Scenario

System Steward consists of system check and system hardening. This topic describes the system hardening function.

In system hardening, system components, such as the CoreDNS add-on, are hardened. Currently, CCE supports automatic horizontal scaling using the CoreDNS add-on. The number of pods is automatically scaled based on the number of CoreDNS requests to prevent CoreDNS resolution performance deterioration or resolution timeout due to excessive requests.

You can also view the monitoring metrics of the Horizontal Pod Autoscaler (HPA), autoscaler, and Prometheus on System Steward > System Hardening.

Prerequisites

• Before using the system hardening function, you need to install the prometheus add-on, which is used to monitor the system and report alarms. Horizontal scaling is performed by the coredns add-on based on the custom Prometheus metrics coredns_dns_request_count_total.
• Before using coredns for horizontal scaling, you need to install the coredns add-on, which is a DNS server that provides the domain name resolution service for Kubernetes. coredns chains plug-ins to provide additional features. This add-on is mandatory when you create a cluster. If you have manually deleted it, reinstall it.
• Before viewing HPA monitoring metrics, you need to install the cce-hpa-controller add-on. cce-hpa-controller is a CCE-developed add-on, which can be used to flexibly scale in or out Deployments based on metrics such as CPU usage and memory usage.
• Before viewing the monitoring metrics of the autoscaler, you need to install the autoscaler add-on. The autoscaler add-on is used to automatically scale in or out nodes in a Kubernetes cluster.

Configuring Horizontal Scaling Policies Based on coredns

1. Log in to the CCE console. In the navigation pane on the left, choose System Steward > System Hardening.
2. On the System Hardening page, the Horizontal coredns Scaling tab page is displayed.

   If the coredns and prometheus add-ons are not installed, install them as prompted on the tab page. After the add-ons are installed, choose System Steward > System Hardening and perform operations as required.

   

   If the add-ons have been installed, you can perform operations as required on the System Hardening page.

   

3. In the Horizontal coredns Scaling Policy area, configure the following parameters (parameters marked with an asterisk (*) are mandatory):
   

   If the coredns and prometheus add-ons have not been installed, horizontal scaling policies using the coredns add-on cannot be configured.

   Table 1 Configuration Parameters

   Parameter	Description
   * Instances	Set the pod scaling scope based on service requirements.
   Metric	Number of CoreDNS requests, which cannot be changed.
   * Trigger value	You are advised to set the threshold based on the specifications selected during the CoreDNS add-on installation. For example, if the CoreDNS add-on specification is 2500 (concurrent domain name resolution capability: 2500 QPS for external domain names and 10000 QPS for internal domain names), the recommended threshold is 10000.
   Tolerance	The default value is 10%, which cannot be changed. This parameter indicates the fluctuation range of the actual value of monitoring metrics compared to their target value. When the actual value exceeds the fluctuation range, scaling is triggered.

4. Click Configure Now.

Related Operations

After the horizontal coredns scaling policy is configured, you can view the average number of coredns requests per second, policy configuration information, and Kubernetes events.

Click Modify at the row of Policy Configuration to modify the pod quantity range and triggering threshold. After the modification is complete, click OK to update the scaling policy configuration.

Click Delete at the row of Policy Configuration. In the dialog box displayed, click OK to delete the scaling policy. Deleted policies cannot be recovered. Exercise caution when performing this operation.