014"><span>When <a href="cce_10_0047.html">creating a workload</a>, set logging for the container.</span></li><li id="cce_10_0018__li2427158104715"><span>Click <span><img id="cce_10_0018__image134281583473" src="en-us_image_0000002065639042.png"></span> to add a log policy.</span><p><p id="cce_10_0018__p9862125810472">The following uses Nginx as an example. Log policies vary depending on workloads.</p>
|
||||
</p></li><li id="cce_10_0018__li1479392315150"><span>Set <strong id="cce_10_0018__b5461630195419">Volume Type</strong> to <span class="uicontrol" id="cce_10_0018__uicontrol105212302547"><b>hostPath</b></span> or <span class="uicontrol" id="cce_10_0018__uicontrol1752103095410"><b>emptyDir</b></span>.</span><p>
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0018__table115901715550" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuring log policies</caption><thead align="left"><tr id="cce_10_0018__row45851074554"><th align="left" class="cellrowborder" valign="top" width="22.12%" id="mcps1.3.3.2.3.2.1.2.3.1.1"><p id="cce_10_0018__p115843785517">Parameter</p>
|
||||
</th>
|
||||
@ -42,7 +42,7 @@
|
||||
<td class="cellrowborder" valign="top" width="77.88000000000001%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="cce_10_0018__p157615551480">A collection path narrows down the scope of collection to specified logs. </p>
|
||||
<ul id="cce_10_0018__ul1676055194810"><li id="cce_10_0018__li2761555134814">If no collection path is specified, log files in <strong id="cce_10_0018__b471281022817">.log</strong>, <strong id="cce_10_0018__b1171218102289">.trace</strong>, and <strong id="cce_10_0018__b1671221022818">.out</strong> formats will be collected from the specified path.</li><li id="cce_10_0018__li13761955144810"><strong id="cce_10_0018__b71586376261">/Path/**/</strong> indicates that all log files in <strong id="cce_10_0018__b559191242719">.log</strong>, <strong id="cce_10_0018__b1515321718274">.trace</strong>, and <strong id="cce_10_0018__b1766462192711">.out</strong> formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.</li><li id="cce_10_0018__li27745518483">* in log file names indicates a fuzzy match.</li></ul>
|
||||
<p id="cce_10_0018__p197795574820">Example: The collection path <strong id="cce_10_0018__b591619449318">/tmp/**/test*.log</strong> indicates that all <strong id="cce_10_0018__b4875453173116">.log</strong> files prefixed with <strong id="cce_10_0018__b1651618112234">test</strong> will be collected from <strong id="cce_10_0018__b442040193212">/tmp</strong> and subdirectories at 5 levels deep.</p>
|
||||
<div class="caution" id="cce_10_0018__note1039671516135"><span class="cautiontitle"> CAUTION: </span><div class="cautionbody"><p id="cce_10_0018__p5396171516138">Ensure that ICAgent is of version 5.12.22 or later.</p>
|
||||
<div class="caution" id="cce_10_0018__note1039671516135"><span class="cautiontitle"> CAUTION: </span><div class="cautionbody"><p id="cce_10_0018__p5396171516138">Ensure that ICAgent is of v5.12.22 or later.</p>
|
||||
</div></div>
|
||||
</td>
|
||||
</tr>
|
||||
@ -154,8 +154,8 @@ spec:
|
||||
<td class="cellrowborder" valign="top" width="19.23%" headers="mcps1.3.4.7.2.4.1.2 "><p id="cce_10_0018__p6329709512">Extended host path</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="63.71%" headers="mcps1.3.4.7.2.4.1.3 "><p id="cce_10_0018__p32881805119">Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.</p>
|
||||
<p id="cce_10_0018__p1728888115112">A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single <span class="keyword" id="cce_10_0018__keyword2086484341">Pod</span>.</p>
|
||||
<ul id="cce_10_0018__ul2028828105113"><li id="cce_10_0018__li428815865110"><strong id="cce_10_0018__b1545738741">None</strong>: No extended path is configured. </li><li id="cce_10_0018__li62889814517"><strong id="cce_10_0018__b336551886">PodUID</strong>: ID of a pod.</li><li id="cce_10_0018__li528818135113"><strong id="cce_10_0018__b699631887">PodName</strong>: name of a pod.</li><li id="cce_10_0018__li62882084517"><strong id="cce_10_0018__b1011057369">PodUID/ContainerName</strong>: ID of a pod or name of a container.</li><li id="cce_10_0018__li528898175110"><strong id="cce_10_0018__b8818125942116">PodName/ContainerName</strong>: name of a pod or container.</li></ul>
|
||||
<p id="cce_10_0018__p1728888115112">A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single <span class="keyword" id="cce_10_0018__keyword1126675436">Pod</span>.</p>
|
||||
<ul id="cce_10_0018__ul2028828105113"><li id="cce_10_0018__li428815865110"><strong id="cce_10_0018__b157376074">None</strong>: No extended path is configured. </li><li id="cce_10_0018__li62889814517"><strong id="cce_10_0018__b1606015244">PodUID</strong>: ID of a pod.</li><li id="cce_10_0018__li528818135113"><strong id="cce_10_0018__b680447047">PodName</strong>: name of a pod.</li><li id="cce_10_0018__li62882084517"><strong id="cce_10_0018__b678547011">PodUID/ContainerName</strong>: ID of a pod or name of a container.</li><li id="cce_10_0018__li528898175110"><strong id="cce_10_0018__b8818125942116">PodName/ContainerName</strong>: name of a pod or container.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0018__row732915085118"><td class="cellrowborder" valign="top" width="17.06%" headers="mcps1.3.4.7.2.4.1.1 "><p id="cce_10_0018__p17329004514">policy.logs.rotate</p>
|
||||
@ -163,7 +163,7 @@ spec:
|
||||
<td class="cellrowborder" valign="top" width="19.23%" headers="mcps1.3.4.7.2.4.1.2 "><p id="cce_10_0018__p123292055113">Log dump</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="63.71%" headers="mcps1.3.4.7.2.4.1.3 "><p id="cce_10_0018__p1017113396539">Log dump refers to rotating log files on a local host.</p>
|
||||
<ul id="cce_10_0018__ul1617120398533"><li id="cce_10_0018__li71711639105316"><strong id="cce_10_0018__b4837638192520">Enabled</strong>: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new <strong id="cce_10_0018__b98429388254">.zip</strong> file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 <strong id="cce_10_0018__b2216332192917">.zip</strong> files. When the number of <strong id="cce_10_0018__b1621653252914">.zip</strong> files exceeds 20, earlier <strong id="cce_10_0018__b1321623212917">.zip</strong> files will be deleted. After the dump is complete, the log file in AOM will be cleared.</li><li id="cce_10_0018__li817133985315"><strong id="cce_10_0018__b1147822082">Disabled</strong>: AOM does not dump log files.</li></ul>
|
||||
<ul id="cce_10_0018__ul1617120398533"><li id="cce_10_0018__li71711639105316"><strong id="cce_10_0018__b4837638192520">Enabled</strong>: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new <strong id="cce_10_0018__b98429388254">.zip</strong> file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 <strong id="cce_10_0018__b2216332192917">.zip</strong> files. When the number of <strong id="cce_10_0018__b1621653252914">.zip</strong> files exceeds 20, earlier <strong id="cce_10_0018__b1321623212917">.zip</strong> files will be deleted. After the dump is complete, the log file in AOM will be cleared.</li><li id="cce_10_0018__li817133985315"><strong id="cce_10_0018__b642591027">Disabled</strong>: AOM does not dump log files.</li></ul>
|
||||
<div class="note" id="cce_10_0018__note121711639195319"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0018__ul817183918533"><li id="cce_10_0018__li9171183945310">AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.</li><li id="cce_10_0018__li1117153914535">Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have already set rotation for log files, skip the configuration. Otherwise, conflicts may occur.</li><li id="cce_10_0018__li317113915532">You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.</li></ul>
|
||||
</div></div>
|
||||
</td>
|
||||
@ -173,9 +173,9 @@ spec:
|
||||
<td class="cellrowborder" valign="top" width="19.23%" headers="mcps1.3.4.7.2.4.1.2 "><p id="cce_10_0018__p14388112019519">Collection path</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="63.71%" headers="mcps1.3.4.7.2.4.1.3 "><p id="cce_10_0018__p63882201153">A collection path narrows down the scope of collection to specified logs.</p>
|
||||
<ul id="cce_10_0018__ul73883209510"><li id="cce_10_0018__li14388162011513">If no collection path is specified, log files in <strong id="cce_10_0018__b66511633">.log</strong>, <strong id="cce_10_0018__b1809733917">.trace</strong>, and <strong id="cce_10_0018__b902667841">.out</strong> formats will be collected from the specified path.</li><li id="cce_10_0018__li03886201854"><strong id="cce_10_0018__b1859325291">/Path/**/</strong> indicates that all log files in <strong id="cce_10_0018__b545945728">.log</strong>, <strong id="cce_10_0018__b925379927">.trace</strong>, and <strong id="cce_10_0018__b2124849760">.out</strong> formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.</li><li id="cce_10_0018__li1938811201058">* in log file names indicates a fuzzy match.</li></ul>
|
||||
<ul id="cce_10_0018__ul73883209510"><li id="cce_10_0018__li14388162011513">If no collection path is specified, log files in <strong id="cce_10_0018__b1129214307">.log</strong>, <strong id="cce_10_0018__b1581621110">.trace</strong>, and <strong id="cce_10_0018__b2037581547">.out</strong> formats will be collected from the specified path.</li><li id="cce_10_0018__li03886201854"><strong id="cce_10_0018__b45106373">/Path/**/</strong> indicates that all log files in <strong id="cce_10_0018__b2008565461">.log</strong>, <strong id="cce_10_0018__b2061915364">.trace</strong>, and <strong id="cce_10_0018__b2076841527">.out</strong> formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.</li><li id="cce_10_0018__li1938811201058">* in log file names indicates a fuzzy match.</li></ul>
|
||||
<p id="cce_10_0018__p17388152013515">Example: The collection path <strong id="cce_10_0018__b19951612237">/tmp/**/test*.log</strong> indicates that all <strong id="cce_10_0018__b49571315239">.log</strong> files prefixed with <strong id="cce_10_0018__b4958101202315">test</strong> will be collected from <strong id="cce_10_0018__b695815172316">/tmp</strong> and subdirectories at 5 levels deep.</p>
|
||||
<div class="caution" id="cce_10_0018__note153881220751"><span class="cautiontitle"> CAUTION: </span><div class="cautionbody"><p id="cce_10_0018__p938810204516">Ensure that ICAgent is of version 5.12.22 or later.</p>
|
||||
<div class="caution" id="cce_10_0018__note153881220751"><span class="cautiontitle"> CAUTION: </span><div class="cautionbody"><p id="cce_10_0018__p938810204516">Ensure that ICAgent is of v5.12.22 or later.</p>
|
||||
</div></div>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
</ul>
|
||||
|
||||
<div class="familylinks">
|
||||
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0705.html">O&M</a></div>
|
||||
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0705.html">Observability</a></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@ -1,11 +1,13 @@
|
||||
<a name="cce_10_0026"></a><a name="cce_10_0026"></a>
|
||||
|
||||
<h1 class="topictitle1">Viewing CTS Traces in the Trace List</h1>
|
||||
<div id="body1525226397666"><div class="section" id="cce_10_0026__en-us_topic_0179639644_section5470822195238"><h4 class="sectiontitle">Scenarios</h4><p id="cce_10_0026__en-us_topic_0179639644_p333055219577">After you enable Cloud Trace Service (CTS) and the management tracker is created, CTS starts recording operations on cloud resources. CTS stores operation records (traces) generated in the last seven days.</p>
|
||||
<div id="body1525226397666"><div class="section" id="cce_10_0026__en-us_topic_0179639644_section5470822195238"><h4 class="sectiontitle">Scenarios</h4><p id="cce_10_0026__en-us_topic_0179639644_p333055219577">After you enable CTS and the management tracker is created, CTS starts recording operations on cloud resources. Cloud Trace Service (CTS) stores operation records (traces) generated in the last seven days.</p>
|
||||
<div class="note" id="cce_10_0026__en-us_topic_0179639644_note1438715448188"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0026__en-us_topic_0179639644_p1138754410182">These operation records are retained for seven days on the CTS console and are automatically deleted upon expiration. Manual deletion is not supported.</p>
|
||||
</div></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0026__en-us_topic_0179639644_section19271975203"><h4 class="sectiontitle">Viewing Real-Time Traces in the Trace List</h4><ol id="cce_10_0026__en-us_topic_0179639644_ol4845175152710"><li id="cce_10_0026__en-us_topic_0179639644_li791871844313">Log in to the management console.</li><li id="cce_10_0026__en-us_topic_0179639644_li79188188435">Click <span><img id="cce_10_0026__en-us_topic_0179639644_image2091881811436" src="en-us_image_0000001696838310.png"></span> in the upper left corner and choose <strong id="cce_10_0026__en-us_topic_0179639644_b785314592818">Management & Deployment</strong> > <strong id="cce_10_0026__en-us_topic_0179639644_b031292616283">Cloud Trace Service</strong>. The CTS console is displayed.</li><li id="cce_10_0026__en-us_topic_0179639644_li591831894316">Choose <strong id="cce_10_0026__en-us_topic_0179639644_b09819412220">Trace List</strong> in the navigation pane on the left.</li><li id="cce_10_0026__en-us_topic_0179639644_li6936134194312">Set filters to search for your desired traces, as shown in <a href="#cce_10_0026__en-us_topic_0179639644_fig139361441134311">Figure 1</a>. The following filters are available.<div class="fignone" id="cce_10_0026__en-us_topic_0179639644_fig139361441134311"><a name="cce_10_0026__en-us_topic_0179639644_fig139361441134311"></a><a name="en-us_topic_0179639644_fig139361441134311"></a><span class="figcap"><b>Figure 1 </b>Filters</span><br><span><img id="cce_10_0026__en-us_topic_0179639644_image14936144112433" src="en-us_image_0000001744598325.png"></span></div>
|
||||
<div class="section" id="cce_10_0026__en-us_topic_0179639644_section19271975203"><h4 class="sectiontitle">Viewing Real-Time Traces</h4><ol id="cce_10_0026__en-us_topic_0179639644_ol4845175152710"><li id="cce_10_0026__en-us_topic_0179639644_li791871844313">Log in to the management console.</li><li id="cce_10_0026__en-us_topic_0179639644_li79188188435">Click <span><img id="cce_10_0026__en-us_topic_0179639644_image3220189363" src="en-us_image_0000001696838310.png"></span> in the upper left corner and choose <strong id="cce_10_0026__en-us_topic_0179639644_b112111833612">Management & Deployment</strong> > <strong id="cce_10_0026__en-us_topic_0179639644_b172191811363">Cloud Trace Service</strong>. The CTS console is displayed.</li><li id="cce_10_0026__en-us_topic_0179639644_li591831894316">Choose <strong id="cce_10_0026__en-us_topic_0179639644_b09819412220">Trace List</strong> in the navigation pane on the left.</li><li id="cce_10_0026__en-us_topic_0179639644_li6936134194312">Set filters to search for your desired traces, as shown in <a href="#cce_10_0026__en-us_topic_0179639644_fig139361441134311">Figure 1</a>. The following filters are available.<div class="fignone" id="cce_10_0026__en-us_topic_0179639644_fig139361441134311"><a name="cce_10_0026__en-us_topic_0179639644_fig139361441134311"></a><a name="en-us_topic_0179639644_fig139361441134311"></a><span class="figcap"><b>Figure 1 </b>Filters</span><br><span><img id="cce_10_0026__en-us_topic_0179639644_image14936144112433" src="en-us_image_0000001744598325.png"></span></div>
|
||||
<div class="p" id="cce_10_0026__en-us_topic_0179639644_p15936134119435"><ul class="subitemlist" id="cce_10_0026__en-us_topic_0179639644_ul20936164174314"><li id="cce_10_0026__en-us_topic_0179639644_li99361417432"><strong id="cce_10_0026__en-us_topic_0179639644_b179671714141513">Trace Type</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b179671014191515">Trace Source</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b4968714141517">Resource Type</strong>, and <strong id="cce_10_0026__en-us_topic_0179639644_b14968101411516">Search By</strong>: Select a filter from the drop-down list.<ul id="cce_10_0026__en-us_topic_0179639644_ul158893433010"><li id="cce_10_0026__en-us_topic_0179639644_li12760183118301">If you select <strong id="cce_10_0026__en-us_topic_0179639644_b389315891511">Resource ID</strong> for <strong id="cce_10_0026__en-us_topic_0179639644_b3893858131515">Search By</strong>, specify a resource ID.</li><li id="cce_10_0026__en-us_topic_0179639644_li12760203115305">If you select <strong id="cce_10_0026__en-us_topic_0179639644_b8997941831">Trace name</strong> for <strong id="cce_10_0026__en-us_topic_0179639644_b199981541317">Search By</strong>, specify a trace name.</li><li id="cce_10_0026__en-us_topic_0179639644_li197601031193019">If you select <strong id="cce_10_0026__en-us_topic_0179639644_b196612501258">Resource name</strong> for <strong id="cce_10_0026__en-us_topic_0179639644_b177275015252">Search By</strong>, specify a resource name.</li></ul>
|
||||
</li><li id="cce_10_0026__en-us_topic_0179639644_li15936204184311"><strong id="cce_10_0026__en-us_topic_0179639644_b98151395276">Operator</strong>: Select a user. </li><li id="cce_10_0026__en-us_topic_0179639644_li6936184119437"><strong id="cce_10_0026__en-us_topic_0179639644_b6981161112286">Trace Status</strong>: Select <strong id="cce_10_0026__en-us_topic_0179639644_b1298716111281">All trace statuses</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b7987181115281">Normal</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b2988181112810">Warning</strong>, or <strong id="cce_10_0026__en-us_topic_0179639644_b99881511132820">Incident</strong>.</li><li id="cce_10_0026__en-us_topic_0179639644_li1993654144315">Time range: Select <strong id="cce_10_0026__en-us_topic_0179639644_b1840823133614">Last 1 hour</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b6408123118362">Last 1 day</strong>, or <strong id="cce_10_0026__en-us_topic_0179639644_b12408231123610">Last 1 week</strong>, or specify a custom time range within the last seven days.</li></ul>
|
||||
</li><li id="cce_10_0026__en-us_topic_0179639644_li15936204184311"><strong id="cce_10_0026__en-us_topic_0179639644_b98151395276">Operator</strong>: Select a user.</li><li id="cce_10_0026__en-us_topic_0179639644_li6936184119437"><strong id="cce_10_0026__en-us_topic_0179639644_b6981161112286">Trace Status</strong>: Select <strong id="cce_10_0026__en-us_topic_0179639644_b1298716111281">All trace statuses</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b7987181115281">Normal</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b2988181112810">Warning</strong>, or <strong id="cce_10_0026__en-us_topic_0179639644_b99881511132820">Incident</strong>.</li><li id="cce_10_0026__en-us_topic_0179639644_li1993654144315">Time range: Select <strong id="cce_10_0026__en-us_topic_0179639644_b1840823133614">Last 1 hour</strong>, <strong id="cce_10_0026__en-us_topic_0179639644_b6408123118362">Last 1 day</strong>, or <strong id="cce_10_0026__en-us_topic_0179639644_b12408231123610">Last 1 week</strong>, or specify a custom time range within the last seven days.</li></ul>
|
||||
</div>
|
||||
</li><li class="subitemlist" id="cce_10_0026__en-us_topic_0179639644_li094111715448">Click <strong id="cce_10_0026__en-us_topic_0179639644_b55732514186">Query</strong>.</li><li id="cce_10_0026__en-us_topic_0179639644_li29410170448">On the <strong id="cce_10_0026__en-us_topic_0179639644_b176911834143214">Trace List</strong> page, you can also export and refresh the trace list.<ul id="cce_10_0026__en-us_topic_0179639644_ul119414175448"><li id="cce_10_0026__en-us_topic_0179639644_li12946170445">Click <strong id="cce_10_0026__en-us_topic_0179639644_b8907168171714">Export</strong> to export all traces in the query result as a CSV file. The file can contain up to 5,000 records.</li><li id="cce_10_0026__en-us_topic_0179639644_li394151717445">Click <span><img id="cce_10_0026__en-us_topic_0179639644_image109421716440" src="en-us_image_0000001696678850.png"></span> to view the latest information about traces.</li></ul>
|
||||
</li><li id="cce_10_0026__en-us_topic_0179639644_li169491744418">Click <span><img id="cce_10_0026__en-us_topic_0179639644_image9947176447" src="en-us_image_0000001744678489.jpg"></span> on the left of a trace to expand its details.<p id="cce_10_0026__en-us_topic_0179639644_p1294101714446"></p>
|
||||
@ -14,7 +16,7 @@
|
||||
<p id="cce_10_0026__en-us_topic_0179639644_p1352018181294"></p>
|
||||
<p id="cce_10_0026__en-us_topic_0179639644_p109481744411"></p>
|
||||
</li><li id="cce_10_0026__en-us_topic_0179639644_li1094161784410">Click <strong id="cce_10_0026__en-us_topic_0179639644_b139145611337">View Trace</strong> in the <strong id="cce_10_0026__en-us_topic_0179639644_b1591756103313">Operation</strong> column. The trace details are displayed.<p id="cce_10_0026__en-us_topic_0179639644_p1695161714447"><span><img id="cce_10_0026__en-us_topic_0179639644_image1904172011220" src="en-us_image_0000001758618249.png"></span></p>
|
||||
</li><li id="cce_10_0026__en-us_topic_0179639644_li129561719446">For details about key fields in the trace structure, see <a href="https://docs.otc.t-systems.com/cloud-trace-service/umn/user_guide/trace_references/trace_structure.html#cts-03-0010" target="_blank" rel="noopener noreferrer">Trace Structure</a> and <a href="https://docs.otc.t-systems.com/cloud-trace-service/umn/user_guide/trace_references/example_traces.html" target="_blank" rel="noopener noreferrer">Example Traces</a> in the <em id="cce_10_0026__en-us_topic_0179639644_i1765453563620">CTS User Guide</em>.</li></ol>
|
||||
</li><li id="cce_10_0026__en-us_topic_0179639644_li129561719446">For details about key fields in the trace structure, see section "Trace References" > "Trace Structure" and section "Trace References" > "Example Traces" in the <em id="cce_10_0026__en-us_topic_0179639644_i327125153611">CTS User Guide</em>.</li></ol>
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -8,7 +8,7 @@
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0602.html">Enabling Overload Control for a Cluster</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0403.html">Changing a Cluster Scale</a></strong><br>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0403.html">Changing Cluster Scale</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0426.html">Changing the Default Security Group of a Node</a></strong><br>
|
||||
</li>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -3,9 +3,9 @@
|
||||
<h1 class="topictitle1">Logging In to a Container</h1>
|
||||
<div id="body0000001151211236"><div class="section" id="cce_10_00356__section7379040716"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_00356__p1134114511811">If you encounter unexpected problems when using a container, you can log in to the container to debug it.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_00356__section1536420242714"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_00356__cce_10_0671_ul1462211293114"><li id="cce_10_00356__cce_10_0671_li126227294120">When kubectl is used in CloudShell, permissions are determined by the logged-in user.</li><li id="cce_10_00356__cce_10_0671_li277014321913">When using CloudShell to access a CCE cluster or container, you can open up to 15 instances concurrently.</li><li id="cce_10_00356__cce_10_0671_li1443882717216">The kubectl certificate in CloudShell is valid for one day. You can reset its validity period by accessing CloudShell through the CCE console.</li></ul>
|
||||
<div class="section" id="cce_10_00356__section1536420242714"><h4 class="sectiontitle">Notes and Constraints</h4><p id="cce_10_00356__cce_10_0671_p1192104192713">When using CloudShell to access a CCE cluster or container, you can open a maximum of 15 instances simultaneously.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_00356__section1293318163114"><h4 class="sectiontitle">Using kubectl</h4><ol id="cce_10_00356__ol1392823394416"><li id="cce_10_00356__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_00356__li1020013819415"><span>Run the following command to view the created pod:</span><p><pre class="screen" id="cce_10_00356__screen156898195914">kubectl get pod</pre>
|
||||
<div class="section" id="cce_10_00356__section1293318163114"><h4 class="sectiontitle">Using kubectl</h4><ol id="cce_10_00356__ol1392823394416"><li id="cce_10_00356__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_00356__li1020013819415"><span>Run the following command to view the created pod:</span><p><pre class="screen" id="cce_10_00356__screen156898195914">kubectl get pod</pre>
|
||||
<div class="p" id="cce_10_00356__p18257204595920">The example output is as follows:<pre class="screen" id="cce_10_00356__screen7944553592">NAME READY STATUS RESTARTS AGE
|
||||
nginx-59d89cb66f-mhljr 1/1 Running 0 11m</pre>
|
||||
</div>
|
||||
|
||||
@ -3,11 +3,11 @@
|
||||
<h1 class="topictitle1">Creating a Deployment</h1>
|
||||
<div id="body1505966783091"><div class="section" id="cce_10_0047__section686591217411"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0047__p1695318124112">Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0047__section7271245481"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0047__ul12960152618147"><li id="cce_10_0047__li596019263145">Before creating a workload, you must have an available cluster. For details about how to create a cluster, see <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</li><li id="cce_10_0047__li19160540131415">To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.<div class="note" id="cce_10_0047__note991371915511"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0047__p7914191915520">If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the Deployment will fail.</p>
|
||||
<div class="section" id="cce_10_0047__section7271245481"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0047__ul12960152618147"><li id="cce_10_0047__li596019263145">Before creating a workload, you must have an available cluster. For details on how to create a cluster, see <a href="cce_10_0028.html">Creating a CCE Standard/Turbo Cluster</a>.</li><li id="cce_10_0047__li19160540131415">To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.<div class="note" id="cce_10_0047__note991371915511"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0047__p7914191915520">If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the Deployment will fail.</p>
|
||||
</div></div>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0047__section1996635141916"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0047__ol2012902601117"><li id="cce_10_0047__li330462393220"><span>Log in to the CCE console.</span></li><li id="cce_10_0047__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0047__b1421120185819">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0047__b139221951155717">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0047__li67891737151520"><span>Configure the workload.</span><p><div class="p" id="cce_10_0047__p1259466151612"><strong id="cce_10_0047__b1493704971917">Basic Info</strong><ul id="cce_10_0047__ul6954101318184"><li id="cce_10_0047__li11514131617185"><strong id="cce_10_0047__b17688966208">Workload Type</strong>: Select <strong id="cce_10_0047__b19319191110206">Deployment</strong>. For details about workload types, see <a href="cce_10_0006.html">Overview</a>.</li><li id="cce_10_0047__li129541213101814"><strong id="cce_10_0047__b12465144313510">Workload Name</strong>: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</li><li id="cce_10_0047__li179541813111814"><strong id="cce_10_0047__b20501185611511">Namespace</strong>: Select the namespace of the workload. The default value is <strong id="cce_10_0047__b1508155615514">default</strong>. You can also click <span class="uicontrol" id="cce_10_0047__uicontrol342862818214"><b>Create Namespace</b></span> to create one. For details, see <a href="cce_10_0278.html">Creating a Namespace</a>.</li><li id="cce_10_0047__li18955181315189"><strong id="cce_10_0047__b1997313316218">Pods</strong>: Enter the number of pods of the workload.</li><li id="cce_10_0047__li11753142112539"><strong id="cce_10_0047__b1111971612">Container Runtime</strong>: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see <a href="cce_10_0463.html">Secure Runtime and Common Runtime</a>.</li><li id="cce_10_0047__li1295571341818"><strong id="cce_10_0047__b4596419068">Time Zone Synchronization</strong>: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see <a href="cce_10_0354.html">Configuring Time Zone Synchronization</a>.</li></ul>
|
||||
<div class="section" id="cce_10_0047__section1996635141916"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0047__ol2012902601117"><li id="cce_10_0047__li330462393220"><span>Log in to the CCE console.</span></li><li id="cce_10_0047__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0047__b1421120185819">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0047__b139221951155717">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0047__li67891737151520"><span>Set basic information about the workload. </span><p><div class="p" id="cce_10_0047__p1259466151612"><strong id="cce_10_0047__b1493704971917">Basic Info</strong><ul id="cce_10_0047__ul6954101318184"><li id="cce_10_0047__li11514131617185"><strong id="cce_10_0047__b17688966208">Workload Type</strong>: Select <strong id="cce_10_0047__b19319191110206">Deployment</strong>. For details about workload types, see <a href="cce_10_0006.html">Overview</a>.</li><li id="cce_10_0047__li129541213101814"><strong id="cce_10_0047__b12465144313510">Workload Name</strong>: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</li><li id="cce_10_0047__li179541813111814"><strong id="cce_10_0047__b20501185611511">Namespace</strong>: Select the namespace of the workload. The default value is <strong id="cce_10_0047__b1508155615514">default</strong>. You can also click <span class="uicontrol" id="cce_10_0047__uicontrol342862818214"><b>Create Namespace</b></span> to create one. For details, see <a href="cce_10_0278.html">Creating a Namespace</a>.</li><li id="cce_10_0047__li18955181315189"><strong id="cce_10_0047__b1997313316218">Pods</strong>: Enter the number of pods of the workload.</li><li id="cce_10_0047__li11753142112539"><strong id="cce_10_0047__b1111971612">Container Runtime</strong>: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see <a href="cce_10_0463.html">Secure Runtime and Common Runtime</a>.</li><li id="cce_10_0047__li1295571341818"><strong id="cce_10_0047__b4596419068">Time Zone Synchronization</strong>: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see <a href="cce_10_0354.html">Configuring Time Zone Synchronization</a>.</li></ul>
|
||||
</div>
|
||||
<div class="p" id="cce_10_0047__p206571518181616"><strong id="cce_10_0047__b062716554277">Container Settings</strong><ul id="cce_10_0047__ul42071022103320"><li id="cce_10_0047__li8770480458">Container Information<div class="p" id="cce_10_0047__p10493941854"><a name="cce_10_0047__li8770480458"></a><a name="li8770480458"></a>Multiple containers can be configured in a pod. You can click <span class="uicontrol" id="cce_10_0047__uicontrol2024214181967"><b>Add Container</b></span> on the right to configure multiple containers for the pod.<ul id="cce_10_0047__ul10714183717111"><li id="cce_10_0047__li1471463741113"><strong id="cce_10_0047__b2309121414294">Basic Info</strong>: Configure basic information about the container.
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0047__table128216444815" frame="border" border="1" rules="all"><thead align="left"><tr id="cce_10_0047__row0282348486"><th align="left" class="cellrowborder" valign="top" width="23%" id="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.1"><p id="cce_10_0047__p3282147483">Parameter</p>
|
||||
@ -29,7 +29,7 @@
|
||||
<tr id="cce_10_0047__row1844916557597"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0047__p182837474815">Image Name</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0047__p1372913120568">Click <strong id="cce_10_0047__b8790125722910">Select Image</strong> and select the image used by the container.</p>
|
||||
<p id="cce_10_0047__p137884754811">To use a third-party image, directly enter image path. Ensure that the <a href="#cce_10_0047__li1487514116369">image access credential</a> can be used to access the image repository. For details, see <a href="cce_10_0009.html">Using Third-Party Images</a>.</p>
|
||||
<p id="cce_10_0047__p137884754811">To use a third-party image, see <a href="cce_10_0009.html">Using Third-Party Images</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0047__row338117362515"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0047__p1038143616517">Image Tag</p>
|
||||
@ -51,8 +51,8 @@
|
||||
</tr>
|
||||
<tr id="cce_10_0047__row272852945719"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0047__p20728192912572">(Optional) GPU Quota</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0047__p53791055710">Configurable only when the cluster contains GPU nodes and the <a href="cce_10_0141.html">CCE AI Suite (NVIDIA GPU)</a> add-on has been installed.</p>
|
||||
<ul id="cce_10_0047__ul19823440122219"><li id="cce_10_0047__li14823540152219"><strong id="cce_10_0047__b74394181358">Do not use</strong>: No GPU will be used.</li><li id="cce_10_0047__li128232405222"><strong id="cce_10_0047__b53941737155016">GPU card</strong>: The GPU is dedicated for the container.</li><li id="cce_10_0047__li13823440182213"><strong id="cce_10_0047__b1433212715356">GPU Virtualization</strong>: percentage of GPU resources used by the container. For example, if this parameter is set to <strong id="cce_10_0047__b13332192713352">10%</strong>, the container will use 10% of GPU resources.</li></ul>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0047__p53791055710">Configurable only when the cluster contains GPU nodes and the <a href="cce_10_0141.html">CCE AI Suite (NVIDIA GPU)</a> add-on is installed.</p>
|
||||
<ul id="cce_10_0047__ul19823440122219"><li id="cce_10_0047__li14823540152219"><strong id="cce_10_0047__b74394181358">All</strong>: No GPU will be used.</li><li id="cce_10_0047__li128232405222"><strong id="cce_10_0047__b2930224153512">Dedicated</strong>: GPU resources are dedicated for the container.</li><li id="cce_10_0047__li13823440182213"><strong id="cce_10_0047__b1433212715356">Shared</strong>: percentage of GPU resources used by the container. For example, if this parameter is set to <strong id="cce_10_0047__b13332192713352">10%</strong>, the container uses 10% of GPU resources.</li></ul>
|
||||
<p id="cce_10_0047__p91801538202613">For details about how to use GPUs in the cluster, see <a href="cce_10_0345.html">Default GPU Scheduling in Kubernetes</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
@ -68,13 +68,6 @@
|
||||
<p id="cce_10_0047__p191910221439">An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see <a href="https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" target="_blank" rel="noopener noreferrer">Init Containers</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0047__row12412562240"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0047__p0555616240">(Optional) Run Option</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.3.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0047__p45105617247">Add run options for the container. For details, see <a href="https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/" target="_blank" rel="noopener noreferrer">Pod</a>. CCE supports the following run options:</p>
|
||||
<ul id="cce_10_0047__ul482496102717"><li id="cce_10_0047__li9824106112720"><strong id="cce_10_0047__b297531442317">stdin</strong>: allows containers to receive input from external sources, such as terminals or other input streams.</li><li id="cce_10_0047__li19434101452716"><strong id="cce_10_0047__b10463193219282">tty</strong>: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.<p id="cce_10_0047__p1537282419401">In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the <strong id="cce_10_0047__b99991540183512">kubectl exec -i -t</strong> command. The difference is that this parameter has been configured when the pod is launched.</p>
|
||||
</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
@ -83,23 +76,21 @@
|
||||
</li><li id="cce_10_0047__li19714437161112">(Optional) <strong id="cce_10_0047__b347211410339">Security Context</strong>: Assign container permissions to protect the system and other containers from being affected. Enter the user ID to assign container permissions and prevent systems and other containers from being affected.</li><li id="cce_10_0047__li1371419375118">(Optional) <strong id="cce_10_0047__b4129950193311">Logging</strong>: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see <a href="cce_10_0018.html">Collecting Container Logs Using ICAgent</a>.<p id="cce_10_0047__p154878397159">To disable the standard output of the current workload, add the annotation <strong id="cce_10_0047__b882934924220">kubernetes.AOM.log.stdout: []</strong> in <a href="#cce_10_0047__li179714209414">Labels and Annotations</a>. For details about how to use this annotation, see <a href="cce_10_0386.html#cce_10_0386__table194691458405">Table 1</a>.</p>
|
||||
</li></ul>
|
||||
</div>
|
||||
</li><li id="cce_10_0047__li1487514116369"><a name="cce_10_0047__li1487514116369"></a><a name="li1487514116369"></a><strong id="cce_10_0047__b479415459616">Image Access Credential</strong>: Select the credential used for accessing the image repository. The default value is <strong id="cce_10_0047__b157944451067">default-secret</strong>. You can use default-secret to access images in SWR Shared Edition. For details about <strong id="cce_10_0047__b582111347813">default-secret</strong>, see <a href="cce_10_0388.html#cce_10_0388__section11760122012591">default-secret</a>.</li><li id="cce_10_0047__li11649141318194">(Optional) <strong id="cce_10_0047__b513531164612">GPU</strong>: <strong id="cce_10_0047__b11135211134611">All</strong> is selected by default. The workload instance will be scheduled to the node of the specified GPU type.</li></ul>
|
||||
</li><li id="cce_10_0047__li1487514116369"><strong id="cce_10_0047__b479415459616">Image Access Credential</strong>: Select the credential used for accessing the image repository. The default value is <strong id="cce_10_0047__b157944451067">default-secret</strong>. You can use default-secret to access images in SWR. For details about <strong id="cce_10_0047__b582111347813">default-secret</strong>, see <a href="cce_10_0388.html#cce_10_0388__section11760122012591">default-secret</a>.</li><li id="cce_10_0047__li11649141318194">(Optional) <strong id="cce_10_0047__b513531164612">GPU</strong>: <strong id="cce_10_0047__b11135211134611">All</strong> is selected by default. The workload instance will be scheduled to the node of the specified GPU type.</li></ul>
|
||||
</div>
|
||||
<p id="cce_10_0047__p1447162741615"><strong id="cce_10_0047__b154561192487">(Optional) Service Settings</strong></p>
|
||||
<p id="cce_10_0047__p102354303348">A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.</p>
|
||||
<p id="cce_10_0047__p13343123113612">You can also create a Service after creating a workload. For details about Services of different types, see <a href="cce_10_0249.html">Overview</a>.</p>
|
||||
<div class="p" id="cce_10_0047__p310913521612"><strong id="cce_10_0047__b204881212144816">(Optional) Advanced Settings</strong><ul id="cce_10_0047__ul142811417"><li id="cce_10_0047__li0421513417"><strong id="cce_10_0047__b15415314859">Upgrade</strong>: Specify the upgrade mode and parameters of the workload. <strong id="cce_10_0047__b153151558165913">Rolling upgrade</strong> and <strong id="cce_10_0047__b1621251402">Replace upgrade</strong> are available. For details, see <a href="cce_10_0397.html">Configuring Workload Upgrade Policies</a>.</li><li id="cce_10_0047__li5292111713411"><strong id="cce_10_0047__b289714923012">Scheduling</strong>: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.<ul id="cce_10_0047__ul16976133413332"><li id="cce_10_0047__li7687143311331"><strong id="cce_10_0047__b1243811103214">Load Affinity</strong>: Common load affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0047__ul1865517492338"><li id="cce_10_0047__li7393234068"><strong id="cce_10_0047__b15439175514563">Not configured</strong>: No load affinity policy is configured.</li><li id="cce_10_0047__li84431255153310"><strong id="cce_10_0047__b1069211531709">Multi-AZ deployment preferred</strong>: Workload pods are <strong id="cce_10_0047__b126921353203">preferentially</strong> scheduled to nodes in different AZs through pod anti-affinity.</li><li id="cce_10_0047__li10775194183413"><strong id="cce_10_0047__b1667575214119">Forcible multi-AZ deployment</strong>: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (<strong id="cce_10_0047__b10853186174217">podAntiAffinity</strong>). If there are fewer AZs than pods, the extra pods will fail to run.</li><li id="cce_10_0047__li177960111349"><strong id="cce_10_0047__b18931103644418">Customize affinity</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0893.html">Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)</a>.</li></ul>
|
||||
</li><li id="cce_10_0047__li136191442193318"><strong id="cce_10_0047__b540915914458">Node Affinity</strong>: Common node affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0047__ul106562113415"><li id="cce_10_0047__li3815113910617"><strong id="cce_10_0047__b129361841585">Not configured</strong>: No node affinity policy is configured.</li><li id="cce_10_0047__li11588172453415"><strong id="cce_10_0047__b1354131044913">Specify node</strong>: Workload pods can be deployed on specified nodes through node affinity (<strong id="cce_10_0047__b17387313105016">nodeAffinity</strong>). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0047__li12588142414347"><strong id="cce_10_0047__b1143642735217">Specify node pool</strong>: Workload pods can be deployed in a specified node pool through node affinity (<strong id="cce_10_0047__b1443715272523">nodeAffinity</strong>). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0047__li14588192418347"><strong id="cce_10_0047__b145411819458">Customize affinity</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</li></ul>
|
||||
<div class="p" id="cce_10_0047__p310913521612"><strong id="cce_10_0047__b204881212144816">(Optional) Advanced Settings</strong><ul id="cce_10_0047__ul142811417"><li id="cce_10_0047__li0421513417"><strong id="cce_10_0047__b15415314859">Upgrade</strong>: Specify the upgrade mode and parameters of the workload. <strong id="cce_10_0047__b153151558165913">Rolling upgrade</strong> and <strong id="cce_10_0047__b1621251402">Replace upgrade</strong> are available. For details, see <a href="cce_10_0397.html">Configuring Workload Upgrade Policies</a>.</li><li id="cce_10_0047__li5292111713411"><strong id="cce_10_0047__b289714923012">Scheduling</strong>: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.<ul id="cce_10_0047__ul16976133413332"><li id="cce_10_0047__li7687143311331"><strong id="cce_10_0047__b1243811103214">Load Affinity</strong>: Common load affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0047__ul1865517492338"><li id="cce_10_0047__li7393234068"><strong id="cce_10_0047__b15439175514563">Not configured</strong>: No load affinity policy is configured.</li><li id="cce_10_0047__li84431255153310"><strong id="cce_10_0047__b1069211531709">Multi-AZ deployment preferred</strong>: Workload pods are <strong id="cce_10_0047__b126921353203">preferentially</strong> scheduled to nodes in different AZs through pod anti-affinity.</li><li id="cce_10_0047__li10775194183413"><strong id="cce_10_0047__b1667575214119">Forcible multi-AZ deployment</strong>: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (<strong id="cce_10_0047__b10853186174217">podAntiAffinity</strong>). If there are fewer AZs than pods, the extra pods will fail to run.</li><li id="cce_10_0047__li177960111349"><strong id="cce_10_0047__b18931103644418">Custom policies</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0893.html">Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)</a>.</li></ul>
|
||||
</li><li id="cce_10_0047__li136191442193318"><strong id="cce_10_0047__b540915914458">Node Affinity</strong>: Common load affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0047__ul106562113415"><li id="cce_10_0047__li3815113910617"><strong id="cce_10_0047__b129361841585">Not configured</strong>: No node affinity policy is configured.</li><li id="cce_10_0047__li11588172453415"><strong id="cce_10_0047__b1354131044913">Node Affinity</strong>: Workload pods can be deployed on specified nodes through node affinity (<strong id="cce_10_0047__b17387313105016">nodeAffinity</strong>). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0047__li12588142414347"><strong id="cce_10_0047__b1143642735217">Specified node pool scheduling</strong>: Workload pods can be deployed in a specified node pool through node affinity (<strong id="cce_10_0047__b1443715272523">nodeAffinity</strong>). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0047__li14588192418347"><strong id="cce_10_0047__b145411819458">Custom policies</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</li></ul>
|
||||
</li></ul>
|
||||
</li><li id="cce_10_0047__li13285132913414"><strong id="cce_10_0047__b15261142101217">Toleration</strong>: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see <a href="cce_10_0728.html">Configuring Tolerance Policies</a>.</li><li id="cce_10_0047__li179714209414"><a name="cce_10_0047__li179714209414"></a><a name="li179714209414"></a><strong id="cce_10_0047__b562135212518">Labels and Annotations</strong>: Add labels or annotations for pods using key-value pairs. After entering the key and value, click <strong id="cce_10_0047__b1439805716617">Confirm</strong>. For details about how to use and configure labels and annotations, see <a href="cce_10_0386.html">Configuring Labels and Annotations</a>.</li><li id="cce_10_0047__li1917237124111"><strong id="cce_10_0047__b1428118321389">DNS</strong>: Configure a separate DNS policy for the workload. For details, see <a href="cce_10_0365.html">DNS Configuration</a>.</li><li id="cce_10_0047__li191696549535"><strong id="cce_10_0047__b563938103113">Network Configuration</strong><ul id="cce_10_0047__ul101792551538"><li id="cce_10_0047__li1985863319162">Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0047__li1898141443111">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0047__li465673203314">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0047__li053620118549">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see <a href="cce_10_0604.html">Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs</a>.</li></ul>
|
||||
</li></ul>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0047__li01417411620"><span>Click <span class="uicontrol" id="cce_10_0047__uicontrol1752518381945"><b>Create Workload</b></span> in the lower right corner. After a period of time, the workload enters the <strong id="cce_10_0047__b142843313819">Running</strong> state.</span><p><p id="cce_10_0047__p16936328935"></p>
|
||||
<p id="cce_10_0047__p1721417281233"></p>
|
||||
</p></li></ol>
|
||||
</p></li><li id="cce_10_0047__li01417411620"><span>Click <strong id="cce_10_0047__b5824103317919">Create Workload</strong> in the lower right corner.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0047__section155246177178"><a name="cce_10_0047__section155246177178"></a><a name="section155246177178"></a><h4 class="sectiontitle">Using kubectl</h4><p id="cce_10_0047__p13147194016468">The following procedure uses Nginx as an example to describe how to <span class="keyword" id="cce_10_0047__keyword1613307257114737">create a workload using kubectl</span>.</p>
|
||||
<ol id="cce_10_0047__ol1424992320616"><li id="cce_10_0047__li2338171784610"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0047__li1020013819415"><span>Create and edit the <strong id="cce_10_0047__b27748113122">nginx-deployment.yaml</strong> file. <strong id="cce_10_0047__b630359246113719">nginx-deployment.yaml</strong> is an example file name, and you can rename it as required.</span><p><pre class="screen" id="cce_10_0047__screen1665817374101">vi nginx-deployment.yaml</pre>
|
||||
<ol id="cce_10_0047__ol1424992320616"><li id="cce_10_0047__li2338171784610"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0047__li1020013819415"><span>Create and edit the <strong id="cce_10_0047__b27748113122">nginx-deployment.yaml</strong> file. <strong id="cce_10_0047__b630359246113719">nginx-deployment.yaml</strong> is an example file name, and you can rename it as required.</span><p><p id="cce_10_0047__p7581950184318"><strong id="cce_10_0047__b111191541172515">vi nginx-deployment.yaml</strong></p>
|
||||
<p id="cce_10_0047__p5292517598">The following is an example YAML file. For more information about Deployments, see <a href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/" target="_blank" rel="noopener noreferrer">Kubernetes documentation</a>.</p>
|
||||
<pre class="screen" id="cce_10_0047__screen47761831782">apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@ -234,14 +225,14 @@ spec:
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0047__li12194551184412"><span>Create a Deployment.</span><p><pre class="screen" id="cce_10_0047__screen221075221012">kubectl create -f nginx-deployment.yaml</pre>
|
||||
</p></li><li id="cce_10_0047__li12194551184412"><span>Create a Deployment.</span><p><p id="cce_10_0047__p175719718459"><strong id="cce_10_0047__b692820516453">kubectl create -f nginx-deployment.yaml</strong></p>
|
||||
<p id="cce_10_0047__p128631411141717">If the following information is displayed, the Deployment is being created.</p>
|
||||
<pre class="screen" id="cce_10_0047__screen1028913107179">deployment.apps/nginx created</pre>
|
||||
</p></li><li id="cce_10_0047__li166931817162412"><span>Obtain the Deployment status.</span><p><pre class="screen" id="cce_10_0047__screen28632038110">kubectl get deployment</pre>
|
||||
<pre class="screen" id="cce_10_0047__screen1028913107179">deployment "nginx" created</pre>
|
||||
</p></li><li id="cce_10_0047__li166931817162412"><span>Obtain the Deployment status.</span><p><p id="cce_10_0047__p1127482013249"><strong id="cce_10_0047__b8874010124511">kubectl get deployment</strong></p>
|
||||
<p id="cce_10_0047__p1046019326248">If the following information is displayed, the Deployment is running.</p>
|
||||
<pre class="screen" id="cce_10_0047__screen1353922112020">NAME READY UP-TO-DATE AVAILABLE AGE
|
||||
nginx 1/1 1 1 4m5s</pre>
|
||||
<p id="cce_10_0047__p194511348101611"><strong id="cce_10_0047__b154701656844">Parameters</strong></p>
|
||||
<p id="cce_10_0047__p194511348101611"><strong id="cce_10_0047__b1018145319612">Parameters</strong></p>
|
||||
<ul id="cce_10_0047__ul1964317513175"><li id="cce_10_0047__li1264312531719"><strong id="cce_10_0047__b11576432181319">NAME</strong>: Name of the application running in the pod.</li><li id="cce_10_0047__li864317513171"><strong id="cce_10_0047__b12611534101318">READY</strong>: indicates the number of available workloads. The value is displayed as "the number of available pods/the number of expected pods".</li><li id="cce_10_0047__li16643955172"><strong id="cce_10_0047__b185316367134">UP-TO-DATE</strong>: indicates the number of replicas that have been updated.</li><li id="cce_10_0047__li18643558176"><strong id="cce_10_0047__b483113811138">AVAILABLE</strong>: indicates the number of available pods.</li><li id="cce_10_0047__li964310512175"><strong id="cce_10_0047__b15727740161317">AGE</strong>: period the Deployment keeps running</li></ul>
|
||||
</p></li><li id="cce_10_0047__li128617541093"><span>If the Deployment will be accessed through a ClusterIP or NodePort Service, configure the access mode. For details, see <a href="cce_10_0020.html">Network</a>.</span></li></ol>
|
||||
</div>
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
</div></div>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0048__section16385130102112"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0048__ol2012902601117"><li id="cce_10_0048__li330462393220"><span>Log in to the CCE console.</span></li><li id="cce_10_0048__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0048__b94442390613">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0048__b1844413910614">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0048__li67891737151520"><span>Set basic information about the workload. </span><p><div class="p" id="cce_10_0048__p1259466151612"><strong id="cce_10_0048__b64930521915">Basic Info</strong><ul id="cce_10_0048__ul6954101318184"><li id="cce_10_0048__li11514131617185"><strong id="cce_10_0048__b19311135410116">Workload Type</strong>: Select <strong id="cce_10_0048__b0311195410110">StatefulSet</strong>. For details about workload types, see <a href="cce_10_0006.html">Overview</a>.</li><li id="cce_10_0048__li129541213101814"><strong id="cce_10_0048__cce_10_0047_b12465144313510">Workload Name</strong>: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</li><li id="cce_10_0048__li179541813111814"><strong id="cce_10_0048__cce_10_0047_b20501185611511">Namespace</strong>: Select the namespace of the workload. The default value is <strong id="cce_10_0048__cce_10_0047_b1508155615514">default</strong>. You can also click <span class="uicontrol" id="cce_10_0048__cce_10_0047_uicontrol342862818214"><b>Create Namespace</b></span> to create one. For details, see <a href="cce_10_0278.html">Creating a Namespace</a>.</li><li id="cce_10_0048__li18955181315189"><strong id="cce_10_0048__cce_10_0047_b1997313316218">Pods</strong>: Enter the number of pods of the workload.</li><li id="cce_10_0048__li11753142112539"><strong id="cce_10_0048__cce_10_0047_b1111971612">Container Runtime</strong>: A CCE standard cluster uses a common runtime by default, whereas a CCE Turbo cluster supports both common and secure runtimes. For details about the differences, see <a href="cce_10_0463.html">Secure Runtime and Common Runtime</a>.</li><li id="cce_10_0048__li198695115505"><strong id="cce_10_0048__cce_10_0047_b4596419068">Time Zone Synchronization</strong>: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see <a href="cce_10_0354.html">Configuring Time Zone Synchronization</a>.</li></ul>
|
||||
<div class="section" id="cce_10_0048__section16385130102112"><h4 class="sectiontitle">Using the CCE Console</h4><ol id="cce_10_0048__ol2012902601117"><li id="cce_10_0048__li330462393220"><span>Log in to the CCE console.</span></li><li id="cce_10_0048__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0048__b94442390613">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0048__b1844413910614">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0048__li67891737151520"><span>Set basic information about the workload. </span><p><div class="p" id="cce_10_0048__p1259466151612"><strong id="cce_10_0048__b64930521915">Basic Info</strong><ul id="cce_10_0048__ul6954101318184"><li id="cce_10_0048__li11514131617185"><strong id="cce_10_0048__b19311135410116">Workload Type</strong>: Select <strong id="cce_10_0048__b0311195410110">StatefulSet</strong>. For details about workload types, see <a href="cce_10_0006.html">Overview</a>.</li><li id="cce_10_0048__li129541213101814"><strong id="cce_10_0048__cce_10_0047_b12465144313510">Workload Name</strong>: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</li><li id="cce_10_0048__li179541813111814"><strong id="cce_10_0048__cce_10_0047_b20501185611511">Namespace</strong>: Select the namespace of the workload. The default value is <strong id="cce_10_0048__cce_10_0047_b1508155615514">default</strong>. You can also click <span class="uicontrol" id="cce_10_0048__cce_10_0047_uicontrol342862818214"><b>Create Namespace</b></span> to create one. For details, see <a href="cce_10_0278.html">Creating a Namespace</a>.</li><li id="cce_10_0048__li18955181315189"><strong id="cce_10_0048__cce_10_0047_b1997313316218">Pods</strong>: Enter the number of pods of the workload.</li><li id="cce_10_0048__li11753142112539"><strong id="cce_10_0048__cce_10_0047_b1111971612">Container Runtime</strong>: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see <a href="cce_10_0463.html">Secure Runtime and Common Runtime</a>.</li><li id="cce_10_0048__li198695115505"><strong id="cce_10_0048__cce_10_0047_b4596419068">Time Zone Synchronization</strong>: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see <a href="cce_10_0354.html">Configuring Time Zone Synchronization</a>.</li></ul>
|
||||
</div>
|
||||
<div class="p" id="cce_10_0048__p206571518181616"><strong id="cce_10_0048__b163231218124">Container Settings</strong><ul id="cce_10_0048__ul42071022103320"><li id="cce_10_0048__li8770480458">Container Information<div class="p" id="cce_10_0048__p10493941854"><a name="cce_10_0048__li8770480458"></a><a name="li8770480458"></a>Multiple containers can be configured in a pod. You can click <span class="uicontrol" id="cce_10_0048__uicontrol75255211621"><b>Add Container</b></span> on the right to configure multiple containers for the pod.<ul id="cce_10_0048__ul481018470119"><li id="cce_10_0048__li18101047191117"><strong id="cce_10_0048__cce_10_0047_b2309121414294">Basic Info</strong>: Configure basic information about the container.
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0048__cce_10_0047_table128216444815" frame="border" border="1" rules="all"><thead align="left"><tr id="cce_10_0048__cce_10_0047_row0282348486"><th align="left" class="cellrowborder" valign="top" width="23%" id="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.1"><p id="cce_10_0048__cce_10_0047_p3282147483">Parameter</p>
|
||||
@ -32,7 +32,7 @@
|
||||
<tr id="cce_10_0048__cce_10_0047_row1844916557597"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0048__cce_10_0047_p182837474815">Image Name</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0048__cce_10_0047_p1372913120568">Click <strong id="cce_10_0048__cce_10_0047_b8790125722910">Select Image</strong> and select the image used by the container.</p>
|
||||
<p id="cce_10_0048__cce_10_0047_p137884754811">To use a third-party image, directly enter image path. Ensure that the <a href="cce_10_0047.html#cce_10_0047__li1487514116369">image access credential</a> can be used to access the image repository. For details, see <a href="cce_10_0009.html">Using Third-Party Images</a>.</p>
|
||||
<p id="cce_10_0048__cce_10_0047_p137884754811">To use a third-party image, see <a href="cce_10_0009.html">Using Third-Party Images</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0048__cce_10_0047_row338117362515"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0048__cce_10_0047_p1038143616517">Image Tag</p>
|
||||
@ -54,8 +54,8 @@
|
||||
</tr>
|
||||
<tr id="cce_10_0048__cce_10_0047_row272852945719"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0048__cce_10_0047_p20728192912572">(Optional) GPU Quota</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0048__cce_10_0047_p53791055710">Configurable only when the cluster contains GPU nodes and the <a href="cce_10_0141.html">CCE AI Suite (NVIDIA GPU)</a> add-on has been installed.</p>
|
||||
<ul id="cce_10_0048__cce_10_0047_ul19823440122219"><li id="cce_10_0048__cce_10_0047_li14823540152219"><strong id="cce_10_0048__cce_10_0047_b74394181358">Do not use</strong>: No GPU will be used.</li><li id="cce_10_0048__cce_10_0047_li128232405222"><strong id="cce_10_0048__cce_10_0047_b53941737155016">GPU card</strong>: The GPU is dedicated for the container.</li><li id="cce_10_0048__cce_10_0047_li13823440182213"><strong id="cce_10_0048__cce_10_0047_b1433212715356">GPU Virtualization</strong>: percentage of GPU resources used by the container. For example, if this parameter is set to <strong id="cce_10_0048__cce_10_0047_b13332192713352">10%</strong>, the container will use 10% of GPU resources.</li></ul>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0048__cce_10_0047_p53791055710">Configurable only when the cluster contains GPU nodes and the <a href="cce_10_0141.html">CCE AI Suite (NVIDIA GPU)</a> add-on is installed.</p>
|
||||
<ul id="cce_10_0048__cce_10_0047_ul19823440122219"><li id="cce_10_0048__cce_10_0047_li14823540152219"><strong id="cce_10_0048__cce_10_0047_b74394181358">All</strong>: No GPU will be used.</li><li id="cce_10_0048__cce_10_0047_li128232405222"><strong id="cce_10_0048__cce_10_0047_b2930224153512">Dedicated</strong>: GPU resources are dedicated for the container.</li><li id="cce_10_0048__cce_10_0047_li13823440182213"><strong id="cce_10_0048__cce_10_0047_b1433212715356">Shared</strong>: percentage of GPU resources used by the container. For example, if this parameter is set to <strong id="cce_10_0048__cce_10_0047_b13332192713352">10%</strong>, the container uses 10% of GPU resources.</li></ul>
|
||||
<p id="cce_10_0048__cce_10_0047_p91801538202613">For details about how to use GPUs in the cluster, see <a href="cce_10_0345.html">Default GPU Scheduling in Kubernetes</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
@ -71,13 +71,6 @@
|
||||
<p id="cce_10_0048__cce_10_0047_p191910221439">An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more init containers. Application containers in a pod are started and run only after the running of all init containers completes. For details, see <a href="https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" target="_blank" rel="noopener noreferrer">Init Containers</a>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0048__cce_10_0047_row12412562240"><td class="cellrowborder" valign="top" width="23%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.1 "><p id="cce_10_0048__cce_10_0047_p0555616240">(Optional) Run Option</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="77%" headers="mcps1.3.4.2.3.2.2.2.1.1.2.1.2.1.3.1.2 "><p id="cce_10_0048__cce_10_0047_p45105617247">Add run options for the container. For details, see <a href="https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/" target="_blank" rel="noopener noreferrer">Pod</a>. CCE supports the following run options:</p>
|
||||
<ul id="cce_10_0048__cce_10_0047_ul482496102717"><li id="cce_10_0048__cce_10_0047_li9824106112720"><strong id="cce_10_0048__cce_10_0047_b297531442317">stdin</strong>: allows containers to receive input from external sources, such as terminals or other input streams.</li><li id="cce_10_0048__cce_10_0047_li19434101452716"><strong id="cce_10_0048__cce_10_0047_b10463193219282">tty</strong>: allocates a pseudo terminal to containers, allowing you to send commands to them as if you were using a local terminal.<p id="cce_10_0048__cce_10_0047_p1537282419401">In most cases, tty is enabled along with stdin, indicating that the terminal (tty) is associated with the standard input (stdin) of the container. This allows for interactive operations, similar to the <strong id="cce_10_0048__cce_10_0047_b99991540183512">kubectl exec -i -t</strong> command. The difference is that this parameter has been configured when the pod is launched.</p>
|
||||
</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
@ -87,7 +80,7 @@
|
||||
</li><li id="cce_10_0048__li1581013477116">(Optional) <strong id="cce_10_0048__cce_10_0047_b347211410339">Security Context</strong>: Assign container permissions to protect the system and other containers from being affected. Enter the user ID to assign container permissions and prevent systems and other containers from being affected.</li><li id="cce_10_0048__li128105471119">(Optional) <strong id="cce_10_0048__cce_10_0047_b4129950193311">Logging</strong>: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see <a href="cce_10_0018.html">Collecting Container Logs Using ICAgent</a>.<p id="cce_10_0048__cce_10_0047_p154878397159">To disable the standard output of the current workload, add the annotation <strong id="cce_10_0048__cce_10_0047_b882934924220">kubernetes.AOM.log.stdout: []</strong> in <a href="cce_10_0047.html#cce_10_0047__li179714209414">Labels and Annotations</a>. For details about how to use this annotation, see <a href="cce_10_0386.html#cce_10_0386__table194691458405">Table 1</a>.</p>
|
||||
</li></ul>
|
||||
</div>
|
||||
</li><li id="cce_10_0048__li1487514116369"><strong id="cce_10_0048__cce_10_0047_b479415459616">Image Access Credential</strong>: Select the credential used for accessing the image repository. The default value is <strong id="cce_10_0048__cce_10_0047_b157944451067">default-secret</strong>. You can use default-secret to access images in SWR Shared Edition. For details about <strong id="cce_10_0048__cce_10_0047_b582111347813">default-secret</strong>, see <a href="cce_10_0388.html#cce_10_0388__section11760122012591">default-secret</a>.</li><li id="cce_10_0048__li11649141318194">(Optional) <strong id="cce_10_0048__cce_10_0047_b513531164612">GPU</strong>: <strong id="cce_10_0048__cce_10_0047_b11135211134611">All</strong> is selected by default. The workload instance will be scheduled to the node of the specified GPU type.</li></ul>
|
||||
</li><li id="cce_10_0048__li1487514116369"><strong id="cce_10_0048__cce_10_0047_b479415459616">Image Access Credential</strong>: Select the credential used for accessing the image repository. The default value is <strong id="cce_10_0048__cce_10_0047_b157944451067">default-secret</strong>. You can use default-secret to access images in SWR. For details about <strong id="cce_10_0048__cce_10_0047_b582111347813">default-secret</strong>, see <a href="cce_10_0388.html#cce_10_0388__section11760122012591">default-secret</a>.</li><li id="cce_10_0048__li11649141318194">(Optional) <strong id="cce_10_0048__cce_10_0047_b513531164612">GPU</strong>: <strong id="cce_10_0048__cce_10_0047_b11135211134611">All</strong> is selected by default. The workload instance will be scheduled to the node of the specified GPU type.</li></ul>
|
||||
</div>
|
||||
<p id="cce_10_0048__p75731743299"><strong id="cce_10_0048__b104641840113614">Headless Service Parameters</strong></p>
|
||||
<p id="cce_10_0048__p757424310917">A headless Service is used to solve the problem of mutual access between pods in a StatefulSet. The headless Service provides a fixed access domain name for each pod. For details, see <a href="cce_10_0398.html">Headless Services</a>.</p>
|
||||
@ -96,19 +89,17 @@
|
||||
<p id="cce_10_0048__p13343123113612">You can also create a Service after creating a workload. For details about Services of different types, see <a href="cce_10_0249.html">Overview</a>.</p>
|
||||
<div class="p" id="cce_10_0048__p310913521612"><strong id="cce_10_0048__b21631580735239">(Optional) Advanced Settings</strong><ul id="cce_10_0048__ul142811417"><li id="cce_10_0048__li0421513417"><strong id="cce_10_0048__cce_10_0047_b15415314859">Upgrade</strong>: Specify the upgrade mode and parameters of the workload. <strong id="cce_10_0048__cce_10_0047_b153151558165913">Rolling upgrade</strong> and <strong id="cce_10_0048__cce_10_0047_b1621251402">Replace upgrade</strong> are available. For details, see <a href="cce_10_0397.html">Configuring Workload Upgrade Policies</a>.</li><li id="cce_10_0048__li206428507436"><strong id="cce_10_0048__b1840219331836">Pod Management Policies</strong><p id="cce_10_0048__p151323251334">For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.</p>
|
||||
<ul id="cce_10_0048__ul758812493316"><li id="cce_10_0048__li258832417338"><strong id="cce_10_0048__b13534251116">OrderedReady</strong>: The StatefulSet will deploy, delete, or scale pods in order and one by one. (The StatefulSet continues only after the previous pod is ready or deleted.) This is the default policy.</li><li id="cce_10_0048__li1558862416338"><strong id="cce_10_0048__b112293521039">Parallel</strong>: The StatefulSet will create pods in parallel to match the desired scale without waiting, and will delete all pods at once.</li></ul>
|
||||
</li><li id="cce_10_0048__li7127180594"><strong id="cce_10_0048__cce_10_0047_b289714923012">Scheduling</strong>: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.<ul id="cce_10_0048__cce_10_0047_ul16976133413332"><li id="cce_10_0048__cce_10_0047_li7687143311331"><strong id="cce_10_0048__cce_10_0047_b1243811103214">Load Affinity</strong>: Common load affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0048__cce_10_0047_ul1865517492338"><li id="cce_10_0048__cce_10_0047_li7393234068"><strong id="cce_10_0048__cce_10_0047_b15439175514563">Not configured</strong>: No load affinity policy is configured.</li><li id="cce_10_0048__cce_10_0047_li84431255153310"><strong id="cce_10_0048__cce_10_0047_b1069211531709">Multi-AZ deployment preferred</strong>: Workload pods are <strong id="cce_10_0048__cce_10_0047_b126921353203">preferentially</strong> scheduled to nodes in different AZs through pod anti-affinity.</li><li id="cce_10_0048__cce_10_0047_li10775194183413"><strong id="cce_10_0048__cce_10_0047_b1667575214119">Forcible multi-AZ deployment</strong>: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (<strong id="cce_10_0048__cce_10_0047_b10853186174217">podAntiAffinity</strong>). If there are fewer AZs than pods, the extra pods will fail to run.</li><li id="cce_10_0048__cce_10_0047_li177960111349"><strong id="cce_10_0048__cce_10_0047_b18931103644418">Customize affinity</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0893.html">Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)</a>.</li></ul>
|
||||
</li><li id="cce_10_0048__cce_10_0047_li136191442193318"><strong id="cce_10_0048__cce_10_0047_b540915914458">Node Affinity</strong>: Common node affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0048__cce_10_0047_ul106562113415"><li id="cce_10_0048__cce_10_0047_li3815113910617"><strong id="cce_10_0048__cce_10_0047_b129361841585">Not configured</strong>: No node affinity policy is configured.</li><li id="cce_10_0048__cce_10_0047_li11588172453415"><strong id="cce_10_0048__cce_10_0047_b1354131044913">Specify node</strong>: Workload pods can be deployed on specified nodes through node affinity (<strong id="cce_10_0048__cce_10_0047_b17387313105016">nodeAffinity</strong>). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0048__cce_10_0047_li12588142414347"><strong id="cce_10_0048__cce_10_0047_b1143642735217">Specify node pool</strong>: Workload pods can be deployed in a specified node pool through node affinity (<strong id="cce_10_0048__cce_10_0047_b1443715272523">nodeAffinity</strong>). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0048__cce_10_0047_li14588192418347"><strong id="cce_10_0048__cce_10_0047_b145411819458">Customize affinity</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</li></ul>
|
||||
</li><li id="cce_10_0048__li7127180594"><strong id="cce_10_0048__cce_10_0047_b289714923012">Scheduling</strong>: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.<ul id="cce_10_0048__cce_10_0047_ul16976133413332"><li id="cce_10_0048__cce_10_0047_li7687143311331"><strong id="cce_10_0048__cce_10_0047_b1243811103214">Load Affinity</strong>: Common load affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0048__cce_10_0047_ul1865517492338"><li id="cce_10_0048__cce_10_0047_li7393234068"><strong id="cce_10_0048__cce_10_0047_b15439175514563">Not configured</strong>: No load affinity policy is configured.</li><li id="cce_10_0048__cce_10_0047_li84431255153310"><strong id="cce_10_0048__cce_10_0047_b1069211531709">Multi-AZ deployment preferred</strong>: Workload pods are <strong id="cce_10_0048__cce_10_0047_b126921353203">preferentially</strong> scheduled to nodes in different AZs through pod anti-affinity.</li><li id="cce_10_0048__cce_10_0047_li10775194183413"><strong id="cce_10_0048__cce_10_0047_b1667575214119">Forcible multi-AZ deployment</strong>: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (<strong id="cce_10_0048__cce_10_0047_b10853186174217">podAntiAffinity</strong>). If there are fewer AZs than pods, the extra pods will fail to run.</li><li id="cce_10_0048__cce_10_0047_li177960111349"><strong id="cce_10_0048__cce_10_0047_b18931103644418">Custom policies</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0893.html">Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)</a>.</li></ul>
|
||||
</li><li id="cce_10_0048__cce_10_0047_li136191442193318"><strong id="cce_10_0048__cce_10_0047_b540915914458">Node Affinity</strong>: Common load affinity policies are offered for quick load affinity deployment.<ul id="cce_10_0048__cce_10_0047_ul106562113415"><li id="cce_10_0048__cce_10_0047_li3815113910617"><strong id="cce_10_0048__cce_10_0047_b129361841585">Not configured</strong>: No node affinity policy is configured.</li><li id="cce_10_0048__cce_10_0047_li11588172453415"><strong id="cce_10_0048__cce_10_0047_b1354131044913">Node Affinity</strong>: Workload pods can be deployed on specified nodes through node affinity (<strong id="cce_10_0048__cce_10_0047_b17387313105016">nodeAffinity</strong>). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0048__cce_10_0047_li12588142414347"><strong id="cce_10_0048__cce_10_0047_b1143642735217">Specified node pool scheduling</strong>: Workload pods can be deployed in a specified node pool through node affinity (<strong id="cce_10_0048__cce_10_0047_b1443715272523">nodeAffinity</strong>). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.</li><li id="cce_10_0048__cce_10_0047_li14588192418347"><strong id="cce_10_0048__cce_10_0047_b145411819458">Custom policies</strong>: Affinity and anti-affinity policies can be customized. For details, see <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</li></ul>
|
||||
</li></ul>
|
||||
</li><li id="cce_10_0048__li13285132913414"><strong id="cce_10_0048__cce_10_0047_b15261142101217">Toleration</strong>: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see <a href="cce_10_0728.html">Configuring Tolerance Policies</a>.</li><li id="cce_10_0048__li179714209414"><strong id="cce_10_0048__cce_10_0047_b562135212518">Labels and Annotations</strong>: Add labels or annotations for pods using key-value pairs. After entering the key and value, click <strong id="cce_10_0048__cce_10_0047_b1439805716617">Confirm</strong>. For details about how to use and configure labels and annotations, see <a href="cce_10_0386.html">Configuring Labels and Annotations</a>.</li><li id="cce_10_0048__li1917237124111"><strong id="cce_10_0048__cce_10_0047_b1428118321389">DNS</strong>: Configure a separate DNS policy for the workload. For details, see <a href="cce_10_0365.html">DNS Configuration</a>.</li><li id="cce_10_0048__li1985863319162"><strong id="cce_10_0048__b157014128328">Network Configuration</strong><ul id="cce_10_0048__ul9870163414162"><li id="cce_10_0048__li8488616152">Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see <a href="cce_10_0382.html">Configuring QoS for a Pod</a>.</li><li id="cce_10_0048__li246062816567">Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see <a href="cce_10_0603.html">Configuring a Static IP Address for a Pod</a>.</li><li id="cce_10_0048__li1898141443111">Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see <a href="cce_10_0196.html">Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration</a>.</li><li id="cce_10_0048__li465673203314">Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.</li><li id="cce_10_0048__li6361894173">IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see <a href="cce_10_0604.html">Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs</a>.</li></ul>
|
||||
</li></ul>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0048__li01417411620"><span>Click <span class="uicontrol" id="cce_10_0048__uicontrol2330814123917"><b>Create Workload</b></span> in the lower right corner. After a period of time, the workload enters the <strong id="cce_10_0048__b113308146398">Running</strong> state.</span><p><p id="cce_10_0048__p10189103315612"></p>
|
||||
<p id="cce_10_0048__p141597358620"></p>
|
||||
</p></li></ol>
|
||||
</p></li><li id="cce_10_0048__li01417411620"><span>Click <strong id="cce_10_0048__b2573105264313">Create Workload</strong> in the lower right corner.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0048__section113441881214"><h4 class="sectiontitle"><span class="keyword" id="cce_10_0048__keyword1096424634155120">Using kubectl</span></h4><p id="cce_10_0048__p829311262556">In this example, a Nginx workload is used and the EVS volume is dynamically mounted to it using the <strong id="cce_10_0048__b890694313189">volumeClaimTemplates</strong> field.</p>
|
||||
<ol id="cce_10_0048__ol8784163652310"><li id="cce_10_0048__li2338171784610"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0048__li786619612249"><span>Create and edit the <strong id="cce_10_0048__b17333192071415">nginx-statefulset.yaml</strong> file.</span><p><p id="cce_10_0048__li1020013819415p0"><strong id="cce_10_0048__b122558194376">nginx-statefulset.yaml</strong> is an example file name, and you can change it as required.</p>
|
||||
<pre class="screen" id="cce_10_0048__screen536172591118">vi nginx-statefulset.yaml</pre>
|
||||
<ol id="cce_10_0048__ol8784163652310"><li id="cce_10_0048__li2338171784610"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0048__li786619612249"><span>Create and edit the <strong id="cce_10_0048__b17333192071415">nginx-statefulset.yaml</strong> file.</span><p><p id="cce_10_0048__li1020013819415p0"><strong id="cce_10_0048__b122558194376">nginx-statefulset.yaml</strong> is an example file name, and you can change it as required.</p>
|
||||
<p id="cce_10_0048__p1587215618244"><strong id="cce_10_0048__b28744642413">vi nginx-statefulset.yaml</strong></p>
|
||||
<p id="cce_10_0048__p211135719251">The following provides an example of the file contents. For more information on StatefulSet, see the <a href="https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/" target="_blank" rel="noopener noreferrer">Kubernetes documentation</a>.</p>
|
||||
<pre class="screen" id="cce_10_0048__screen188753615243">apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
@ -165,9 +156,7 @@ spec:
|
||||
storageClassName: csi-disk # StorageClass name. The value is <strong id="cce_10_0048__b135233111916">csi-disk</strong> for the EVS volume.
|
||||
updateStrategy:
|
||||
type: RollingUpdate</pre>
|
||||
<p id="cce_10_0048__p1513685914111">Create and edit the <strong id="cce_10_0048__b4515176398">nginx-headless.yaml</strong> file.</p>
|
||||
<pre class="screen" id="cce_10_0048__screen12214133261215">vi nginx-headless.yaml</pre>
|
||||
<p id="cce_10_0048__p37525268126">The content is as follows:</p>
|
||||
<p id="cce_10_0048__p2939196152413"><strong id="cce_10_0048__b1394256172413">vi nginx-headless.yaml</strong></p>
|
||||
<pre class="screen" id="cce_10_0048__screen294316112416">apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@ -187,11 +176,10 @@ spec:
|
||||
port: 80
|
||||
protocol: TCP
|
||||
type: ClusterIP</pre>
|
||||
</p></li><li id="cce_10_0048__li1998416615246"><span>Create the workload.</span><p><pre class="screen" id="cce_10_0048__screen5396143761117">kubectl create -f nginx-statefulset.yaml</pre>
|
||||
</p></li><li id="cce_10_0048__li1998416615246"><span>Create a workload and the corresponding headless service.</span><p><p id="cce_10_0048__p1198813611249"><strong id="cce_10_0048__b15990126112416">kubectl create -f nginx-statefulset.yaml</strong></p>
|
||||
<p id="cce_10_0048__p12328163452813">If the following information is displayed, the StatefulSet has been successfully created.</p>
|
||||
<pre class="screen" id="cce_10_0048__screen2571141615288">statefulset.apps/nginx created</pre>
|
||||
<p id="cce_10_0048__p7735102011315">Create a headless Service.</p>
|
||||
<pre class="screen" id="cce_10_0048__screen1139093161317">kubectl create -f nginx-headless.yaml</pre>
|
||||
<p id="cce_10_0048__p1990064241"><strong id="cce_10_0048__b599213611242">kubectl create -f <strong id="cce_10_0048__b599417613242">nginx-headless</strong>.yaml</strong></p>
|
||||
<p id="cce_10_0048__p16120180172919">If the following information is displayed, the headless service has been successfully created.</p>
|
||||
<pre class="screen" id="cce_10_0048__screen78956247288">service/nginx-svc created</pre>
|
||||
</p></li><li id="cce_10_0048__li17997169246"><span>If the workload will be accessed through a ClusterIP or NodePort Service, configure the access mode. For details, see <a href="cce_10_0020.html">Network</a>.</span></li></ol>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -4,14 +4,14 @@
|
||||
<div id="body8662426"><div class="section" id="cce_10_0063__section127666327248"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0063__p192873216229">After a node scaling policy is created, you can delete, edit, disable, enable, or clone the policy.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0063__section102878407207"><h4 class="sectiontitle">Viewing a Node Scaling Policy</h4><p id="cce_10_0063__p713741135215">You can view the associated node pool, rules, and scaling history of a node scaling policy and rectify faults according to the error information displayed.</p>
|
||||
<ol id="cce_10_0063__ol17409123885219"><li id="cce_10_0063__li148293318248"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0063__li757116188514"><span>In the navigation pane, choose <span class="uicontrol" id="cce_10_0063__uicontrol181311281374"><b>Nodes</b></span>. On the page displayed, click the <strong id="cce_10_0063__b1381322833713">Node Pools</strong> tab and then the name of the node pool for which an auto scaling policy has been created to view the node pool details.</span></li><li id="cce_10_0063__li391162210375"><span>On the node pool details page, click the <strong id="cce_10_0063__b182822310377">Auto Scaling</strong> tab to view the auto scaling configuration and scaling records.</span><p><div class="note" id="cce_10_0063__note13404926203311"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0063__p1793618441931">You can obtain created auto scaling policies on the <strong id="cce_10_0063__b514212331917"><span id="cce_10_0063__text67571453104013">Policies</span></strong> page.</p>
|
||||
<ol id="cce_10_0063__ol17409123885219"><li id="cce_10_0063__li148293318248"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0063__li757116188514"><span>In the navigation pane, choose <span class="uicontrol" id="cce_10_0063__uicontrol885043603616"><b>Nodes</b></span>.On the page displayed, click the <strong id="cce_10_0063__b1785019363361">Node Pools</strong> tab and then the name of the node pool for which an auto scaling policy has been created to view the node pool details.</span></li><li id="cce_10_0063__li391162210375"><span>On the node pool details page, click the <strong id="cce_10_0063__b182822310377">Auto Scaling</strong> tab to view the auto scaling configuration and scaling records.</span><p><div class="note" id="cce_10_0063__note13404926203311"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0063__p1793618441931">You can obtain created auto scaling policies on the <strong id="cce_10_0063__b514212331917"><span id="cce_10_0063__text67571453104013">Policies</span></strong> page.</p>
|
||||
<ol type="a" id="cce_10_0063__ol1691347738"><li id="cce_10_0063__li5468556932">Log in to the CCE console and click the cluster name to access the cluster console.</li><li id="cce_10_0063__li87313521749">In the navigation pane, choose <strong id="cce_10_0063__b576614533199"><span id="cce_10_0063__text1838374619210">Policies</span></strong>. On the page displayed, click the <strong id="cce_10_0063__b810014379203">Node Scaling Policies</strong> tab.</li><li id="cce_10_0063__li141394161742">Check the configuration of the auto scaling policies. Choose <strong id="cce_10_0063__b10717289212">More</strong> > <strong id="cce_10_0063__b817473111210">Scaling History</strong> for the target policy to check the scaling records of the policy.</li></ol>
|
||||
</div></div>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0063__section128584032017"><h4 class="sectiontitle">Deleting a Node Scaling Policy</h4><ol id="cce_10_0063__ol14644105712488"><li id="cce_10_0063__li41181041153517"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0063__li21181041113517"><span>In the navigation pane, choose <strong id="cce_10_0063__b1214315541372"><span id="cce_10_0063__text82292962415">Policies</span></strong>. On the page displayed, click the <strong id="cce_10_0063__b6742397389">Node Scaling Policies</strong> tab, locate the row containing the target policy and choose <strong id="cce_10_0063__b1770171519392">More</strong> > <strong id="cce_10_0063__b88264165396">Delete</strong> in the <strong id="cce_10_0063__b7342193564112">Operation</strong> column.</span></li><li id="cce_10_0063__li19809141991015"><span>In the <span class="wintitle" id="cce_10_0063__wintitle195460432178"><b>Delete Node Scaling Policy</b></span> dialog box displayed, confirm whether to delete the policy.</span></li><li id="cce_10_0063__li1340513385528"><span>Click <span class="uicontrol" id="cce_10_0063__uicontrol12723105481711"><b>Yes</b></span> to delete the policy.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0063__section5652756162214"><h4 class="sectiontitle">Editing a Node Scaling Policy</h4><ol id="cce_10_0063__ol067875612225"><li id="cce_10_0063__li1148617913919"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0063__li19486498394"><span>In the navigation pane, choose <strong id="cce_10_0063__b19317105710390"><span id="cce_10_0063__text105014172246">Policies</span></strong>. On the page displayed, click the <strong id="cce_10_0063__b5317185793910">Node Scaling Policies</strong> tab, locate the row containing the target policy and click <strong id="cce_10_0063__b822154212401">Edit</strong> in the <strong id="cce_10_0063__b152854419415">Operation</strong> column.</span></li><li id="cce_10_0063__li56781856152211"><span>On the <span class="uicontrol" id="cce_10_0063__uicontrol7933134119486"><b>Edit Node Scaling Policy</b></span> page displayed, configure policy parameters listed in <a href="cce_10_0209.html#cce_10_0209__table18763092201">Table 4</a>.</span></li><li id="cce_10_0063__li86781756112220"><span>After the configuration is complete, click <span class="uicontrol" id="cce_10_0063__uicontrol07463587480"><b>OK</b></span>.</span></li></ol>
|
||||
<div class="section" id="cce_10_0063__section5652756162214"><h4 class="sectiontitle">Editing a Node Scaling Policy</h4><ol id="cce_10_0063__ol067875612225"><li id="cce_10_0063__li1148617913919"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0063__li19486498394"><span>In the navigation pane, choose <strong id="cce_10_0063__b19317105710390"><span id="cce_10_0063__text105014172246">Policies</span></strong>. On the page displayed, click the <strong id="cce_10_0063__b5317185793910">Node Scaling Policies</strong> tab, locate the row containing the target policy and click <strong id="cce_10_0063__b822154212401">Edit</strong> in the <strong id="cce_10_0063__b152854419415">Operation</strong> column.</span></li><li id="cce_10_0063__li56781856152211"><span>On the <span class="uicontrol" id="cce_10_0063__uicontrol7933134119486"><b>Edit Node Scaling Policy</b></span> page displayed, configure policy parameters listed in <a href="cce_10_0209.html#cce_10_0209__table18763092201">Table 2</a>.</span></li><li id="cce_10_0063__li86781756112220"><span>After the configuration is complete, click <span class="uicontrol" id="cce_10_0063__uicontrol07463587480"><b>OK</b></span>.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0063__section367810565223"><h4 class="sectiontitle">Cloning a Node Scaling Policy</h4><ol id="cce_10_0063__ol1283103252519"><li id="cce_10_0063__li20680159143911"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0063__li1068085914390"><span>In the navigation pane, choose <strong id="cce_10_0063__b182079494212"><span id="cce_10_0063__text15369102114247">Policies</span></strong>. On the page displayed, click the <strong id="cce_10_0063__b1620711418426">Node Scaling Policies</strong> tab, locate the row containing the target policy and choose <strong id="cce_10_0063__b1020734124213">More</strong> > <strong id="cce_10_0063__b620724164218">Clone</strong> in the <strong id="cce_10_0063__b82081045425">Operation</strong> column.</span></li><li id="cce_10_0063__li128363212514"><span>On the <span class="uicontrol" id="cce_10_0063__uicontrol162071440144911"><b>Create Node Scaling Policy</b></span> page displayed, certain parameters have been cloned. Add or modify other policy parameters based on service requirements.</span></li><li id="cce_10_0063__li383732172512"><span>Click <strong id="cce_10_0063__b76092016183">OK</strong>.</span></li></ol>
|
||||
</div>
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
</div>
|
||||
<div class="section" id="cce_10_0066__section168341157155317"><h4 class="sectiontitle">Installing the Add-on</h4><p id="cce_10_0066__p11695354471">This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:</p>
|
||||
<ol id="cce_10_0066__ol9183433182510"><li id="cce_10_0066__li13183153352515"><span>Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose <strong id="cce_10_0066__b112701937115017"><span id="cce_10_0066__text102706378505">Add-ons</span></strong>, locate <strong id="cce_10_0066__b1527133713504">CCE Container Storage (Everest)</strong> on the right, and click <strong id="cce_10_0066__b10271193714503">Install</strong>.</span></li><li id="cce_10_0066__li15556183414307"><span>On the <strong id="cce_10_0066__b404877071105928">Install Add-on</strong> page, configure the specifications as needed.</span><p><ul id="cce_10_0066__ul14526143113393"><li id="cce_10_0066__li953119336397">If you selected <span class="uicontrol" id="cce_10_0066__uicontrol494318356523"><b>Preset</b></span>, you can choose between <strong id="cce_10_0066__b14943203515219">Small</strong>, <strong id="cce_10_0066__b14943183518528">Medium</strong>, or <strong id="cce_10_0066__b794493525218">Large</strong> as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.<p id="cce_10_0066__p1985116862216">The small specification is best for clusters with up to 50 nodes and 500 PVCs. The medium specification works well for clusters with up to 200 nodes and 2000 PVCs. The large specification is perfect for clusters with up to 1000 nodes and 10,000 PVCs.</p>
|
||||
</li><li id="cce_10_0066__li20286714536">If you selected <strong id="cce_10_0066__b186961127135217">Custom</strong>, you can adjust the number of pods and resource quotas as needed. The requested CPUs and memory can be adjusted based on the number of nodes and PVCs. For details, see <a href="#cce_10_0066__table189158231597">Table 1</a>.<p id="cce_10_0066__p1899919306149">In non-typical scenarios, the formulas for estimating the limits are as follows:</p>
|
||||
</li><li id="cce_10_0066__li20286714536">If you selected <strong id="cce_10_0066__b0766620165210">Custom</strong>, you can adjust the number of pods and resource quotas as needed. The requested CPU and memory can be adjusted based on the number of nodes and PVCs. For details, see <a href="#cce_10_0066__table189158231597">Table 1</a>.<p id="cce_10_0066__p1899919306149">In non-typical scenarios, the formulas for estimating the limits are as follows:</p>
|
||||
<ul id="cce_10_0066__ul6999193071413"><li id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_li26110114813">everest-csi-controller<ul id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_ul1698022218489"><li id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_li274473944916">CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes</li><li id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_li737612804815">Memory limit = (200 MiB + Number of nodes x 1 MiB + Number of PVCs x 0.2 MiB) x 1.2</li></ul>
|
||||
</li><li id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_li1615105484">everest-csi-driver<ul id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_ul05031757145019"><li id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_li6991135417503">CPU limit: 300m for 200 or fewer nodes, 500m for 1000 nodes, and 800m for 2000 nodes</li><li id="cce_10_0066__cce_faq_00429_en-us_topic_0000001244141035_li129911754195010">Memory limit: 300 MiB for 200 or fewer nodes, 600 MiB for 1000 nodes, and 900 MiB for 2000 nodes</li></ul>
|
||||
</li></ul>
|
||||
@ -166,7 +166,7 @@
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.3.3.2.1.2.4.1.2 "><p id="cce_10_0066__p68242017184320">Visualized GUI configuration</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.3.3.3.2.1.2.4.1.3 "><p id="cce_10_0066__p17811810213">Number of workers that can be concurrently processed by Everest for detaching EVS volumes. The default value is <strong id="cce_10_0066__b141323527287">60</strong>.</p>
|
||||
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.3.3.3.2.1.2.4.1.3 "><p id="cce_10_0066__p17811810213">Number of workers that can be concurrently processed by Everest for detaching EVS volumes. The default value is <strong id="cce_10_0066__b8323124033316">60</strong>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0066__row1327472042110"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.3.3.3.2.1.2.4.1.1 "><p id="cce_10_0066__p1274320142116">Distributed Volume Mounting</p>
|
||||
@ -231,7 +231,7 @@
|
||||
</div>
|
||||
<div class="note" id="cce_10_0066__note236245823912"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0066__p436225803915">In the extended parameter settings, you can customize the advanced configurations that are not displayed on the GUI. If the settings in the extended parameters conflict with those on the GUI, the settings in the extended parameters will work.</p>
|
||||
</div></div>
|
||||
</p></li><li id="cce_10_0066__li155851217011"><span>Configure deployment policies for the add-on pods.</span><p><div class="note" id="cce_10_0066__cce_10_0129_note32098410561"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0066__cce_10_0129_ul220911419567"><li id="cce_10_0066__cce_10_0129_li152095435618">Scheduling policies do not take effect on add-on pods of the DaemonSet type.</li><li id="cce_10_0066__cce_10_0129_li1720914445612">When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.</li></ul>
|
||||
</p></li><li id="cce_10_0066__li155851217011"><span>Configure deployment policies for the add-on pods.</span><p><div class="note" id="cce_10_0066__cce_10_0129_note32098410561"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0066__cce_10_0129_ul220911419567"><li id="cce_10_0066__cce_10_0129_li152095435618">Scheduling policies do not take effect on add-on instances of the DaemonSet type.</li><li id="cce_10_0066__cce_10_0129_li1720914445612">When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.</li></ul>
|
||||
</div></div>
|
||||
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0066__cce_10_0129_table52109416562" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Configurations for add-on scheduling</caption><thead align="left"><tr id="cce_10_0066__cce_10_0129_row521016413569"><th align="left" class="cellrowborder" valign="top" width="24%" id="mcps1.3.3.3.4.2.2.2.3.1.1"><p id="cce_10_0066__cce_10_0129_p15210124175611">Parameter</p>
|
||||
@ -242,12 +242,12 @@
|
||||
</thead>
|
||||
<tbody><tr id="cce_10_0066__cce_10_0129_row162102049564"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.3.3.4.2.2.2.3.1.1 "><p id="cce_10_0066__cce_10_0129_p421019416569">Multi-AZ Deployment</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.3.3.4.2.2.2.3.1.2 "><ul id="cce_10_0066__cce_10_0129_ul122101425619"><li id="cce_10_0066__cce_10_0129_li142101342560"><strong id="cce_10_0066__cce_10_0129_b14923247163911">Preferred</strong>: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.</li><li id="cce_10_0066__cce_10_0129_li52682031184214"><strong id="cce_10_0066__cce_10_0129_b8203192017422">Equivalent mode</strong>: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.</li><li id="cce_10_0066__cce_10_0129_li3210440562"><strong id="cce_10_0066__cce_10_0129_b015413651411">Forcible</strong>: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.</li></ul>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.3.3.4.2.2.2.3.1.2 "><ul id="cce_10_0066__cce_10_0129_ul122101425619"><li id="cce_10_0066__cce_10_0129_li142101342560"><strong id="cce_10_0066__cce_10_0129_b14923247163911">Preferred</strong>: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.</li><li id="cce_10_0066__cce_10_0129_li52682031184214"><strong id="cce_10_0066__cce_10_0129_b8203192017422">Equivalent mode</strong>: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.</li><li id="cce_10_0066__cce_10_0129_li3210440562"><strong id="cce_10_0066__cce_10_0129_b18511251183914">Forcible</strong>: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0066__cce_10_0129_row1121010416566"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.3.3.4.2.2.2.3.1.1 "><p id="cce_10_0066__cce_10_0129_p12210114165612">Node Affinity</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.3.3.4.2.2.2.3.1.2 "><ul id="cce_10_0066__cce_10_0129_ul1621054145617"><li id="cce_10_0066__cce_10_0129_li1721017413562"><strong id="cce_10_0066__cce_10_0129_b2074619819545">Not configured</strong>: Node affinity is disabled for the add-on.</li><li id="cce_10_0066__cce_10_0129_li52109417563"><strong id="cce_10_0066__cce_10_0129_b129562052191415">Specify node</strong>: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.</li><li id="cce_10_0066__cce_10_0129_li1421015415561"><strong id="cce_10_0066__cce_10_0129_b12590185851410">Specify node pool</strong>: Specify the node pool where the add-on is deployed. If you do not specify the node pools, the add-on will be randomly scheduled based on the default cluster scheduling policy.</li><li id="cce_10_0066__cce_10_0129_li92101542568"><strong id="cce_10_0066__cce_10_0129_b63060371515">Customize affinity</strong>: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.<p id="cce_10_0066__cce_10_0129_p19210104145617">If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.</p>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.3.3.4.2.2.2.3.1.2 "><ul id="cce_10_0066__cce_10_0129_ul1621054145617"><li id="cce_10_0066__cce_10_0129_li1721017413562"><strong id="cce_10_0066__cce_10_0129_b2074619819545">Not configured</strong>: Node affinity is disabled for the add-on.</li><li id="cce_10_0066__cce_10_0129_li52109417563"><strong id="cce_10_0066__cce_10_0129_b7658101316551">Specify node</strong>: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.</li><li id="cce_10_0066__cce_10_0129_li1421015415561"><strong id="cce_10_0066__cce_10_0129_b98581358205610">Specify node pool</strong>: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.</li><li id="cce_10_0066__cce_10_0129_li92101542568"><strong id="cce_10_0066__cce_10_0129_b634615619572">Customize affinity</strong>: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.<p id="cce_10_0066__cce_10_0129_p19210104145617">If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.</p>
|
||||
</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
@ -410,19 +410,7 @@
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody><tr id="cce_10_0066__en-us_topic_0000001559534258_row20626722193716"><td class="cellrowborder" valign="top" width="15.51155115511551%" headers="mcps1.3.6.2.2.4.1.1 "><p id="cce_10_0066__en-us_topic_0000001559534258_p1516293063713">2.4.134</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="25.172517251725175%" headers="mcps1.3.6.2.2.4.1.2 "><p id="cce_10_0066__en-us_topic_0000001559534258_p1016217306376">v1.25</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p1716273010375">v1.27</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p2162530103716">v1.28</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p181621330183717">v1.29</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p1116253053710">v1.30</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p1016283093714">v1.31</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="59.31593159315932%" headers="mcps1.3.6.2.2.4.1.3 "><p id="cce_10_0066__en-us_topic_0000001559534258_p1668154463714">Fixed some issues.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0066__en-us_topic_0000001559534258_row16377112285810"><td class="cellrowborder" valign="top" width="15.51155115511551%" headers="mcps1.3.6.2.2.4.1.1 "><p id="cce_10_0066__en-us_topic_0000001559534258_p1289322913588">2.4.75</p>
|
||||
<tbody><tr id="cce_10_0066__en-us_topic_0000001559534258_row16377112285810"><td class="cellrowborder" valign="top" width="15.51155115511551%" headers="mcps1.3.6.2.2.4.1.1 "><p id="cce_10_0066__en-us_topic_0000001559534258_p1289322913588">2.4.75</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="25.172517251725175%" headers="mcps1.3.6.2.2.4.1.2 "><p id="cce_10_0066__en-us_topic_0000001559534258_p1089382985814">v1.23</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p15893152955819">v1.25</p>
|
||||
@ -475,7 +463,7 @@
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p774595219571">v1.27</p>
|
||||
<p id="cce_10_0066__en-us_topic_0000001559534258_p9635155419571">v1.28</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="59.31593159315932%" headers="mcps1.3.6.2.2.4.1.3 "><p id="cce_10_0066__en-us_topic_0000001559534258_p2169114418574">CCE clusters v1.28 are supported.</p>
|
||||
<td class="cellrowborder" valign="top" width="59.31593159315932%" headers="mcps1.3.6.2.2.4.1.3 "><p id="cce_10_0066__en-us_topic_0000001559534258_p2169114418574">CCE clusters 1.28 are supported.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0066__en-us_topic_0000001559534258_row156681058121613"><td class="cellrowborder" valign="top" width="15.51155115511551%" headers="mcps1.3.6.2.2.4.1.1 "><p id="cce_10_0066__en-us_topic_0000001559534258_p6718151181712">2.1.51</p>
|
||||
|
||||
@ -4,8 +4,6 @@
|
||||
<div id="body8662426"></div>
|
||||
<div>
|
||||
<ul class="ullinks">
|
||||
<li class="ulchildlink"><strong><a href="cce_bulletin_0099.html">Kubernetes 1.31 Release Notes</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_bulletin_0095.html">Kubernetes 1.30 Release Notes</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_bulletin_0089.html">Kubernetes 1.29 Release Notes</a></strong><br>
|
||||
@ -27,7 +25,7 @@
|
||||
</ul>
|
||||
|
||||
<div class="familylinks">
|
||||
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0002.html">Cluster Version Release Notes</a></div>
|
||||
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_10_0002.html">Cluster Overview</a></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@ -111,14 +111,15 @@
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="39.603960396039604%" headers="mcps1.3.5.2.1.4.1.2 "><p id="cce_10_0081__p5387151854714">You can configure core components with fine granularity.</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="38.453845384538454%" headers="mcps1.3.5.2.1.4.1.3 "><ul id="cce_10_0081__ul131631956486"><li id="cce_10_0081__li16163105164816">This function is supported only in clusters of v1.15 or later. It is not displayed for versions earlier than v1.15.</li><li id="cce_10_0081__li191638515487">The default node pool does not support this type of configuration.</li></ul>
|
||||
<td class="cellrowborder" valign="top" width="38.453845384538454%" headers="mcps1.3.5.2.1.4.1.3 "><ul id="cce_10_0081__ul131631956486"><li id="cce_10_0081__li16163105164816">This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.</li><li id="cce_10_0081__li191638515487">The default node pool does not support this type of configuration.</li></ul>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0081__section12603142443319"><h4 class="sectiontitle"><span class="keyword" id="cce_10_0081__keyword134411635193118">Deploying a Workload in a Specified Node Pool</span></h4><p id="cce_10_0081__p554031713358">When configuring a workload, you can set the workload affinity and node affinity on the <strong id="cce_10_0081__b65991804713">Scheduling</strong> tab to forcibly deploy the workload to a specific node pool. This way, the workload runs only on nodes in that node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</p>
|
||||
<div class="section" id="cce_10_0081__section12603142443319"><h4 class="sectiontitle"><span class="keyword" id="cce_10_0081__keyword134411635193118">Deploying a Workload in a Specified Node Pool</span></h4><p id="cce_10_0081__p153911712353">When creating a workload, you can constrain pods to run in a specified node pool.</p>
|
||||
<p id="cce_10_0081__p554031713358">For example, on the CCE console, you can set the affinity between the workload and the node on the <strong id="cce_10_0081__b65991804713">Scheduling Policies</strong> tab page on the workload details page to forcibly deploy the workload to a specific node pool. In this way, the workload runs only on nodes in the node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in <a href="cce_10_0892.html">Configuring Node Affinity Scheduling (nodeAffinity)</a>.</p>
|
||||
<p id="cce_10_0081__p614655184910">For example, you can use container's resource request as a nodeSelector so that workloads will run only on the nodes that meet the resource request.</p>
|
||||
<p id="cce_10_0081__p1854041717353">If the workload definition file defines a container that requires four CPUs, the scheduler will not choose the nodes with two CPUs to run workloads.</p>
|
||||
</div>
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<h1 class="topictitle1">Enabling ICMP Security Group Rules</h1>
|
||||
<div id="body1530866171131"><div class="section" id="cce_10_0084__section106079439418"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0084__p34679509418">If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers. </p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0084__section865612352391"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0084__ol1999461164212"><li id="cce_10_0084__li2114123554110"><span>Log in to the CCE console and choose <span class="uicontrol" id="cce_10_0084__uicontrol8903205152316"><b>Networking</b></span> > <span class="uicontrol" id="cce_10_0084__uicontrol2903851102314"><b>Virtual Private Cloud</b></span> in the service list. In the navigation pane, choose <span class="uicontrol" id="cce_10_0084__uicontrol13903195119235"><b>Access Control</b></span> > <span class="uicontrol" id="cce_10_0084__uicontrol1903115192316"><b>Security Groups</b></span>.</span></li><li id="cce_10_0084__li1211191111308"><span>In the security group list, locate the security group of the cluster. Click the <strong id="cce_10_0084__b104332046247">Inbound Rules</strong> tab page and then <strong id="cce_10_0084__b104331541248">Add Rule</strong>. In the <strong id="cce_10_0084__b143384162410">Add Inbound Rule</strong> dialog box, configure inbound parameters.</span><p>
|
||||
<div class="section" id="cce_10_0084__section865612352391"><h4 class="sectiontitle">Procedure</h4><ol id="cce_10_0084__ol1999461164212"><li id="cce_10_0084__li2114123554110"><span>Log in to the CCE console, choose <span class="uicontrol" id="cce_10_0084__uicontrol16903135110235"><b>Service List</b></span> > <span class="uicontrol" id="cce_10_0084__uicontrol8903205152316"><b>Networking</b></span> > <span class="uicontrol" id="cce_10_0084__uicontrol2903851102314"><b>Virtual Private Cloud</b></span>, and choose <span class="uicontrol" id="cce_10_0084__uicontrol13903195119235"><b>Access Control</b></span> > <span class="uicontrol" id="cce_10_0084__uicontrol1903115192316"><b>Security Groups</b></span> in the navigation pane.</span></li><li id="cce_10_0084__li1211191111308"><span>In the security group list, locate the security group of the cluster. Click the <strong id="cce_10_0084__b104332046247">Inbound Rules</strong> tab page and then <strong id="cce_10_0084__b104331541248">Add Rule</strong>. In the <strong id="cce_10_0084__b143384162410">Add Inbound Rule</strong> dialog box, configure inbound parameters.</span><p>
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0084__table14257503611" frame="border" border="1" rules="all"><thead align="left"><tr id="cce_10_0084__row02645133615"><th align="left" class="cellrowborder" valign="top" width="16.189999999999998%" id="mcps1.3.2.2.2.2.1.1.6.1.1"><p id="cce_10_0084__p84201847103620">Cluster Type</p>
|
||||
</th>
|
||||
<th align="left" class="cellrowborder" valign="top" width="12.690000000000001%" id="mcps1.3.2.2.2.2.1.1.6.1.2"><p id="cce_10_0084__p152616516364">ELB Type</p>
|
||||
|
||||
@ -4,9 +4,7 @@
|
||||
<div id="body1505899032898"></div>
|
||||
<div>
|
||||
<ul class="ullinks">
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0430.html">Cluster Overview</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0002.html">Cluster Version Release Notes</a></strong><br>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0002.html">Cluster Overview</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0298.html">Creating a Cluster</a></strong><br>
|
||||
</li>
|
||||
|
||||
@ -1,21 +1,21 @@
|
||||
<a name="cce_10_0094"></a><a name="cce_10_0094"></a>
|
||||
|
||||
<h1 class="topictitle1">Overview</h1>
|
||||
<div id="body0000001159453456"><div class="section" id="cce_10_0094__section17868123416122"><h4 class="sectiontitle">Why We Need Ingresses?</h4><p id="cce_10_0094__p19813582419">A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.</p>
|
||||
<div id="body0000001159453456"><div class="section" id="cce_10_0094__section17868123416122"><h4 class="sectiontitle">Why We Need Ingresses</h4><p id="cce_10_0094__p19813582419">A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.</p>
|
||||
<p id="cce_10_0094__p168757241679">An ingress is an independent resource in the Kubernetes cluster and defines rules for forwarding external access traffic. As shown in <a href="#cce_10_0094__fig18155819416">Figure 1</a>, you can customize forwarding rules based on domain names and URLs to implement fine-grained distribution of access traffic.</p>
|
||||
<div class="fignone" id="cce_10_0094__fig18155819416"><a name="cce_10_0094__fig18155819416"></a><a name="fig18155819416"></a><span class="figcap"><b>Figure 1 </b>Ingress diagram</span><br><span><img class="eddx" id="cce_10_0094__image98185817414" src="en-us_image_0000002218660810.png"></span></div>
|
||||
<div class="fignone" id="cce_10_0094__fig18155819416"><a name="cce_10_0094__fig18155819416"></a><a name="fig18155819416"></a><span class="figcap"><b>Figure 1 </b>Ingress diagram</span><br><span><img class="eddx" id="cce_10_0094__image98185817414" src="en-us_image_0000002065480762.png"></span></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section195431917247"><h4 class="sectiontitle">Ingress Overview</h4><p id="cce_10_0094__p128258846">Kubernetes uses ingress resources to define how incoming traffic should be handled, while the Ingress Controller is responsible for processing the actual traffic.</p>
|
||||
<ul id="cce_10_0094__ul2875811411"><li id="cce_10_0094__li78145815413"><strong id="cce_10_0094__b1561012463389">Ingress object</strong>: a set of access rules that forward requests to specified Services based on domain names or paths. It can be added, deleted, modified, and queried by calling APIs.</li><li id="cce_10_0094__li148115817417"><strong id="cce_10_0094__b289514915381">Ingress Controller</strong>: an executor for forwarding requests. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.<div class="p" id="cce_10_0094__p37234233412">The way of implementing Ingress Controllers varies depending on their vendors. CCE supports LoadBalancer Ingress Controllers and NGINX Ingress Controllers.<ul id="cce_10_0094__ul852429154112"><li id="cce_10_0094__li1274314520414">LoadBalancer Ingress Controllers are deployed on master nodes and forward traffic based on the ELB. All policy configurations and forwarding behaviors are managed on the ELB.</li><li id="cce_10_0094__li1218142764120">NGINX Ingress Controllers are deployed in clusters using charts and images maintained by the Kubernetes community. They provide external access through NodePort and forward external traffic to other services in the cluster through Nginx. All traffic forwarding behaviors and forwarding objects are within the cluster.</li></ul>
|
||||
<ul id="cce_10_0094__ul2875811411"><li id="cce_10_0094__li78145815413"><strong id="cce_10_0094__b1561012463389">Ingress object</strong>: a set of access rules that forward requests to specified Services based on domain names or paths. It can be added, deleted, modified, and queried by calling APIs.</li><li id="cce_10_0094__li148115817417"><strong id="cce_10_0094__b289514915381">Ingress Controller</strong>: an executor for forwarding requests. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.<div class="p" id="cce_10_0094__p37234233412">The way of implementing Ingress Controllers varies depending on their vendors. CCE supports LoadBalancer Ingress Controllers and NGINX Ingress Controllers.<ul id="cce_10_0094__ul852429154112"><li id="cce_10_0094__li1274314520414">LoadBalancer Ingress Controllers are deployed on master nodes and they forward traffic based on the ELB. All policy configurations and forwarding behaviors are handled by the ELB.</li><li id="cce_10_0094__li1218142764120">NGINX Ingress Controllers are deployed in clusters using charts and images maintained by the Kubernetes community. They provide external access through NodePort and forward external traffic to other services in the cluster through Nginx. All traffic forwarding behaviors and forwarding objects are within the cluster.</li></ul>
|
||||
</div>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section13511317151118"><h4 class="sectiontitle">Ingress Feature Comparison</h4>
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0094__table10511517181113" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Comparison between ingress features</caption><thead align="left"><tr id="cce_10_0094__row75114173117"><th align="left" class="cellrowborder" valign="top" width="19.801980198019802%" id="mcps1.3.3.2.2.4.1.1"><p id="cce_10_0094__p451120176115">Feature</p>
|
||||
</th>
|
||||
<th align="left" class="cellrowborder" valign="top" width="41.584158415841586%" id="mcps1.3.3.2.2.4.1.2"><p id="cce_10_0094__p185113172114">LoadBalancer Ingress Controller</p>
|
||||
<th align="left" class="cellrowborder" valign="top" width="41.584158415841586%" id="mcps1.3.3.2.2.4.1.2"><p id="cce_10_0094__p185113172114">ELB Ingress Controller</p>
|
||||
</th>
|
||||
<th align="left" class="cellrowborder" valign="top" width="38.613861386138616%" id="mcps1.3.3.2.2.4.1.3"><p id="cce_10_0094__p165112017151117">NGINX Ingress Controller</p>
|
||||
<th align="left" class="cellrowborder" valign="top" width="38.613861386138616%" id="mcps1.3.3.2.2.4.1.3"><p id="cce_10_0094__p165112017151117">Nginx Ingress Controller</p>
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
@ -45,7 +45,7 @@
|
||||
</tr>
|
||||
<tr id="cce_10_0094__row651121711115"><td class="cellrowborder" valign="top" width="19.801980198019802%" headers="mcps1.3.3.2.2.4.1.1 "><p id="cce_10_0094__p185111017131111">Component deployment</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="41.584158415841586%" headers="mcps1.3.3.2.2.4.1.2 "><p id="cce_10_0094__p1511917111117">Deployed on master nodes</p>
|
||||
<td class="cellrowborder" valign="top" width="41.584158415841586%" headers="mcps1.3.3.2.2.4.1.2 "><p id="cce_10_0094__p1511917111117">Deployed on the master node</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="38.613861386138616%" headers="mcps1.3.3.2.2.4.1.3 "><p id="cce_10_0094__p451171741110">Deployed on worker nodes, and operations costs required for the Nginx component</p>
|
||||
</td>
|
||||
@ -75,27 +75,27 @@
|
||||
</table>
|
||||
</div>
|
||||
<p id="cce_10_0094__p18511191781117">The LoadBalancer ingress is essentially different from the open source Nginx Ingress. Therefore, their supported Service types are different. For details, see <a href="#cce_10_0094__section3565202819276">Services Supported by LoadBalancer Ingresses</a>. </p>
|
||||
<p id="cce_10_0094__p15121117181117">LoadBalancer Ingress Controllers are deployed on master nodes. All policy configurations and forwarding behaviors are managed on the ELB. Load balancers outside the cluster can connect to nodes in the cluster only through the IP address of the VPC in non-passthrough networking scenarios. Therefore, LoadBalancer ingresses support only NodePort Services. However, in the passthrough networking scenario where a dedicated load balancer is used in a CCE Turbo cluster, ELB can directly forward traffic to pods in the cluster. In this case, the ingress can only interconnect with ClusterIP Services.</p>
|
||||
<p id="cce_10_0094__p1351241741110">NGINX Ingress Controller runs in a cluster and is exposed as a Service through NodePort. Traffic is forwarded to other Services in the cluster through Nginx ingresses. The traffic forwarding behavior and forwarding object are in the cluster. Therefore, both ClusterIP and NodePort Services are supported.</p>
|
||||
<p id="cce_10_0094__p15121117181117">LoadBalancer Ingress Controllers are deployed on master nodes. All policy configurations and forwarding behaviors are configured on the ELB. Load balancers outside the cluster can connect to nodes in the cluster only through the IP address of the VPC in non-passthrough networking scenarios. Therefore, LoadBalancer ingresses support only NodePort Services. However, in the passthrough networking scenario (CCE Turbo cluster + dedicated load balancer), ELB can directly forward traffic to pods in the cluster. In this case, the ingress can only interconnect with ClusterIP Services.</p>
|
||||
<p id="cce_10_0094__p1351241741110">NGINX Ingress Controller runs in a cluster and is exposed as a Service through NodePort. Traffic is forwarded to other Services in the cluster through Nginx-ingress. The traffic forwarding behavior and forwarding object are in the cluster. Therefore, both ClusterIP and NodePort Services are supported.</p>
|
||||
<p id="cce_10_0094__p951214179110">In conclusion, LoadBalancer ingresses use enterprise-grade load balancers to forward traffic and delivers high performance and stability. NGINX Ingress Controller is deployed on cluster nodes, which consumes cluster resources but has better configurability.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section162271821192312"><h4 class="sectiontitle">Working Rules of a LoadBalancer Ingress Controller</h4><p id="cce_10_0094__p172542048121220">CCE LoadBalancer Ingress Controllers provide Layer 7 network access for the internet and intranet (within the same VPC) via ELB, <span class="keyword" id="cce_10_0094__keyword13961515421">routing traffic</span> to target Services through different paths.</p>
|
||||
<p id="cce_10_0094__p4254124831218">LoadBalancer Ingress Controllers are deployed on master nodes and bound to load balancers in the cluster's VPC. You can configure different domain names, ports, and forwarding policies for the same load balancer (with the same IP address). The working rules of LoadBalancer Ingress Controllers are as follows:</p>
|
||||
<div class="section" id="cce_10_0094__section162271821192312"><h4 class="sectiontitle">Working Rules of LoadBalancer Ingress Controller</h4><p id="cce_10_0094__p172542048121220">LoadBalancer Ingress Controller developed by CCE implements layer-7 network access for the internet and intranet (in the same VPC) based on ELB and <span class="keyword" id="cce_10_0094__keyword122541448191211">distributes access traffic</span> to the target Services using different paths.</p>
|
||||
<p id="cce_10_0094__p4254124831218">LoadBalancer Ingress Controller is deployed on the master node and bound to the load balancer in the VPC where the cluster resides. Different domain names, ports, and forwarding policies can be configured for the same load balancer (with the same IP address). The working rules of LoadBalancer Ingress Controller are as follows:</p>
|
||||
<ol id="cce_10_0094__ol525410483123"><li id="cce_10_0094__li8254184813127">A user creates an ingress and configures a traffic access rule in the ingress, including the load balancer, access path, SSL, and backend Service port.</li><li id="cce_10_0094__li1225474817126">When Ingress Controller detects that the ingress changes, it reconfigures the listener and backend server route on the ELB according to the traffic access rule.</li><li id="cce_10_0094__li115615167193">When a user attempts to access a workload, the ELB forwards the traffic to the target workload according to the configured forwarding rule.</li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section192736230432"><h4 class="sectiontitle">CCE Standard Clusters</h4><div class="fignone" id="cce_10_0094__fig122542486129"><span class="figcap"><b>Figure 2 </b>Working flow of a LoadBalancer ingress in a CCE standard cluster</span><br><span><img class="eddx" id="cce_10_0094__image719893318176" src="en-us_image_0000002218820646.png"></span></div>
|
||||
<div class="section" id="cce_10_0094__section192736230432"><h4 class="sectiontitle">CCE Standard Clusters</h4><div class="fignone" id="cce_10_0094__fig122542486129"><span class="figcap"><b>Figure 2 </b>Working flow of a LoadBalancer ingress in a CCE standard cluster</span><br><span><img class="eddx" id="cce_10_0094__image719893318176" src="en-us_image_0000002065480750.png"></span></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section37915441111"><h4 class="sectiontitle">CCE Turbo Clusters Where a Shared Load Balancer Is Used</h4><div class="fignone" id="cce_10_0094__fig1775293011117"><span class="figcap"><b>Figure 3 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image82441664451" src="en-us_image_0000002218820650.png"></span></div>
|
||||
<div class="section" id="cce_10_0094__section37915441111"><h4 class="sectiontitle">CCE Turbo Clusters Where a Shared Load Balancer Is Used</h4><div class="fignone" id="cce_10_0094__fig1775293011117"><span class="figcap"><b>Figure 3 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image82441664451" src="en-us_image_0000002101597653.png"></span></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section1136916519430"><h4 class="sectiontitle">CCE Turbo Clusters Where a Dedicated Load Balancer Is Used</h4><p id="cce_10_0094__p3662933103112">When a <strong id="cce_10_0094__b91242035143310">CCE Turbo cluster</strong> is used, pod IP addresses are directly allocated from the VPC. <strong id="cce_10_0094__b1611815531919">Dedicated load balancers</strong> enable passthrough networking to pods. When creating an ingress for external cluster access, you can use ELB to access a ClusterIP Service and use pods as the backend server of the ELB listener. In this way, external traffic can directly access the pods in the cluster without being forwarded by node ports.</p>
|
||||
<div class="fignone" id="cce_10_0094__fig44531612193618"><span class="figcap"><b>Figure 4 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image6906154516408" src="en-us_image_0000002253620533.png"></span></div>
|
||||
<div class="fignone" id="cce_10_0094__fig44531612193618"><span class="figcap"><b>Figure 4 </b>Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used</span><br><span><img class="eddx" id="cce_10_0094__image6906154516408" src="en-us_image_0000002101597657.png"></span></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section1973674703410"><h4 class="sectiontitle">Working Rules of NGINX Ingress Controller</h4><p id="cce_10_0094__p34261911121314">Nginx Ingress uses ELB as the traffic ingress. The <a href="cce_10_0034.html">NGINX Ingress Controller</a> add-on is deployed in a cluster to balance traffic and control access.</p>
|
||||
<div class="note" id="cce_10_0094__note342691161311"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0094__p1742714117138">NGINX Ingress Controller uses the charts and images provided by the <a href="https://github.com/kubernetes/ingress-nginx" target="_blank" rel="noopener noreferrer">open-source community</a>, and issues may occur during usage. CCE periodically synchronizes the community version to fix known vulnerabilities. Check whether your service requirements can be met.</p>
|
||||
</div></div>
|
||||
<p id="cce_10_0094__p94276112138">NGINX Ingress Controller is deployed on worker nodes through pods, which will result in O&M costs and Nginx component running overheads. <a href="#cce_10_0094__fig2042781115133">Figure 5</a> shows the working rules of NGINX Ingress Controller.</p>
|
||||
<ol id="cce_10_0094__ol8427111151315"><li id="cce_10_0094__li1942701121313">After you update ingress resources, NGINX Ingress Controller writes a forwarding rule defined in the ingress resources into the <strong id="cce_10_0094__b14941113124320">nginx.conf</strong> configuration file of Nginx.</li><li id="cce_10_0094__li13427101181313">The built-in Nginx component reloads the updated configuration file to modify and update the Nginx forwarding rule.</li><li id="cce_10_0094__li11427201113138">When traffic accesses a cluster, the traffic is first forwarded by the created load balancer to the Nginx component in the cluster. Then, the Nginx component forwards the traffic to each workload based on the forwarding rule.</li></ol>
|
||||
<div class="fignone" id="cce_10_0094__fig2042781115133"><a name="cce_10_0094__fig2042781115133"></a><a name="fig2042781115133"></a><span class="figcap"><b>Figure 5 </b>Working rules of NGINX Ingress Controller</span><br><span><img class="eddx" id="cce_10_0094__image45705134553" src="en-us_image_0000002253620541.png"></span></div>
|
||||
<div class="fignone" id="cce_10_0094__fig2042781115133"><a name="cce_10_0094__fig2042781115133"></a><a name="fig2042781115133"></a><span class="figcap"><b>Figure 5 </b>Working rules of NGINX Ingress Controller</span><br><span><img class="eddx" id="cce_10_0094__image45705134553" src="en-us_image_0000002101597665.png"></span></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0094__section3565202819276"><a name="cce_10_0094__section3565202819276"></a><a name="section3565202819276"></a><h4 class="sectiontitle">Services Supported by LoadBalancer Ingresses</h4>
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0094__table143264518141" width="100%" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Services supported by LoadBalancer ingresses</caption><thead align="left"><tr id="cce_10_0094__row1132645112145"><th align="left" class="cellrowborder" valign="top" width="15%" id="mcps1.3.9.2.2.5.1.1"><p id="cce_10_0094__p33261518148">Cluster Type</p>
|
||||
@ -119,7 +119,7 @@
|
||||
</tr>
|
||||
<tr id="cce_10_0094__row432645171419"><td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.1 "><p id="cce_10_0094__p173261451161412">Dedicated load balancer</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.2 "><p id="cce_10_0094__p27617265710">Not supported</p>
|
||||
<td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.2 "><p id="cce_10_0094__p27617265710">Not supported (<span class="keyword" id="cce_10_0094__keyword36811143589">Failed to access the dedicated load balancers because no ENI is bound to the associated pod of the ClusterIP Service.</span>)</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.3 "><p id="cce_10_0094__p932616517145">Supported</p>
|
||||
</td>
|
||||
@ -137,9 +137,7 @@
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.2 "><p id="cce_10_0094__p124061958154512">Supported</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.3 "><p id="cce_10_0094__p4406758154518">Not supported</p>
|
||||
<div class="note" id="cce_10_0094__note9898137193520"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="cce_10_0094__p1389833711356">ENIs are separately bound to pods in a CCE Turbo cluster, and ELB directly connects to pods. Therefore, NodePort access is not available.</p>
|
||||
</div></div>
|
||||
<td class="cellrowborder" valign="top" headers="mcps1.3.9.2.2.5.1.3 "><p id="cce_10_0094__p4406758154518">Not supported (<span class="keyword" id="cce_10_0094__keyword1214411171616">Failed to access the dedicated load balancers because an ENI has been bound to the associated pod of the NodePort Service.</span>)</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
@ -1,17 +1,17 @@
|
||||
<a name="cce_10_0107"></a><a name="cce_10_0107"></a>
|
||||
|
||||
<h1 class="topictitle1">Accessing a Cluster Using kubectl</h1>
|
||||
<div id="body1512462600292"><div class="p" id="cce_10_0107__p0127151145214">kubectl is a command-line tool provided by Kubernetes, enabling you to manage cluster resources, view cluster status, deploy applications, and debug issues through the CLI. To access a CCE cluster using kubectl, you can use either of the following methods:<ul id="cce_10_0107__ul16126613529"><li id="cce_10_0107__li412611114529"><span class="keyword" id="cce_10_0107__keyword1012618112529">Intranet access</span>: The client connects to the cluster's API server using an intranet IP address. This method keeps data traffic within the internal network, enhancing security by avoiding the Internet.</li><li id="cce_10_0107__li81871653123713"><span class="keyword" id="cce_10_0107__keyword121871453103711">Internet access</span>: The cluster's API server exposes a public API, allowing clients to access the Kubernetes cluster over the Internet.</li></ul>
|
||||
<h1 class="topictitle1">Connecting to a Cluster Using kubectl</h1>
|
||||
<div id="body1512462600292"><div class="section" id="cce_10_0107__section14234115144"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0107__p133539491408">This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using <span class="keyword" id="cce_10_0107__keyword19467121518447">kubectl</span>.</p>
|
||||
</div>
|
||||
<p id="cce_10_0107__p2187801381">This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using <span class="keyword" id="cce_10_0107__keyword11231175094718">kubectl</span>.</p>
|
||||
<div class="section" id="cce_10_0107__section7659174519354"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0107__ul161915555354"><li id="cce_10_0107__li141955553511">Before using <span class="keyword" id="cce_10_0107__keyword154819653616">intranet access</span>, ensure that the client and the cluster to be accessed are in the same VPC.</li><li id="cce_10_0107__li6314379366">Before using <span class="keyword" id="cce_10_0107__keyword1945018307277">Internet access</span>, ensure that the client can access the Internet and that an EIP has been bound to the target cluster. For details about how to bind an EIP, see <a href="cce_10_0864.html#cce_10_0864__section128889371044">Procedure</a>.<div class="note" id="cce_10_0107__note11736104173716"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0107__p273610412376">In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To resolve this issue, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs or <a href="cce_faq_00417.html">configure security group rules</a>.</p>
|
||||
<div class="section" id="cce_10_0107__section17352373317"><h4 class="sectiontitle">Permissions</h4><p id="cce_10_0107__p51211251156">When you access a cluster using kubectl, CCE uses <strong id="cce_10_0107__b204601556154217">kubeconfig</strong> generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a <strong id="cce_10_0107__b16295666413">kubeconfig</strong> file vary from user to user.</p>
|
||||
<p id="cce_10_0107__p142391810113">For details about user permissions, see <a href="cce_10_0187.html#cce_10_0187__section1464135853519">Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)</a>.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0107__section37321625113110"><a name="cce_10_0107__section37321625113110"></a><a name="section37321625113110"></a><h4 class="sectiontitle">Using kubectl</h4><p id="cce_10_0107__p764905418355">To connect to a Kubernetes cluster from a PC, you can use kubectl, a Kubernetes command line tool. You can log in to the CCE console and click the name of the target cluster to access the cluster console. On the <strong id="cce_10_0107__b127302345555"><span id="cce_10_0107__text869825054114">Overview</span></strong> page, view the access address and kubectl connection procedure.</p>
|
||||
<div class="p" id="cce_10_0107__p7805114919351">CCE allows you to access a cluster through a private network or a public network.<ul id="cce_10_0107__ul126071124175518"><li id="cce_10_0107__li144192116548"><span class="keyword" id="cce_10_0107__keyword13441034142917">Intranet access</span>: The client that accesses the cluster must be in the same VPC as the cluster.</li><li id="cce_10_0107__li1460752419555">Public access: The client that accesses the cluster must be able to access public networks and the cluster has been bound with a public network IP.<div class="notice" id="cce_10_0107__note2967194410365"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="cce_10_0107__p19671244103610">To bind an EIP to the cluster, go to the <strong id="cce_10_0107__b1061217302"><span id="cce_10_0107__text6807412192418">Overview</span></strong> page and click <strong id="cce_10_0107__b021910485396">Bind</strong> next to <strong id="cce_10_0107__b132197480394">EIP</strong> in the <strong id="cce_10_0107__b14219164815396">Connection Information</strong> area. In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To solve this problem, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs.</p>
|
||||
</div></div>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0107__section17352373317"><h4 class="sectiontitle">Notes and Constraints</h4><p id="cce_10_0107__p51211251156">When you access a cluster using kubectl, CCE uses <strong id="cce_10_0107__b204601556154217">kubeconfig</strong> generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed via kubectl. Since the <strong id="cce_10_0107__b2847459103719">kubeconfig</strong> file contains user identity details, the permissions associated with that user are inherited when accessing the cluster via kubectl.</p>
|
||||
<p id="cce_10_0107__p142391810113">For details about user permissions, see <a href="cce_10_0187.html#cce_10_0187__section1464135853519">Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)</a>.</p>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0107__section37321625113110"><a name="cce_10_0107__section37321625113110"></a><a name="section37321625113110"></a><h4 class="sectiontitle">Procedure</h4><p id="cce_10_0107__p14485124318488">Before using kubectl to access a cluster, install kubectl on the client. Then, download the kubectl configuration file from the cluster and copy it to the client. Once configured, the client can access the target cluster. The process is as follows:</p>
|
||||
<p id="cce_10_0107__p2842139103716">Download kubectl and the configuration file. Copy the file to your client, and configure kubectl. After the configuration is complete, you can access your Kubernetes clusters. The process is as follows:</p>
|
||||
<ol id="cce_10_0107__ol6469105613170"><li id="cce_10_0107__li194691356201712"><span><strong id="cce_10_0107__b469717424401">Download kubectl.</strong></span><p><p id="cce_10_0107__p53069487256">Prepare a computer that can access the public network and install kubectl in CLI mode. You can run the <strong id="cce_10_0107__b2309195102312">kubectl version</strong> command to check whether kubectl has been installed. If kubectl has been installed, skip this step.</p>
|
||||
<p id="cce_10_0107__p125851851153510">This section uses the Linux environment as an example to describe how to install and configure kubectl. For details, see <a href="https://kubernetes.io/docs/tasks/tools/#kubectl" target="_blank" rel="noopener noreferrer">Installing kubectl</a>.</p>
|
||||
<ol type="a" id="cce_10_0107__ol735517018289"><li id="cce_10_0107__li551132463520">Log in to your client and download kubectl.<pre class="screen" id="cce_10_0107__screen8511142418352">cd /home
|
||||
@ -20,8 +20,7 @@ curl -LO https://dl.k8s.io/release/<em id="cce_10_0107__i13511182443516">{v1.25.
|
||||
</li><li id="cce_10_0107__li1216814211286">Install kubectl.<pre class="screen" id="cce_10_0107__screen16892115815271">chmod +x kubectl
|
||||
mv -f kubectl /usr/local/bin</pre>
|
||||
</li></ol>
|
||||
</p></li><li id="cce_10_0107__li34691156151712"><a name="cce_10_0107__li34691156151712"></a><a name="li34691156151712"></a><span><strong id="cce_10_0107__b196211619192411">Obtain the kubectl configuration file.</strong></span><p><ol type="a" id="cce_10_0107__ol35879554012"><li id="cce_10_0107__li1222711276402">On the <strong id="cce_10_0107__b1146684317485"><span id="cce_10_0107__text4307115311487">Overview</span></strong> page, locate the <strong id="cce_10_0107__b846634314817">Connection Information</strong> area, and click <strong id="cce_10_0107__b146610434484">Configure</strong> next to <strong id="cce_10_0107__b746684320484">kubectl</strong>.<p id="cce_10_0107__p8281127134718"></p>
|
||||
</li><li id="cce_10_0107__li1858713544015">In the window that slides out from the right, locate the <strong id="cce_10_0107__b19622457174914">Download the kubeconfig file</strong> area, select <strong id="cce_10_0107__b26228579496">Intranet access</strong> or <strong id="cce_10_0107__b111513185116">Public network access</strong> for <strong id="cce_10_0107__b56222578499">Current data</strong>, and download the configuration file.</li></ol>
|
||||
</p></li><li id="cce_10_0107__li34691156151712"><a name="cce_10_0107__li34691156151712"></a><a name="li34691156151712"></a><span><strong id="cce_10_0107__b196211619192411">Obtain the kubectl configuration file.</strong></span><p><p id="cce_10_0107__p1295818109256">In the <span class="uicontrol" id="cce_10_0107__uicontrol9472521182416"><b>Connection Info</b></span> pane on the <strong id="cce_10_0107__b182944389444"><span id="cce_10_0107__text10158103924216">Overview</span></strong> page, click <strong id="cce_10_0107__b1547035714410">Configure</strong> next to <strong id="cce_10_0107__b5182125174514">kubectl</strong> to check the kubectl connection. On the displayed page, choose <strong id="cce_10_0107__b171301231185115">Intranet access</strong> or <strong id="cce_10_0107__b1113211495516">Public network access</strong> and download the configuration file.</p>
|
||||
<div class="note" id="cce_10_0107__note191638104210"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="cce_10_0107__ul795610485546"><li id="cce_10_0107__li495634817549">The kubectl configuration file <strong id="cce_10_0107__b11741123981418">kubeconfig</strong> is used for cluster authentication. If the file is leaked, your clusters may be attacked.</li><li id="cce_10_0107__li16956194817544">The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.</li><li id="cce_10_0107__li1537643019239">If the KUBECONFIG environment variable is configured in the Linux OS, kubectl preferentially loads the KUBECONFIG environment variable instead of <strong id="cce_10_0107__b5859154717398">$home/.kube/config</strong>.</li></ul>
|
||||
</div></div>
|
||||
</p></li><li id="cce_10_0107__li25451059122317"><a name="cce_10_0107__li25451059122317"></a><a name="li25451059122317"></a><span>Configure kubectl.</span><p><div class="p" id="cce_10_0107__p109826082413">Configure kubectl (A Linux OS is used).<ol type="a" id="cce_10_0107__ol2291154772010"><li id="cce_10_0107__li102911547102012">Log in to your client and copy the configuration file (for example, <strong id="cce_10_0107__b156991854125914">kubeconfig.yaml</strong>) downloaded in <a href="#cce_10_0107__li34691156151712">2</a> to the <strong id="cce_10_0107__b175828331240">/home</strong> directory on your client.</li><li id="cce_10_0107__li114766383477">Configure the kubectl authentication file.<pre class="screen" id="cce_10_0107__screen849155210477">cd /home
|
||||
@ -34,18 +33,13 @@ mv -f <i><span class="varname" id="cce_10_0107__varname937302110334">kubeconfig.
|
||||
</li></ul>
|
||||
</li></ol>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0107__li19781462047"><span>Run the following command on the client to check whether the client can access the cluster using kubectl:</span><p><pre class="screen" id="cce_10_0107__screen58291715181113">kubectl cluster-info # Check the cluster information.</pre>
|
||||
<p id="cce_10_0107__p191970445126">If the following information is displayed, the client can access the cluster using kubectl:</p>
|
||||
<pre class="screen" id="cce_10_0107__screen9391278393">Kubernetes control plane is running at https://xx.xx.xx.xx:5443
|
||||
CoreDNS is running at https://xx.xx.xx.xx:5443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
|
||||
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.</pre>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0107__section1559919152711"><a name="cce_10_0107__section1559919152711"></a><a name="section1559919152711"></a><h4 class="sectiontitle"><span class="keyword" id="cce_10_0107__keyword311020376452">Two-Way Authentication for Domain Names</span></h4><p id="cce_10_0107__p138948491274">Two-way domain name authentication is a mutual authentication mechanism that verifies the identities of both the client and server. This mode enhances security between clusters and clients, preventing unauthorized access.</p>
|
||||
<ul id="cce_10_0107__ul88981331482"><li id="cce_10_0107__li1705116151915">After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run <strong id="cce_10_0107__b198732542582">kubectl config use-context externalTLSVerify</strong> to enable the two-way domain name authentication.</li><li id="cce_10_0107__li1807459174818">When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).</li><li id="cce_10_0107__li17898153310483">Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in <strong id="cce_10_0107__b196404619200">Synchronize Certificate</strong> in <strong id="cce_10_0107__b364620682012">Operation Records</strong>.</li><li id="cce_10_0107__li614337712">For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download <strong id="cce_10_0107__b121611451417">kubeconfig.yaml</strong> again.</li><li id="cce_10_0107__li5950658165414">If the two-way domain name authentication is not supported, <strong id="cce_10_0107__b56091346184712">kubeconfig.yaml</strong> contains the <strong id="cce_10_0107__b1961534614476">"insecure-skip-tls-verify": true</strong> field, as shown in <a href="#cce_10_0107__fig1941342411">Figure 1</a>. To use two-way authentication, download the <strong id="cce_10_0107__b549311585216">kubeconfig.yaml</strong> file again and enable two-way authentication for the domain names.<div class="fignone" id="cce_10_0107__fig1941342411"><a name="cce_10_0107__fig1941342411"></a><a name="fig1941342411"></a><span class="figcap"><b>Figure 1 </b>Two-way authentication disabled for domain names</span><br><span><img id="cce_10_0107__image3414621613" src="en-us_image_0000002218820570.png"></span></div>
|
||||
<div class="section" id="cce_10_0107__section1559919152711"><a name="cce_10_0107__section1559919152711"></a><a name="section1559919152711"></a><h4 class="sectiontitle"><span class="keyword" id="cce_10_0107__keyword311020376452">Two-Way Authentication for Domain Names</span></h4><p id="cce_10_0107__p138948491274">CCE supports two-way authentication for domain names.</p>
|
||||
<ul id="cce_10_0107__ul88981331482"><li id="cce_10_0107__li1705116151915">After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run <strong id="cce_10_0107__b198732542582">kubectl config use-context externalTLSVerify</strong> to enable the two-way domain name authentication.</li><li id="cce_10_0107__li1807459174818">When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).</li><li id="cce_10_0107__li17898153310483">Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in <strong id="cce_10_0107__b196404619200">Synchronize Certificate</strong> in <strong id="cce_10_0107__b364620682012">Operation Records</strong>.</li><li id="cce_10_0107__li614337712">For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download <strong id="cce_10_0107__b121611451417">kubeconfig.yaml</strong> again.</li><li id="cce_10_0107__li5950658165414">If the two-way domain name authentication is not supported, <strong id="cce_10_0107__b56091346184712">kubeconfig.yaml</strong> contains the <strong id="cce_10_0107__b1961534614476">"insecure-skip-tls-verify": true</strong> field, as shown in <a href="#cce_10_0107__fig1941342411">Figure 1</a>. To use two-way authentication, download the <strong id="cce_10_0107__b549311585216">kubeconfig.yaml</strong> file again and enable two-way authentication for the domain names.<div class="fignone" id="cce_10_0107__fig1941342411"><a name="cce_10_0107__fig1941342411"></a><a name="fig1941342411"></a><span class="figcap"><b>Figure 1 </b>Two-way authentication disabled for domain names</span><br><span><img id="cce_10_0107__image3414621613" src="en-us_image_0000002101597765.png"></span></div>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0107__section1628510591883"><h4 class="sectiontitle">Common Issues</h4><ul id="cce_10_0107__ul1374831051115"><li id="cce_10_0107__li4748810121112"><strong id="cce_10_0107__b456677171119"><span class="keyword" id="cce_10_0107__keyword0702458114510">Error from server Forbidden</span></strong><p id="cce_10_0107__p75241832114916">When you use kubectl to create or query Kubernetes resources, the following output is returned:</p>
|
||||
<div class="section" id="cce_10_0107__section1628510591883"><h4 class="sectiontitle">FAQs</h4><ul id="cce_10_0107__ul1374831051115"><li id="cce_10_0107__li4748810121112"><strong id="cce_10_0107__b456677171119"><span class="keyword" id="cce_10_0107__keyword0702458114510">Error from server Forbidden</span></strong><p id="cce_10_0107__p75241832114916">When you use kubectl to create or query Kubernetes resources, the following output is returned:</p>
|
||||
<pre class="screen" id="cce_10_0107__screen5530165114117"># kubectl get deploy Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"</pre>
|
||||
<p id="cce_10_0107__p1418636115119">The cause is that the user does not have the permissions to operate the Kubernetes resources. For details about how to assign permissions, see <a href="cce_10_0189.html">Namespace Permissions (Kubernetes RBAC-based)</a>.</p>
|
||||
</li><li id="cce_10_0107__li0365152110"><strong id="cce_10_0107__b1829619716131"><span class="keyword" id="cce_10_0107__keyword159213536451">The connection to the server localhost:8080 was refused</span></strong><p id="cce_10_0107__p1776396131212">When you use kubectl to create or query Kubernetes resources, the following output is returned:</p>
|
||||
|
||||
@ -1,8 +1,7 @@
|
||||
<a name="cce_10_0111"></a><a name="cce_10_0111"></a>
|
||||
|
||||
<h1 class="topictitle1">Scalable File Service</h1>
|
||||
<div id="body0000001487121868"><p id="cce_10_0111__p8060118"></p>
|
||||
</div>
|
||||
<div id="body0000001487121868"></div>
|
||||
<div>
|
||||
<ul class="ullinks">
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0617.html">Overview</a></strong><br>
|
||||
|
||||
@ -94,7 +94,7 @@ spec:
|
||||
periodSeconds: 5
|
||||
startupProbe: # Startup probe
|
||||
httpGet: # Checking an HTTP request is used as an example.
|
||||
path: /healthz # The HTTP check path is <strong id="cce_10_0112__b1389267760">/healthz</strong>.
|
||||
path: /healthz # The HTTP check path is <strong id="cce_10_0112__b1188531819">/healthz</strong>.
|
||||
port: 80 # The check port number is <strong id="cce_10_0112__b561594217264">80</strong>.
|
||||
failureThreshold: 30
|
||||
periodSeconds: 10</pre>
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
<ul id="cce_10_0113__ul1669104610598"><li id="cce_10_0113__li266913468594"><strong id="cce_10_0113__b4564141914250">Custom</strong>: Enter the environment variable name and parameter value.</li><li id="cce_10_0113__li13148164912599"><strong id="cce_10_0113__b31161818143614">Added from ConfigMap</strong>: Import all key values in a ConfigMap as environment variables.</li><li id="cce_10_0113__li1855315291026"><strong id="cce_10_0113__b5398577535">Added from ConfigMap key</strong>: Import the value of a key in a ConfigMap as the value of an environment variable. As shown in <a href="#cce_10_0113__fig164568529317">Figure 1</a>, if you import <strong id="cce_10_0113__b67861335193619">configmap_value</strong> of <strong id="cce_10_0113__b478643513618">configmap_key</strong> in <strong id="cce_10_0113__b14610123945714">configmap-example</strong> as the value of environment variable <strong id="cce_10_0113__b7786133573616">key1</strong>, an environment variable named <strong id="cce_10_0113__b678683518364">key1</strong> whose value is <strong id="cce_10_0113__b1378615359362">configmap_value</strong> is available in the container.</li><li id="cce_10_0113__li1727795616592"><strong id="cce_10_0113__b675162614437">Added from secret</strong>: Import all key values in a secret as environment variables.</li><li id="cce_10_0113__li93353201773"><strong id="cce_10_0113__b0483141614480">Added from secret key</strong>: Import the value of a key in a secret as the value of an environment variable. As shown in <a href="#cce_10_0113__fig164568529317">Figure 1</a>, if you import <strong id="cce_10_0113__b12974122713812">secret_value</strong> of <strong id="cce_10_0113__b197472716385">secret_key</strong> in <strong id="cce_10_0113__b722441953910">secret-example</strong> as the value of environment variable <strong id="cce_10_0113__b8975627173810">key2</strong>, an environment variable named <strong id="cce_10_0113__b29756275384">key2</strong> whose value is <strong id="cce_10_0113__b097552703811">secret_value</strong> is available in the container.</li><li id="cce_10_0113__li1749760535"><strong id="cce_10_0113__b19931701407">Variable Value/Reference</strong>: Use the field defined by a pod as the value of the environment variable. As shown in <a href="#cce_10_0113__fig164568529317">Figure 1</a>, if the pod name is imported as the value of environment variable <strong id="cce_10_0113__b1939710417283">key3</strong>, an environment variable named <strong id="cce_10_0113__b11252186142914">key3</strong> whose value is the pod name is available in the container.</li><li id="cce_10_0113__li16129071317"><strong id="cce_10_0113__b1625513417292">Resource Reference</strong>: The value of <strong id="cce_10_0113__b176281198307">Request</strong> or <strong id="cce_10_0113__b186221022193017">Limit</strong> defined by the container is used as the value of the environment variable. As shown in <a href="#cce_10_0113__fig164568529317">Figure 1</a>, if you import the CPU limit of container-1 as the value of environment variable <strong id="cce_10_0113__b272674753017">key4</strong>, an environment variable named <strong id="cce_10_0113__b99015318423">key4</strong> whose value is the CPU limit of container-1 is available in the container.</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0113__section13829152011595"><h4 class="sectiontitle">Adding Environment Variables</h4><ol id="cce_10_0113__ol4904646935"><li id="cce_10_0113__li330462393220"><span>Log in to the CCE console.</span></li><li id="cce_10_0113__li2075471341"><span>Click the cluster name to go to the cluster console, choose <strong id="cce_10_0113__b1794501219430">Workloads</strong> in the navigation pane, and click the <strong id="cce_10_0113__b11945131216432">Create Workload</strong> in the upper right corner.</span></li><li id="cce_10_0113__li190412461831"><span>When creating a workload, modify the container information in <strong id="cce_10_0113__b101361766447">Container Settings</strong> and click the <strong id="cce_10_0113__b8169124424315">Environment Variables</strong> tab.</span></li><li id="cce_10_0113__li468251942720"><span>Configure environment variables.</span><p><ul id="cce_10_0113__ul825183111398"><li id="cce_10_0113__li8251203123915">To add environment variables one by one, click <span class="uicontrol" id="cce_10_0113__uicontrol1280917944713"><b>Adding a Variable</b></span> and configure its parameters.</li><li id="cce_10_0113__li12438193416413">To add environment variables in batches, click <span class="uicontrol" id="cce_10_0113__uicontrol185881419472"><b>Editing Custom Variables in Batches</b></span>. Then, in the displayed dialog box, enter environment variables in the format of "Variable name=Variable or variable reference".</li></ul>
|
||||
<div class="fignone" id="cce_10_0113__fig164568529317"><a name="cce_10_0113__fig164568529317"></a><a name="fig164568529317"></a><span class="figcap"><b>Figure 1 </b>Configuring environment variables</span><br><span><img id="cce_10_0113__image131385146481" src="en-us_image_0000002218660486.png"></span></div>
|
||||
<div class="fignone" id="cce_10_0113__fig164568529317"><a name="cce_10_0113__fig164568529317"></a><a name="fig164568529317"></a><span class="figcap"><b>Figure 1 </b>Configuring environment variables</span><br><span><img id="cce_10_0113__image131385146481" src="en-us_image_0000002101597485.png"></span></div>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0113__section19591158201313"><h4 class="sectiontitle">YAML Example</h4><pre class="screen" id="cce_10_0113__screen1034117614147">apiVersion: apps/v1
|
||||
|
||||
@ -1,8 +1,7 @@
|
||||
<a name="cce_10_0125"></a><a name="cce_10_0125"></a>
|
||||
|
||||
<h1 class="topictitle1">SFS Turbo</h1>
|
||||
<div id="body0000001538521545"><p id="cce_10_0125__p8060118"></p>
|
||||
</div>
|
||||
<div id="body0000001538521545"></div>
|
||||
<div>
|
||||
<ul class="ullinks">
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0624.html">Overview</a></strong><br>
|
||||
@ -13,7 +12,7 @@
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0839.html">(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_bestpractice_00253.html">Dynamically Creating an SFS Turbo Subdirectory Using StorageClass</a></strong><br>
|
||||
<li class="ulchildlink"><strong><a href="cce_bestpractice_00253_0.html">Dynamically Creating an SFS Turbo Subdirectory Using StorageClass</a></strong><br>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -4,7 +4,7 @@
|
||||
<div id="body1552894205991"></div>
|
||||
<div>
|
||||
<ul class="ullinks">
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a></strong><br>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0175.html">Accessing a Cluster Using an X.509 Certificate</a></strong><br>
|
||||
</li>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -2,9 +2,9 @@
|
||||
|
||||
<h1 class="topictitle1">NodePort</h1>
|
||||
<div id="body1553224785332"><div class="section" id="cce_10_0142__section13654155944916"><h4 class="sectiontitle">Scenario</h4><p id="cce_10_0142__p028915126124">A Service is exposed on each node's IP address at a static port (NodePort). When you create a NodePort Service, Kubernetes automatically allocates an internal IP address (ClusterIP) of the cluster. When clients outside the cluster access <NodeIP>:<NodePort>, the traffic will be forwarded to the target pod through the ClusterIP of the NodePort Service.</p>
|
||||
<div class="fignone" id="cce_10_0142__fig6819133414131"><span class="figcap"><b>Figure 1 </b>NodePort access</span><br><span><img id="cce_10_0142__image10510139711" src="en-us_image_0000002218659818.png"></span></div>
|
||||
<div class="fignone" id="cce_10_0142__fig6819133414131"><span class="figcap"><b>Figure 1 </b>NodePort access</span><br><span><img id="cce_10_0142__image10510139711" src="en-us_image_0000002101678557.png"></span></div>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0142__section8501151104219"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0142__ul1685519569431"><li id="cce_10_0142__li1585575616436">By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.</li><li id="cce_10_0142__li128551156114310">After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.</li><li id="cce_10_0142__li62831358182017">In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a hostNetwork pod.</li><li id="cce_10_0142__li217783916207">In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, <strong id="cce_10_0142__b1291203218520">externalTrafficPolicy</strong> is set to <strong id="cce_10_0142__b11911632135217">local</strong>), container B deployed on the same node cannot access container A through the node IP address and NodePort service.</li><li id="cce_10_0142__li14613571073">When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using <strong id="cce_10_0142__b13256143512525">netstat</strong> by default. If the cluster forwarding mode is <strong id="cce_10_0142__b42563350522">iptables</strong>, run the <strong id="cce_10_0142__b62561135115212">iptables -t nat -L</strong> command to view the port. If the cluster forwarding mode is <strong id="cce_10_0142__b925763515218">IPVS</strong>, run the <strong id="cce_10_0142__b23917223106">ipvsadm -Ln</strong> command to view the port.</li></ul>
|
||||
<div class="section" id="cce_10_0142__section8501151104219"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="cce_10_0142__ul1685519569431"><li id="cce_10_0142__li1585575616436">By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.</li><li id="cce_10_0142__li128551156114310">After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.</li><li id="cce_10_0142__li62831358182017">In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.</li><li id="cce_10_0142__li217783916207">In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, <strong id="cce_10_0142__b1291203218520">externalTrafficPolicy</strong> is set to <strong id="cce_10_0142__b11911632135217">local</strong>), container B deployed on the same node cannot access container A through the node IP address and NodePort service.</li><li id="cce_10_0142__li14613571073">When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using <strong id="cce_10_0142__b13256143512525">netstat</strong> by default. If the cluster forwarding mode is <strong id="cce_10_0142__b42563350522">iptables</strong>, run the <strong id="cce_10_0142__b62561135115212">iptables -t nat -L</strong> command to view the port. If the cluster forwarding mode is <strong id="cce_10_0142__b925763515218">IPVS</strong>, run the <strong id="cce_10_0142__b23917223106">ipvsadm -Ln</strong> command to view the port.</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0142__section1325012312139"><h4 class="sectiontitle">Creating a NodePort Service</h4><ol id="cce_10_0142__ol751935681319"><li id="cce_10_0142__li41731123658"><span>Log in to the CCE console and click the cluster name to access the cluster console.</span></li><li id="cce_10_0142__li1651955651312"><span>In the navigation pane, choose <strong id="cce_10_0142__b169702128151"><span id="cce_10_0142__text9765124722315">Services & Ingresses</span></strong>. In the upper right corner, click <span class="uicontrol" id="cce_10_0142__uicontrol69701128153"><b>Create Service</b></span>.</span></li><li id="cce_10_0142__li185190567138"><span>Configure intra-cluster access parameters.</span><p><ul id="cce_10_0142__ul4446314017144"><li id="cce_10_0142__li6462394317144"><strong id="cce_10_0142__b845613814287">Service Name</strong>: Specify a Service name, which can be the same as the workload name.</li><li id="cce_10_0142__li89543531070"><strong id="cce_10_0142__b106597277362">Service Type</strong>: Select <span class="uicontrol" id="cce_10_0142__uicontrol5666142710366"><b>NodePort</b></span>.</li><li id="cce_10_0142__li4800017144"><strong id="cce_10_0142__b1263193014367">Namespace</strong>: namespace that the workload belongs to.</li><li id="cce_10_0142__li1758110116149"><strong id="cce_10_0142__b38118349367">Service Affinity</strong>: For details, see <a href="cce_10_0249.html#cce_10_0249__section18134208069">externalTrafficPolicy (Service Affinity)</a>.<ul id="cce_10_0142__ul158101161412"><li id="cce_10_0142__li105815113141"><strong id="cce_10_0142__b2674164185210">Cluster level</strong>: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.</li><li id="cce_10_0142__li185817117145"><strong id="cce_10_0142__b465617445525">Node level</strong>: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.</li></ul>
|
||||
</li><li id="cce_10_0142__li43200017144"><strong id="cce_10_0142__b2600143835813">Selector</strong>: Add a label and click <strong id="cce_10_0142__b260020382582">Confirm</strong>. The Service will use this label to select pods. You can also click <strong id="cce_10_0142__b354965233619">Reference Workload Label</strong> to use the label of an existing workload. In the dialog box that is displayed, select a workload and click <strong id="cce_10_0142__b16550125293615">OK</strong>.</li><li id="cce_10_0142__li142435567390"><strong id="cce_10_0142__b13720100181614">IPv6</strong>: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. <strong id="cce_10_0142__b14552143617309">This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).</strong></li><li id="cce_10_0142__li388800117144"><strong id="cce_10_0142__b451552415715">Ports</strong><ul id="cce_10_0142__ul3499201217144"><li id="cce_10_0142__li4649265917144"><strong id="cce_10_0142__b28899114374">Protocol</strong>: protocol used by the Service.</li><li id="cce_10_0142__li353122153610"><strong id="cce_10_0142__b1852318551688">Service Port</strong>: port used by the Service. The port number ranges from 1 to 65535.</li><li id="cce_10_0142__li1578074917144"><strong id="cce_10_0142__b19416443712">Container Port</strong>: listener port of the workload. For example, Nginx uses port 80 by default.</li><li id="cce_10_0142__li780902117144"><strong id="cce_10_0142__b11763931199">Node Port</strong>: You are advised to select <strong id="cce_10_0142__b1198741292">Auto</strong>. You can also specify a port. The default port ranges from 30000 to 32767.</li></ul>
|
||||
@ -12,8 +12,9 @@
|
||||
</p></li><li id="cce_10_0142__li552017569135"><span>Click <strong id="cce_10_0142__b1012031216378">OK</strong>.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0142__section7114174773118"><h4 class="sectiontitle">Using kubectl</h4><p id="cce_10_0142__p1626583075113">You can configure Service access using kubectl. This section uses an Nginx workload as an example to describe how to configure a NodePort Service using kubectl.</p>
|
||||
<ol id="cce_10_0142__ol19191171513118"><li id="cce_10_0142__li0425142612486"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0142__li77751253508"><span>Create and edit the <strong id="cce_10_0142__cce_10_0011_b387556133418">nginx-deployment.yaml</strong> file to configure the sample workload. For details, see <a href="cce_10_0047.html">Creating a Deployment</a>. <strong id="cce_10_0142__cce_10_0011_b24072513352">nginx-deployment.yaml</strong> is an example file name. You can rename it as needed.</span><p><pre class="screen" id="cce_10_0142__cce_10_0011_screen4630145371716">vi nginx-deployment.yaml</pre>
|
||||
<div class="p" id="cce_10_0142__cce_10_0011_p76301953161719">File content:<pre class="screen" id="cce_10_0142__cce_10_0011_screen3630145361716">apiVersion: apps/v1
|
||||
<ol id="cce_10_0142__ol19191171513118"><li id="cce_10_0142__li0425142612486"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0142__li1020013819415"><span>Create and edit the <strong id="cce_10_0142__b57121716129">nginx-deployment.yaml</strong> and <strong id="cce_10_0142__b671681616219">nginx-nodeport-svc.yaml</strong> files.</span><p><p id="cce_10_0142__p1855995413716">The file names are user-defined. <strong id="cce_10_0142__b5196112404214">nginx-deployment.yaml</strong> and <strong id="cce_10_0142__b22022813429">nginx-nodeport-svc.yaml</strong> are merely example file names.</p>
|
||||
<p id="cce_10_0142__p78476491679"><strong id="cce_10_0142__b084794920720">vi nginx-deployment.yaml</strong></p>
|
||||
<pre class="screen" id="cce_10_0142__screen5849104920720">apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx
|
||||
@ -32,9 +33,7 @@ spec:
|
||||
name: nginx
|
||||
imagePullSecrets:
|
||||
- name: default-secret</pre>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0142__li1020013819415"><span>Create and edit the <strong id="cce_10_0142__b97523109568">nginx-nodeport-svc.yaml</strong> file to configure Service parameters. <strong id="cce_10_0142__b988983015619">nginx-nodeport-svc.yaml</strong> is an example file name. You can rename it as needed.</span><p><pre class="screen" id="cce_10_0142__screen129211219222">vi nginx-nodeport-svc.yaml</pre>
|
||||
<p id="cce_10_0142__p1084964910717">File content:</p>
|
||||
<p id="cce_10_0142__p1084964910717"><strong id="cce_10_0142__b1849104912717">vi nginx-nodeport-svc.yaml</strong></p>
|
||||
<pre class="screen" id="cce_10_0142__screen1685020491272">apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@ -45,39 +44,38 @@ spec:
|
||||
ports:
|
||||
- name: service
|
||||
nodePort: 30000 # Node port. The value ranges from 30000 to 32767.
|
||||
port: 8080 # Port for accessing a Service
|
||||
port: 8080 # Port for accessing a Service.
|
||||
protocol: TCP # Protocol used for accessing a Service. The value can be <strong id="cce_10_0142__b1792433432416">TCP</strong> or <strong id="cce_10_0142__b592514344249">UDP</strong>.
|
||||
targetPort: 80 # Port used by a Service to access the target container. This port is closely related to the applications running in a container. In this example, the Nginx image uses port 80 by default.
|
||||
selector: # Label selector. A Service selects a pod based on the label and forwards the requests for accessing the Service to the pod. In this example, select the pod with the <strong id="cce_10_0142__b14236113762619">app:nginx</strong> label.
|
||||
app: nginx
|
||||
type: NodePort # Service type. <strong id="cce_10_0142__b10872172713288">NodePort</strong> indicates that the Service is accessed through a node port.</pre>
|
||||
</p></li><li id="cce_10_0142__li12194551184412"><span>Create a workload.</span><p><pre class="screen" id="cce_10_0142__cce_10_0011_screen128273217419">kubectl create -f nginx-deployment.yaml</pre>
|
||||
<p id="cce_10_0142__cce_10_0011_p6944430183115">If information similar to the following is displayed, the workload has been created:</p>
|
||||
<pre class="screen" id="cce_10_0142__cce_10_0011_screen16991756142716">deployment/nginx created</pre>
|
||||
<p id="cce_10_0142__cce_10_0011_p20850192573514">Check the created workload.</p>
|
||||
<pre class="screen" id="cce_10_0142__cce_10_0011_screen19761104210349">kubectl get pod</pre>
|
||||
<p id="cce_10_0142__cce_10_0011_p897594218311">If information similar to the following is displayed, the workload is running:</p>
|
||||
<pre class="screen" id="cce_10_0142__cce_10_0011_screen088610169318">NAME READY STATUS RESTARTS AGE
|
||||
<strong id="cce_10_0142__cce_10_0011_b859512281317">nginx-2601814895-znhbr 1/1 Running 0 15s</strong></pre>
|
||||
</p></li><li id="cce_10_0142__li72314917413"><span>Create a Service.</span><p><pre class="screen" id="cce_10_0142__screen9183101136">kubectl create -f nginx-nodeport-svc.yaml</pre>
|
||||
</p></li><li id="cce_10_0142__li12194551184412"><span>Create a workload.</span><p><p id="cce_10_0142__p175719718459"><strong id="cce_10_0142__b692820516453">kubectl create -f nginx-deployment.yaml</strong></p>
|
||||
<p id="cce_10_0142__p15348127103514">If information similar to the following is displayed, the workload has been created.</p>
|
||||
<pre class="screen" id="cce_10_0142__screen1478417422342">deployment "nginx" created</pre>
|
||||
<p id="cce_10_0142__p10542111017457"><strong id="cce_10_0142__b8874010124511">kubectl get po</strong></p>
|
||||
<p id="cce_10_0142__p1528873633514">If information similar to the following is displayed, the workload is running.</p>
|
||||
<pre class="screen" id="cce_10_0142__screen184796131354">NAME READY STATUS RESTARTS AGE
|
||||
<strong id="cce_10_0142__b128512503516">nginx-2601814895-qhxqv 1/1 Running 0 9s</strong></pre>
|
||||
</p></li><li id="cce_10_0142__li72314917413"><span>Create a Service.</span><p><p id="cce_10_0142__p410057205911"><strong id="cce_10_0142__b16534131413598">kubectl create -f nginx-nodeport-svc.yaml</strong></p>
|
||||
<p id="cce_10_0142__p82261925113913">If information similar to the following is displayed, the Service is being created:</p>
|
||||
<pre class="screen" id="cce_10_0142__screen206204581359">service/nginx-nodeport created</pre>
|
||||
<p id="cce_10_0142__p78731824333">Check the created Service.</p>
|
||||
<pre class="screen" id="cce_10_0142__screen25421840635">kubectl get svc</pre>
|
||||
<pre class="screen" id="cce_10_0142__screen206204581359">service "nginx-nodeport" created</pre>
|
||||
<p id="cce_10_0142__p1025119113593"><strong id="cce_10_0142__b1253721413598">kubectl get svc</strong></p>
|
||||
<p id="cce_10_0142__p16843163318393">If information similar to the following is displayed, the Service has been created:</p>
|
||||
<pre class="screen" id="cce_10_0142__screen250841013612"># kubectl get svc
|
||||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
kubernetes ClusterIP 10.247.0.1 <none> 443/TCP 4d8h
|
||||
nginx-nodeport NodePort 10.247.30.40 <none> 8080:30000/TCP 18s</pre>
|
||||
</p></li><li id="cce_10_0142__li167017242"><span>Access the Service. By default, a NodePort Service can be accessed using <em id="cce_10_0142__i42141413245">IP-address-of-any-node:node-port</em>. Cloud servers within the same VPC or containers within the cluster can access the Service. If an EIP is bound to a node, you can also use the EIP to access the Service.</span><p><p id="cce_10_0142__p73871952103610">Create a container in the cluster and access it using <em id="cce_10_0142__i17879211101013">IP-address-of-the-node:node-port</em>.</p>
|
||||
<ol type="a" id="cce_10_0142__ol3997137650"><li id="cce_10_0142__li13999371754">Obtain the node's IP address.<pre class="screen" id="cce_10_0142__screen1398717437518">kubectl get node -owide</pre>
|
||||
<p id="cce_10_0142__p14499469518">Command output:</p>
|
||||
<pre class="screen" id="cce_10_0142__screen529749563">NAME STATUS ROLES AGE INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
|
||||
</p></li><li id="cce_10_0142__li167017242"><span>Access the Service.</span><p><p id="cce_10_0142__p73871952103610">By default, a NodePort Service can be accessed by using <em id="cce_10_0142__i10803143503815">Any node IP address:Node port</em>.</p>
|
||||
<p id="cce_10_0142__p24297181193">The Service can be accessed from a node in another cluster in the same VPC or in another pod in the cluster. If a public IP address is bound to the node, you can also use the public IP address to access the Service. Create a container in the cluster and access the container by using <em id="cce_10_0142__i16687134818416">Node IP address:Node port</em>.</p>
|
||||
<pre class="screen" id="cce_10_0142__screen9180123572318"># kubectl get node -owide
|
||||
NAME STATUS ROLES AGE INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
|
||||
10.100.0.136 Ready <none> 152m 10.100.0.136 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://18.9.0
|
||||
10.100.0.5 Ready <none> 152m 10.100.0.5 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://18.9.0</pre>
|
||||
</li><li id="cce_10_0142__li1347113115612">Create a pod and access its container.<pre class="screen" id="cce_10_0142__screen781315586613">kubectl run -i --tty --image nginx:alpine test --rm /bin/sh</pre>
|
||||
</li><li id="cce_10_0142__li620185416610">Run the <strong id="cce_10_0142__b29247910223926">curl</strong> command to access the Service.<pre class="screen" id="cce_10_0142__screen73992296711">curl 10.100.0.136:30000</pre>
|
||||
<div class="p" id="cce_10_0142__p14486192613715">Command output:<pre class="screen" id="cce_10_0142__screen9180123572318">/ # <!DOCTYPE html>
|
||||
10.100.0.5 Ready <none> 152m 10.100.0.5 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://18.9.0
|
||||
# kubectl run -i --tty --image nginx:alpine test --rm /bin/sh
|
||||
If you do not see a command prompt, try pressing <strong id="cce_10_0142__b1596117574484">Enter</strong>.
|
||||
/ # curl 10.100.0.136:30000
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome to nginx!</title>
|
||||
@ -103,8 +101,6 @@ Commercial support is available at
|
||||
</body>
|
||||
</html>
|
||||
/ # </pre>
|
||||
</div>
|
||||
</li></ol>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -1,16 +1,15 @@
|
||||
<a name="cce_10_0144"></a><a name="cce_10_0144"></a>
|
||||
|
||||
<h1 class="topictitle1">Deploying an Application Through the Helm v3 Client</h1>
|
||||
<div id="body0000001207271506"><div class="section" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section121301535620"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0144__ul3747634144719"><li id="cce_10_0144__li10747143414714">The Kubernetes cluster created on CCE has been connected to kubectl. For details, see <a href="cce_10_0107.html#cce_10_0107__section37321625113110">Procedure</a>.</li><li id="cce_10_0144__li143264387478">To pull a public image when deploying Helm, ensure an EIP has been bound to the node.</li></ul>
|
||||
<div id="body0000001207271506"><div class="section" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section121301535620"><h4 class="sectiontitle">Prerequisites</h4><ul id="cce_10_0144__ul3747634144719"><li id="cce_10_0144__li10747143414714">The Kubernetes cluster created on CCE has been connected to kubectl. For details, see <a href="cce_10_0107.html#cce_10_0107__section37321625113110">Using kubectl</a>.</li><li id="cce_10_0144__li143264387478">To pull a public image when deploying Helm, ensure an EIP has been bound to the node.</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section3719193213815"><a name="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section3719193213815"></a><a name="en-us_topic_0226102212_en-us_topic_0179003017_section3719193213815"></a><h4 class="sectiontitle">Installing Helm v3</h4><p id="cce_10_0144__p81882426153">This section uses Helm v3.3.0 as an example.</p>
|
||||
<p id="cce_10_0144__p1421305841217">For other versions, visit <a href="https://github.com/helm/helm/releases" target="_blank" rel="noopener noreferrer">https://github.com/helm/helm/releases</a>.</p>
|
||||
<ol id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_ol1681672214911"><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li111294269913"><span>Download the Helm client from the VM connected to the cluster.</span><p><pre class="screen" id="cce_10_0144__screen1071431633617">wget https://get.helm.sh/helm-v3.3.0-linux-amd64.tar.gz</pre>
|
||||
</p></li><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li175279551567"><span>Decompress the Helm package.</span><p><pre class="screen" id="cce_10_0144__screen510114203615">tar -xzvf helm-v3.3.0-linux-amd64.tar.gz</pre>
|
||||
</p></li><li id="cce_10_0144__li840133322612"><span>Copy Helm to the system path, for example, <strong id="cce_10_0144__b1399218125508">/usr/local/bin/helm</strong>.</span><p><pre class="screen" id="cce_10_0144__screen1569255683520">mv linux-amd64/helm /usr/local/bin/helm</pre>
|
||||
</p></li><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li1443185813366"><span>Query the Helm version.</span><p><pre class="screen" id="cce_10_0144__screen29088011579">helm version</pre>
|
||||
<div class="p" id="cce_10_0144__p1683775416562">Command output:<pre class="screen" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_screen167281140143712">version.BuildInfo{Version:"v3.3.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}</pre>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li1443185813366"><span>Query the Helm version.</span><p><pre class="screen" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_screen167281140143712">helm version
|
||||
version.BuildInfo{Version:"v3.3.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}</pre>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section31686282119"><h4 class="sectiontitle">Installing the Helm Chart</h4><p id="cce_10_0144__p146495121318">You can use Helm to install a chart. Before using Helm, you may need to understand the following concepts to better use Helm:</p>
|
||||
@ -31,7 +30,7 @@
|
||||
</p></li><li id="cce_10_0144__li48391935194110"><span>View the installed chart release.</span><p><pre class="screen" id="cce_10_0144__screen774012498414">helm list</pre>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section563894210221"><h4 class="sectiontitle">Common Issues</h4><ul id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_ul101192370134"><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li811913741310">The following error message is displayed after the <strong id="cce_10_0144__b2016111479503">Helm version</strong> command is executed:<pre class="screen" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_screen5525184413388">Client:
|
||||
<div class="section" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_section563894210221"><h4 class="sectiontitle">Common Issues</h4><ul id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_ul101192370134"><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li811913741310">The following error message is displayed after the <strong id="cce_10_0144__b2016111479503">helm version</strong> command is run:<pre class="screen" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_screen5525184413388">Client:
|
||||
&version.Version{SemVer:"v3.3.0",
|
||||
GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
|
||||
E0718 11:46:10.132102 7023 portforward.go:332] an error occurred
|
||||
@ -45,18 +44,15 @@ Error: cannot connect to Tiller</pre>
|
||||
Error: Unable to find a match: socat</pre>
|
||||
<p id="cce_10_0144__p15706616131711">The node image does not contain socat. In this case, manually download the RPM chart and run the following command to install it (replace the RPM chart name with the actual one):</p>
|
||||
<pre class="screen" id="cce_10_0144__screen20151457123819">rpm -i socat-1.7.3.2-8.oe1.x86_64.rpm</pre>
|
||||
</li><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li91191237141317"><strong id="cce_10_0144__b11862845205911">Socat has been installed. When you check the Helm version, the error message "Error: cannot connect to Tiller" is displayed.</strong><pre class="screen" id="cce_10_0144__screen15226446145818">helm version</pre>
|
||||
<p id="cce_10_0144__p18833164110585">Error information:</p>
|
||||
<pre class="screen" id="cce_10_0144__screen1115245354218">Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
|
||||
</li><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li91191237141317">When the socat has been installed and the following error message is displayed after the <strong id="cce_10_0144__b37811435103310">helm version</strong> command is run:<pre class="screen" id="cce_10_0144__screen1115245354218">$ helm version
|
||||
Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
|
||||
Error: cannot connect to Tiller</pre>
|
||||
<p id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_p1035184916401">The Helm chart reads the configuration certificate in <strong id="cce_10_0144__b440965053110">.Kube/config</strong> and communicates with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see <a href="cce_10_0107.html#cce_10_0107__section37321625113110">Procedure</a>.</p>
|
||||
<p id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_p1035184916401">The Helm chart reads the configuration certificate in <strong id="cce_10_0144__b440965053110">.Kube/config</strong> to communicate with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see <a href="cce_10_0107.html#cce_10_0107__section37321625113110">Using kubectl</a>.</p>
|
||||
</li><li id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li201196379139">Storage fails to be created after you have connected to cloud storage services.<p class="msonormal" id="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_p315416137474"><a name="cce_10_0144__en-us_topic_0226102212_en-us_topic_0179003017_li201196379139"></a><a name="en-us_topic_0226102212_en-us_topic_0179003017_li201196379139"></a>This issue may be caused by the <span class="parmname" id="cce_10_0144__parmname182517013538"><b>annotation</b></span> field in the created PVC. Change the chart name and install the chart again.</p>
|
||||
</li><li id="cce_10_0144__li11477223144619"><strong id="cce_10_0144__b173513715011">If kubectl is not properly configured, the error message "Error: Kubernetes cluster unreachable..." will be displayed when you install Helm.</strong><p id="cce_10_0144__p159021091535">Example:</p>
|
||||
<pre class="screen" id="cce_10_0144__screen186793362214">helm install prometheus/ --generate-name</pre>
|
||||
<div class="p" id="cce_10_0144__p39994201210">Error information:<pre class="screen" id="cce_10_0144__screen16826143718475">WARNING: This chart is deprecated
|
||||
</li><li id="cce_10_0144__li11477223144619">If kubectl is not properly configured, the following error message is displayed after the <strong id="cce_10_0144__b1454913315318">helm install</strong> command is run:<pre class="screen" id="cce_10_0144__screen16826143718475"># helm install prometheus/ --generate-name
|
||||
WARNING: This chart is deprecated
|
||||
Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp [::1]:8080: connect: connection refused</pre>
|
||||
</div>
|
||||
<p id="cce_10_0144__p17662101616489"><strong id="cce_10_0144__b1842793204718">Solution</strong>: Configure kubeconfig for the node. For details, see <a href="cce_10_0107.html#cce_10_0107__section37321625113110">Procedure</a>.</p>
|
||||
<p id="cce_10_0144__p17662101616489"><strong id="cce_10_0144__b1842793204718">Solution</strong>: Configure kubeconfig for the node. For details, see <a href="cce_10_0107.html#cce_10_0107__section37321625113110">Using kubectl</a>.</p>
|
||||
</li></ul>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -33,7 +33,7 @@
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="78%" headers="mcps1.3.3.3.2.4.2.2.3.1.2 "><p id="cce_10_0146__p1678472115013">Describes configuration parameters required by templates.</p>
|
||||
<div class="notice" id="cce_10_0146__note11415171194911"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="cce_10_0146__p394216481648">Make sure that the image address set in the <strong id="cce_10_0146__b169837156417">values.yaml</strong> file is the same as the image address in the container image repository. Otherwise, an exception occurs when you create a workload, and the system displays a message indicating that the image fails to be pulled.</p>
|
||||
<p id="cce_10_0146__p04177113498">To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose <strong id="cce_10_0146__b860412174116">Image Repository</strong> to access the SWR console. Choose <strong id="cce_10_0146__b10171926114117">My Images</strong> > <strong id="cce_10_0146__b12372684119">Private Images</strong> and click the name of the uploaded image. On the <strong id="cce_10_0146__b223726104111">Image Tags</strong> tab page, obtain the image address from the pull command. You can click <span><img id="cce_10_0146__image292113414153" src="en-us_image_0000002253779809.png"></span> to copy the command in the <strong id="cce_10_0146__b723192619418">Image Pull Command</strong> column.</p>
|
||||
<p id="cce_10_0146__p04177113498">To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose <strong id="cce_10_0146__b860412174116">Image Repository</strong> to access the SWR console. Choose <strong id="cce_10_0146__b10171926114117">My Images</strong> > <strong id="cce_10_0146__b12372684119">Private Images</strong> and click the name of the uploaded image. On the <strong id="cce_10_0146__b223726104111">Image Tags</strong> tab page, obtain the image address from the pull command. You can click <span><img id="cce_10_0146__image292113414153" src="en-us_image_0000002101678825.png"></span> to copy the command in the <strong id="cce_10_0146__b723192619418">Image Pull Command</strong> column.</p>
|
||||
</div></div>
|
||||
</td>
|
||||
</tr>
|
||||
@ -103,7 +103,7 @@
|
||||
</div>
|
||||
<div class="section" id="cce_10_0146__section5324101171010"><h4 class="sectiontitle">Upgrading a Chart-based Workload</h4><ol id="cce_10_0146__ol1541655017447"><li id="cce_10_0146__li1869015203020"><span>Log in to the CCE console and click the cluster name to access the cluster console. Choose <strong id="cce_10_0146__b1332619365361"><span id="cce_10_0146__text1020012374467">App Templates</span></strong> in the navigation pane. In the right pane, click the <strong id="cce_10_0146__b15333103663618">Releases</strong> tab.</span></li><li id="cce_10_0146__li9260155614447"><span>Click <strong id="cce_10_0146__b624761044718">Upgrade</strong> in the row where the desired workload resides and set the parameters for the workload.</span></li><li id="cce_10_0146__li1126255674414"><span>Select a chart version for <strong id="cce_10_0146__b420264371153445">Chart Version</strong>.</span></li><li id="cce_10_0146__li1126615644417"><span>Follow the prompts to modify the chart parameters. Confirm the modification and click <strong id="cce_10_0146__b1349265264015">Upgrade</strong>.</span></li><li id="cce_10_0146__li1327935644412"><span>If the execution status is <strong id="cce_10_0146__b8151125412417">Upgraded</strong>, the workload has been upgraded.</span></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0146__section13251511191012"><h4 class="sectiontitle">Rolling Back a Chart-based Workload</h4><ol id="cce_10_0146__ol675012341451"><li id="cce_10_0146__li855613303328"><span>Log in to the CCE console and click the cluster name to access the cluster console. Choose <strong id="cce_10_0146__b5287330381"><span id="cce_10_0146__text733717447461">App Templates</span></strong> in the navigation pane. In the right pane, click the <strong id="cce_10_0146__b192885313382">Releases</strong> tab.</span></li><li id="cce_10_0146__li15170194294515"><span>Choose <strong id="cce_10_0146__b42851336162919">More</strong> > <strong id="cce_10_0146__b528583611291">Roll Back</strong> for the release to be rolled back, select the target release version, and roll the release back.</span><p><p id="cce_10_0146__p1917254212454">In the workload list, if the status is <strong id="cce_10_0146__b250435233917">Rollback successful</strong>, the workload is rolled back successfully.</p>
|
||||
<div class="section" id="cce_10_0146__section13251511191012"><h4 class="sectiontitle">Rolling Back a Chart-based Workload</h4><ol id="cce_10_0146__ol675012341451"><li id="cce_10_0146__li855613303328"><span>Log in to the CCE console and click the cluster name to access the cluster console. Choose <strong id="cce_10_0146__b5287330381"><span id="cce_10_0146__text733717447461">App Templates</span></strong> in the navigation pane. In the right pane, click the <strong id="cce_10_0146__b192885313382">Releases</strong> tab.</span></li><li id="cce_10_0146__li15170194294515"><span>Click <strong id="cce_10_0146__b42851336162919">More</strong> > <strong id="cce_10_0146__b528583611291">Roll Back</strong> for the workload to be rolled back, select the workload version, and click <strong id="cce_10_0146__b14293173618298">Roll back</strong> <strong id="cce_10_0146__b4293436172920">to this version</strong>.</span><p><p id="cce_10_0146__p1917254212454">In the workload list, if the status is <strong id="cce_10_0146__b250435233917">Rollback successful</strong>, the workload is rolled back successfully.</p>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0146__section15325151161011"><h4 class="sectiontitle">Uninstalling a Chart-based Workload</h4><ol id="cce_10_0146__ol14516921124612"><li id="cce_10_0146__li1824033814320"><span>Log in to the CCE console and click the cluster name to access the cluster console. Choose <strong id="cce_10_0146__b1272811919383"><span id="cce_10_0146__text14894473461">App Templates</span></strong> in the navigation pane. In the right pane, click the <strong id="cce_10_0146__b27281918386">Releases</strong> tab.</span></li><li id="cce_10_0146__li33382293172417"><span>Click <strong id="cce_10_0146__b842352706172523">More</strong> > <strong id="cce_10_0146__b842352706172527">Uninstall</strong> next to the release to be uninstalled, and click <strong id="cce_10_0146__b842352706172547">Yes</strong>. Exercise caution when performing this operation because releases cannot be restored after being uninstalled.</span></li></ol>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -33,7 +33,7 @@
|
||||
<tr id="cce_10_0152__row133224252315"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="cce_10_0152__p23228259314">Data</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="84%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="cce_10_0152__p085820352295">Data of a ConfigMap, in the key-value pair format.</p>
|
||||
<p id="cce_10_0152__p15328144616261">Click <span><img id="cce_10_0152__image12816235293" src="en-us_image_0000002253620097.png"></span> to add data. The value can be in string, JSON, or YAML format.</p>
|
||||
<p id="cce_10_0152__p15328144616261">Click <span><img id="cce_10_0152__image12816235293" src="en-us_image_0000002101597461.png"></span> to add data. The value can be in string, JSON, or YAML format.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0152__row123142814330"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="cce_10_0152__p17322225134">Label</p>
|
||||
@ -47,8 +47,7 @@
|
||||
</p></li><li id="cce_10_0152__li11187141015461"><span>Click <span class="uicontrol" id="cce_10_0152__uicontrol424264973103651"><b>OK</b></span>.</span><p><p id="cce_10_0152__p018781015461">The new ConfigMap is displayed in the ConfigMap list.</p>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0152__section639712716372"><h4 class="sectiontitle">Creating a ConfigMap Using kubectl</h4><ol id="cce_10_0152__ol4681114115209"><li id="cce_10_0152__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0152__li1020013819415"><span>Create a file named <strong id="cce_10_0152__b4906313131317">cce-configmap.yaml</strong> and edit it.</span><p><pre class="screen" id="cce_10_0152__screen1589435019486">vi cce-configmap.yaml</pre>
|
||||
<p id="cce_10_0152__p1046711442481">File content:</p>
|
||||
<div class="section" id="cce_10_0152__section639712716372"><h4 class="sectiontitle">Creating a ConfigMap Using kubectl</h4><ol id="cce_10_0152__ol4681114115209"><li id="cce_10_0152__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0152__li1020013819415"><span>Create a file named <strong id="cce_10_0152__b4906313131317">cce-configmap.yaml</strong> and edit it.</span><p><p id="cce_10_0152__p106999147413"><strong id="cce_10_0152__b6469155655719">vi cce-configmap.yaml</strong></p>
|
||||
<pre class="screen" id="cce_10_0152__screen1245419316221">apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
@ -57,39 +56,38 @@ data:
|
||||
SPECIAL_LEVEL: Hello
|
||||
SPECIAL_TYPE: CCE</pre>
|
||||
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0152__table12719161619361" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Key parameters</caption><thead align="left"><tr id="cce_10_0152__row3720131620366"><th align="left" class="cellrowborder" valign="top" width="24%" id="mcps1.3.4.2.2.2.4.2.3.1.1"><p id="cce_10_0152__p18720131623617">Parameter</p>
|
||||
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0152__table12719161619361" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Key parameters</caption><thead align="left"><tr id="cce_10_0152__row3720131620366"><th align="left" class="cellrowborder" valign="top" width="24%" id="mcps1.3.4.2.2.2.3.2.3.1.1"><p id="cce_10_0152__p18720131623617">Parameter</p>
|
||||
</th>
|
||||
<th align="left" class="cellrowborder" valign="top" width="76%" id="mcps1.3.4.2.2.2.4.2.3.1.2"><p id="cce_10_0152__p17720121653614">Description</p>
|
||||
<th align="left" class="cellrowborder" valign="top" width="76%" id="mcps1.3.4.2.2.2.3.2.3.1.2"><p id="cce_10_0152__p17720121653614">Description</p>
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody><tr id="cce_10_0152__row8720916133613"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.4.2.3.1.1 "><p id="cce_10_0152__p772021653614">apiVersion</p>
|
||||
<tbody><tr id="cce_10_0152__row8720916133613"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.3.2.3.1.1 "><p id="cce_10_0152__p772021653614">apiVersion</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.4.2.3.1.2 "><p id="cce_10_0152__p147201516103614">The value is fixed at <strong id="cce_10_0152__b1589795210347">v1</strong>.</p>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.3.2.3.1.2 "><p id="cce_10_0152__p147201516103614">The value is fixed at <strong id="cce_10_0152__b1589795210347">v1</strong>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0152__row1720161615364"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.4.2.3.1.1 "><p id="cce_10_0152__p1772071616363">kind</p>
|
||||
<tr id="cce_10_0152__row1720161615364"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.3.2.3.1.1 "><p id="cce_10_0152__p1772071616363">kind</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.4.2.3.1.2 "><p id="cce_10_0152__p197201616143611">The value is fixed at <strong id="cce_10_0152__b658920156362">ConfigMap</strong>.</p>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.3.2.3.1.2 "><p id="cce_10_0152__p197201616143611">The value is fixed at <strong id="cce_10_0152__b658920156362">ConfigMap</strong>.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0152__row1672081618369"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.4.2.3.1.1 "><p id="cce_10_0152__p572019167368">metadata.name</p>
|
||||
<tr id="cce_10_0152__row1672081618369"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.3.2.3.1.1 "><p id="cce_10_0152__p572019167368">metadata.name</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.4.2.3.1.2 "><p id="cce_10_0152__p4720161673614">ConfigMap name, which can be customized.</p>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.3.2.3.1.2 "><p id="cce_10_0152__p4720161673614">ConfigMap name, which can be customized.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="cce_10_0152__row2720191653616"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.4.2.3.1.1 "><p id="cce_10_0152__p372051610367">data</p>
|
||||
<tr id="cce_10_0152__row2720191653616"><td class="cellrowborder" valign="top" width="24%" headers="mcps1.3.4.2.2.2.3.2.3.1.1 "><p id="cce_10_0152__p372051610367">data</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.4.2.3.1.2 "><p id="cce_10_0152__p1156792763711">ConfigMap data. The value must be key-value pairs.</p>
|
||||
<td class="cellrowborder" valign="top" width="76%" headers="mcps1.3.4.2.2.2.3.2.3.1.2 "><p id="cce_10_0152__p1156792763711">ConfigMap data. The value must be key-value pairs.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</p></li><li id="cce_10_0152__li788331518303"><span>Run the following commands to create a ConfigMap.</span><p><pre class="screen" id="cce_10_0152__screen18339194013488">kubectl create -f cce-configmap.yaml</pre>
|
||||
</p></li><li id="cce_10_0152__li788331518303"><span>Run the following commands to create a ConfigMap.</span><p><p id="cce_10_0152__p3315182011255"><strong id="cce_10_0152__b56467233250">kubectl create -f cce-configmap.yaml</strong></p>
|
||||
<p id="cce_10_0152__p19951259123710">Run the following commands to view the created ConfigMap:</p>
|
||||
<pre class="screen" id="cce_10_0152__screen876922710488">kubectl get cm</pre>
|
||||
<p id="cce_10_0152__p11502172118484">Command output:</p>
|
||||
<p id="cce_10_0152__p11761214251"><strong id="cce_10_0152__b96501723152519">kubectl get cm</strong></p>
|
||||
<pre class="screen" id="cce_10_0152__screen47118476349">NAME DATA AGE
|
||||
cce-configmap 3 7m</pre>
|
||||
</p></li></ol>
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
<tr id="cce_10_0153__row133224252315"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="cce_10_0153__p23228259314">Secret Data</p>
|
||||
</td>
|
||||
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="cce_10_0153__p133223251335">Workload secret data can be used in containers.</p>
|
||||
<ul id="cce_10_0153__ul180611337469"><li id="cce_10_0153__li108069333468">If <strong id="cce_10_0153__b10282732165415">Secret Type</strong> is <strong id="cce_10_0153__b1449613357547">Opaque</strong>, click <span><img id="cce_10_0153__image12816235293" src="en-us_image_0000002253620365.png"></span>. In the dialog box displayed, enter a key-value pair and select <strong id="cce_10_0153__b31811921195517">Auto Base64 Encoding</strong>.</li><li id="cce_10_0153__li1536053764716">If <strong id="cce_10_0153__b17791104012492">Secret Type</strong> is <strong id="cce_10_0153__b722045644918">kubernetes.io/dockerconfigjson</strong>, enter the account and password for logging in to the private image repository.</li><li id="cce_10_0153__li17736104214478">If <strong id="cce_10_0153__b1214075424815">Secret Type</strong> is <strong id="cce_10_0153__b37767205275">kubernetes.io/tls</strong> or <strong id="cce_10_0153__b162903173270">IngressTLS</strong>, upload the certificate file and private key file.<div class="note" id="cce_10_0153__note1890215211325"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0153__ul1280017919332"><li id="cce_10_0153__li14977104417334">A certificate is a self-signed or CA-signed credential used for identity authentication.</li><li id="cce_10_0153__li6236332143310">A certificate request is a request for a signature with a private key.</li></ul>
|
||||
<ul id="cce_10_0153__ul180611337469"><li id="cce_10_0153__li108069333468">If <strong id="cce_10_0153__b10282732165415">Secret Type</strong> is <strong id="cce_10_0153__b1449613357547">Opaque</strong>, click <span><img id="cce_10_0153__image12816235293" src="en-us_image_0000002101597689.png"></span>. In the dialog box displayed, enter a key-value pair and select <strong id="cce_10_0153__b31811921195517">Auto Base64 Encoding</strong>.</li><li id="cce_10_0153__li1536053764716">If <strong id="cce_10_0153__b17791104012492">Secret Type</strong> is <strong id="cce_10_0153__b722045644918">kubernetes.io/dockerconfigjson</strong>, enter the account and password for logging in to the private image repository.</li><li id="cce_10_0153__li17736104214478">If <strong id="cce_10_0153__b1214075424815">Secret Type</strong> is <strong id="cce_10_0153__b37767205275">kubernetes.io/tls</strong> or <strong id="cce_10_0153__b162903173270">IngressTLS</strong>, upload the certificate file and private key file.<div class="note" id="cce_10_0153__note1890215211325"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="cce_10_0153__ul1280017919332"><li id="cce_10_0153__li14977104417334">A certificate is a self-signed or CA-signed credential used for identity authentication.</li><li id="cce_10_0153__li6236332143310">A certificate request is a request for a signature with a private key.</li></ul>
|
||||
</div></div>
|
||||
</li></ul>
|
||||
</td>
|
||||
@ -67,7 +67,7 @@ data:
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mysecret #Secret name
|
||||
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1336107326">default</strong>.
|
||||
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1409733130">default</strong>.
|
||||
data:
|
||||
<strong id="cce_10_0153__b196671430132319">.dockerconfigjson: eyJh</strong><strong id="cce_10_0153__b1052142752319">*****</strong> # Content encoded using Base64.
|
||||
<strong id="cce_10_0153__b18496153310233">type: kubernetes.io/dockerconfigjson</strong></pre>
|
||||
@ -86,7 +86,7 @@ data:
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: mysecret #Secret name
|
||||
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b2067617543">default</strong>.
|
||||
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b2015913490">default</strong>.
|
||||
data:
|
||||
tls.crt: <strong id="cce_10_0153__b1479454093611">LS0tLS1CRU*****FURS0tLS0t</strong> # Certificate content, which must be encoded using Base64.
|
||||
tls.key: <strong id="cce_10_0153__b3794134014361">LS0tLS1CRU*****VZLS0tLS0=</strong> # Private key content, which must be encoded using Base64.
|
||||
@ -96,7 +96,7 @@ data:
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: mysecret #Secret name
|
||||
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1705799734">default</strong>.
|
||||
namespace: default #Namespace. The default value is <strong id="cce_10_0153__b1720369997">default</strong>.
|
||||
data:
|
||||
tls.crt: <strong id="cce_10_0153__b4259755912">LS0tLS1CRU*****FURS0tLS0t</strong> # Certificate content, which must be encoded using Base64.
|
||||
tls.key: <strong id="cce_10_0153__b1522022111010">LS0tLS1CRU*****VZLS0tLS0=</strong> # Private key content, which must be encoded using Base64.
|
||||
@ -104,9 +104,9 @@ data:
|
||||
</div>
|
||||
</li></ul>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0153__section821112149514"><h4 class="sectiontitle">Creating a Secret Using kubectl</h4><ol id="cce_10_0153__ol4681114115209"><li id="cce_10_0153__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Accessing a Cluster Using kubectl</a>.</span></li><li id="cce_10_0153__li155943815457"><span>Encode the secret value using Base64.</span><p><pre class="screen" id="cce_10_0153__screen125601038144519"># echo -n "<em id="cce_10_0153__i121420352248">content-to-be-encoded</em>" | base64
|
||||
<div class="section" id="cce_10_0153__section821112149514"><h4 class="sectiontitle">Creating a Secret Using kubectl</h4><ol id="cce_10_0153__ol4681114115209"><li id="cce_10_0153__li1681024195710"><span>Use kubectl to access the cluster. For details, see <a href="cce_10_0107.html">Connecting to a Cluster Using kubectl</a>.</span></li><li id="cce_10_0153__li198031614164419"><span>Create and edit the Base64-encoded <strong id="cce_10_0153__b3176599254">cce-secret.yaml</strong> file.</span><p><pre class="screen" id="cce_10_0153__screen1658792012013"># echo -n "<em id="cce_10_0153__i25185217413">content to be encoded</em>" | base64
|
||||
******</pre>
|
||||
</p></li><li id="cce_10_0153__li198031614164419"><span>Create a file named <strong id="cce_10_0153__b1296426192519">cce-secret.yaml</strong> and edit it.</span><p><pre class="screen" id="cce_10_0153__screen187423015467">vi cce-secret.yaml</pre>
|
||||
<p id="cce_10_0153__p19354756165916"><strong id="cce_10_0153__b1577616471020">vi cce-secret.yaml</strong></p>
|
||||
<p id="cce_10_0153__p19299131315315">The following YAML file uses the Opaque type as an example. For details about other types, see <a href="#cce_10_0153__section187197531454">Secret Resource File Configuration Example</a>.</p>
|
||||
<pre class="screen" id="cce_10_0153__screen1530717111302">apiVersion: v1
|
||||
kind: Secret
|
||||
@ -115,15 +115,15 @@ metadata:
|
||||
type: Opaque
|
||||
data:
|
||||
<strong id="cce_10_0153__b73182011543"><i><span class="varname" id="cce_10_0153__varname11318150125411"><your_key></span></i>: <i><span class="varname" id="cce_10_0153__varname7318205545"><your_value></span></i></strong> # Enter a key-value pair. The value must be encoded using Base64.</pre>
|
||||
</p></li><li id="cce_10_0153__li788331518303"><span>Create a secret.</span><p><pre class="screen" id="cce_10_0153__screen12695194364619">kubectl create -f cce-secret.yaml</pre>
|
||||
</p></li><li id="cce_10_0153__li788331518303"><span>Create a secret.</span><p><p id="cce_10_0153__p3315182011255"><strong id="cce_10_0153__b56467233250">kubectl create -f cce-secret.yaml</strong></p>
|
||||
<p id="cce_10_0153__p2239132312114">You can query the secret after creation.</p>
|
||||
<pre class="screen" id="cce_10_0153__screen148224794618">kubectl get secret -n default</pre>
|
||||
<p id="cce_10_0153__p11761214251"><strong id="cce_10_0153__b96501723152519">kubectl get secret -n default</strong></p>
|
||||
</p></li></ol>
|
||||
</div>
|
||||
<div class="section" id="cce_10_0153__section359413445405"><h4 class="sectiontitle">Related Operations</h4><div class="p" id="cce_10_0153__p1010361816508">After creating a secret, you can update or delete it as described in <a href="#cce_10_0153__table555785274319">Table 2</a>.<div class="note" id="cce_10_0153__note1655192725017"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0153__p10656327115010">The secret list contains system secret resources that can be queried only. The system secret resources cannot be updated or deleted.</p>
|
||||
</div></div>
|
||||
|
||||
<div class="tablenoborder"><a name="cce_10_0153__table555785274319"></a><a name="table555785274319"></a><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0153__table555785274319" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Related operations</caption><thead align="left"><tr id="cce_10_0153__row19412155014112"><th align="left" class="cellrowborder" valign="top" width="32%" id="mcps1.3.6.2.3.2.3.1.1"><p id="cce_10_0153__p154122501516">Operation</p>
|
||||
<div class="tablenoborder"><a name="cce_10_0153__table555785274319"></a><a name="table555785274319"></a><table cellpadding="4" cellspacing="0" summary="" id="cce_10_0153__table555785274319" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Related Operations</caption><thead align="left"><tr id="cce_10_0153__row19412155014112"><th align="left" class="cellrowborder" valign="top" width="32%" id="mcps1.3.6.2.3.2.3.1.1"><p id="cce_10_0153__p154122501516">Operation</p>
|
||||
</th>
|
||||
<th align="left" class="cellrowborder" valign="top" width="68%" id="mcps1.3.6.2.3.2.3.1.2"><p id="cce_10_0153__p94129501313">Description</p>
|
||||
</th>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -6,7 +6,7 @@
|
||||
<div class="section" id="cce_10_0163__section13440617205217"><h4 class="sectiontitle">Request and Limit</h4><div class="p" id="cce_10_0163__p121528405515">For <strong id="cce_10_0163__b121101859195012">CPU</strong> and <strong id="cce_10_0163__b121791010175117">Memory</strong>, the meanings of <strong id="cce_10_0163__b1786325155119">Request</strong> and <strong id="cce_10_0163__b612616286514">Limit</strong> are as follows:<ul id="cce_10_0163__ul98184925015"><li id="cce_10_0163__li12682639175017"><strong id="cce_10_0163__b155301617155118">Request</strong>: The system schedules a pod to the node that meets the requirements for workload deployment based on the request value.</li><li id="cce_10_0163__li123709447505"><strong id="cce_10_0163__b1369173012404">Limit</strong>: The system limits the resources used by the workload based on the limit value.</li></ul>
|
||||
</div>
|
||||
<p id="cce_10_0163__p1120211182112">If a node has sufficient resources, the pod on this node can use more resources than requested, but no more than limited.</p>
|
||||
<p id="cce_10_0163__p674483812274">For example, if you set a pod's memory request to 1 GiB and its limit to 2 GiB, and the pod is scheduled on a node with 8 GiB of memory (with no other pods running), the pod can use more than 1 GiB of memory under heavy load, but its memory usage will be capped at 2 GiB. If a process in a container attempts to use more than 2 GiB resources, the system kernel attempts to terminate the process. As a result, an out of memory (OOM) error occurs.</p>
|
||||
<p id="cce_10_0163__p674483812274">For example, if you set the memory request of a container to 1 GiB and the limit value to 2 GiB, a pod is scheduled to a node with 8 GiB CPUs with no other pod running. In this case, the pod can use more than 1 GiB memory when the load is heavy, but the memory usage cannot exceed 2 GiB. If a process in a container attempts to use more than 2 GiB resources, the system kernel attempts to terminate the process. As a result, an out of memory (OOM) error occurs.</p>
|
||||
<div class="note" id="cce_10_0163__note44961356161012"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0163__p176193114221">When creating a workload, you are advised to set the upper and lower limits of CPU and memory resources. If the upper and lower resource limits are not set for a workload, a resource leak of this workload will make resources unavailable for other workloads deployed on the same node. In addition, workloads that do not have upper and lower resource limits cannot be accurately monitored.</p>
|
||||
</div></div>
|
||||
</div>
|
||||
@ -55,7 +55,7 @@
|
||||
</table>
|
||||
</div>
|
||||
<p id="cce_10_0163__p19399171422017"><strong id="cce_10_0163__b71614421416">Recommended configuration</strong></p>
|
||||
<p id="cce_10_0163__p151281711539">Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (<strong id="cce_10_0163__b1223046360">Resource Management</strong> > <strong id="cce_10_0163__b979924555">Nodes</strong> > <strong id="cce_10_0163__b1919449136">Allocatable</strong>).</p>
|
||||
<p id="cce_10_0163__p151281711539">Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (<strong id="cce_10_0163__b531767841">Resource Management</strong> > <strong id="cce_10_0163__b39759337">Nodes</strong> > <strong id="cce_10_0163__b1758491992">Allocatable</strong>).</p>
|
||||
</li></ul>
|
||||
<div class="note" id="cce_10_0163__note96535331218"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="cce_10_0163__p73492457214">The allocatable resources are calculated based on the resource request value (<strong id="cce_10_0163__b1985192711107">Request</strong>), which indicates the upper limit of resources that can be requested by pods on this node, but does not indicate the actual available resources of the node (for details, see <a href="#cce_10_0163__section17887209103612">Example of CPU and Memory Quota Usage</a>). The calculation formula is as follows:</p>
|
||||
<ul id="cce_10_0163__ul259653921"><li id="cce_10_0163__li1259253828">Allocatable CPU = Total CPU – Requested CPU of all pods – Reserved CPU for other resources</li><li id="cce_10_0163__li15913539216">Allocatable memory = Total memory – Requested memory of all pods – Reserved memory for other resources</li></ul>
|
||||
|
||||
@ -10,8 +10,6 @@
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0189.html">Namespace Permissions (Kubernetes RBAC-based)</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0957.html">Using the AccessPolicy API to Manage Namespace Permissions (Kubernetes RBAC-based)</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0245.html">Example: Designing and Configuring Permissions for Users in a Department</a></strong><br>
|
||||
</li>
|
||||
<li class="ulchildlink"><strong><a href="cce_10_0190.html">Permission Dependency of the CCE Console</a></strong><br>
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user