Cloud Container Engine
Cloud Container Engine
- What's New
- Function Overview
-
Product Bulletin
- Latest Notices
- Product Change Notices
- Cluster Version Release Notes
-
Vulnerability Notices
- Vulnerability Fixing Policies
- Notice of the NGINX Ingress Controller Vulnerabilities (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, and CVE-2025-24514)
- Notice of Kubernetes Security Vulnerability (CVE-2025-0426)
- Notice of Kubernetes Security Vulnerability (CVE-2024-10220)
- Notice of Kubernetes Security Vulnerabilities (CVE-2024-9486 and CVE-2024-9594)
- Notice of Container Escape Vulnerability in NVIDIA Container Toolkit (CVE-2024-0132)
- Notice of Linux Remote Code Execution Vulnerability in CUPS (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177)
- Notice of the NGINX Ingress Controller Vulnerability That Allows Attackers to Bypass Annotation Validation (CVE-2024-7646)
- Notice of Docker Engine Vulnerability That Allows Attackers to Bypass AuthZ (CVE-2024-41110)
- Notice of Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086)
- Notice of OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387)
- Notice of runC systemd Attribute Injection Vulnerability (CVE-2024-3154)
- Notice of the Impact of runC Vulnerability (CVE-2024-21626)
- Notice of Kubernetes Security Vulnerability (CVE-2022-3172)
- Notice of Privilege Escalation Vulnerability in Linux Kernel openvswitch Module (CVE-2022-2639)
- Notice of nginx-ingress Add-on Security Vulnerability (CVE-2021-25748)
- Notice of nginx-ingress Security Vulnerabilities (CVE-2021-25745 and CVE-2021-25746)
- Notice of containerd Process Privilege Escalation Vulnerability (CVE-2022-24769)
- Notice of CRI-O Container Runtime Engine Arbitrary Code Execution Vulnerability (CVE-2022-0811)
- Notice of Container Escape Vulnerability Caused by the Linux Kernel (CVE-2022-0492)
- Notice of Non-Security Handling Vulnerability of containerd Image Volumes (CVE-2022-23648)
- Notice of Linux Kernel Integer Overflow Vulnerability (CVE-2022-0185)
- Notice of Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
- Notice of Vulnerability of Kubernetes subPath Symlink Exchange (CVE-2021-25741)
- Notice of runC Vulnerability That Allows a Container Filesystem Breakout via Directory Traversal (CVE-2021-30465)
- Notice of Docker Resource Management Vulnerability (CVE-2021-21285)
- Notice of NVIDIA GPU Driver Vulnerability (CVE-2021-1056)
- Notice of the Sudo Buffer Vulnerability (CVE-2021-3156)
- Notice of the Kubernetes Security Vulnerability (CVE-2020-8554)
- Notice of Apache containerd Security Vulnerability (CVE-2020-15257)
- Notice of Docker Engine Input Verification Vulnerability (CVE-2020-13401)
- Notice of Kubernetes kube-apiserver Input Verification Vulnerability (CVE-2020-8559)
- Notice of Kubernetes kubelet Resource Management Vulnerability (CVE-2020-8557)
- Notice of Kubernetes kubelet and kube-proxy Authorization Vulnerability (CVE-2020-8558)
- Notice of Fixing the Kubernetes HTTP/2 Vulnerability
- Notice of Fixing the Linux Kernel SACK Vulnerabilities
- Notice of Fixing the Docker Command Injection Vulnerability (CVE-2019-5736)
- Notice of Fixing the Kubernetes Permission and Access Control Vulnerability (CVE-2018-1002105)
- Notice of Fixing the Kubernetes Dashboard Security Vulnerability (CVE-2018-18264)
-
Product Release Notes
-
Cluster Versions
- Kubernetes Version Policy
-
Kubernetes Version Release Notes
- Kubernetes 1.30 Release Notes
- Kubernetes 1.29 Release Notes
- Kubernetes 1.28 Release Notes
- Kubernetes 1.27 Release Notes
- Kubernetes 1.25 Release Notes
- Kubernetes 1.23 Release Notes
- Kubernetes 1.21 (EOM) Release Notes
- Kubernetes 1.19 (EOM) Release Notes
- Kubernetes 1.17 (EOM) Release Notes
- Kubernetes 1.15 (EOM) Release Notes
- Kubernetes 1.13 (EOM) Release Notes
- Kubernetes 1.11 (EOM) Release Notes
- Kubernetes 1.9 (EOM) and Earlier Versions Release Notes
- Patch Versions
- OS Images
-
Add-on Versions
- CoreDNS Release History
- CCE Container Storage (Everest) Release History
- CCE Node Problem Detector Release History
- Kubernetes Dashboard Release History
- CCE Cluster Autoscaler Release History
- NGINX Ingress Controller Release History
- Kubernetes Metrics Server Release History
- CCE Advanced HPA Release History
- CCE AI Suite (NVIDIA GPU) Release History
- CCE AI Suite (Ascend NPU) Release History
- Volcano Scheduler Release History
- CCE Secrets Manager for DEW Release History
- CCE Network Metrics Exporter Release History
- NodeLocal DNSCache Release History
- Cloud Native Cluster Monitoring Release History
- Cloud Native Log Collection Release History
- OpenKruise Release History
- Gatekeeper Release History
- Vertical Pod Autoscaler Release History
- Prometheus (End of Maintenance) Release History
-
Cluster Versions
- Service Overview
- Billing
- Kubernetes Basics
- Getting Started
-
User Guide
- High-Risk Operations
-
Clusters
- Cluster Overview
-
Cluster Version Release Notes
-
Kubernetes Version Release Notes
- Kubernetes 1.30 Release Notes
- Kubernetes 1.29 Release Notes
- Kubernetes 1.28 Release Notes
- Kubernetes 1.27 Release Notes
- Kubernetes 1.25 Release Notes
- Kubernetes 1.23 Release Notes
- Kubernetes 1.21 (EOM) Release Notes
- Kubernetes 1.19 (EOM) Release Notes
- Kubernetes 1.17 (EOM) Release Notes
- Kubernetes 1.15 (EOM) Release Notes
- Kubernetes 1.13 (EOM) Release Notes
- Kubernetes 1.11 (EOM) Release Notes
- Release Notes for Kubernetes 1.9 (EOM) and Earlier Versions
- Patch Version Release Notes
-
Kubernetes Version Release Notes
- Buying a Cluster
- Accessing a Cluster
-
Managing Clusters
- Modifying Cluster Configurations
- Enabling Overload Control for a Cluster
- Changing a Cluster Scale
- Changing the Default Security Group of a Node
- Deleting a Cluster
- Preventing Cluster Deletion
- Hibernating or Waking Up a Cluster
- Renewing a Yearly/Monthly Cluster
- Changing the Billing Mode of a Cluster from Pay-per-Use to Yearly/Monthly
-
Upgrading a Cluster
- Cluster Upgrade Overview
- Before You Start
- Performing Post-Upgrade Verification
- Migrating Services Across Clusters of Different Versions
-
Troubleshooting for Pre-upgrade Check Exceptions
- Pre-upgrade Check
- Node Restrictions
- Upgrade Management
- Add-ons
- Helm Charts
- SSH Connectivity of Master Nodes
- Node Pools
- Security Groups
- Arm Node Restrictions
- Residual Nodes
- Discarded Kubernetes Resources
- Compatibility Risks
- CCE Agent Versions
- Node CPU Usage
- CRDs
- Node Disks
- Node DNS
- Node Key Directory File Permissions
- kubelet
- Node Memory
- Node Clock Synchronization Server
- Node OS
- Node CPU Cores
- Node Python Commands
- ASM Version
- Node Readiness
- Node journald
- containerd.sock
- Internal Error
- Node Mount Points
- Kubernetes Node Taints
- Everest Restrictions
- cce-hpa-controller Limitations
- Enhanced CPU Policies
- Health of Worker Node Components
- Health of Master Node Components
- Memory Resource Limit of Kubernetes Components
- Discarded Kubernetes APIs
- IPv6 Support in CCE Turbo Clusters
- NetworkManager
- Node ID File
- Node Configuration Consistency
- Node Configuration File
- CoreDNS Configuration Consistency
- sudo
- Key Node Commands
- Mounting of a Sock File on a Node
- HTTPS Load Balancer Certificate Consistency
- Node Mounting
- Login Permissions of User paas on a Node
- Private IPv4 Addresses of Load Balancers
- Historical Upgrade Records
- CIDR Block of the Cluster Management Plane
- CCE AI Suite (NVIDIA GPU) Exceptions
- Nodes' System Parameters
- Residual Package Version Data
- Node Commands
- Node Swap
- NGINX Ingress Controller
- Upgrade of Cloud Native Cluster Monitoring
- containerd Pod Restart Risks
- Key CCE AI Suite (NVIDIA GPU) Parameters
- GPU or NPU Pod Rebuild Risks
- ELB Listener Access Control
- Master Node Flavor
- Subnet Quota of Master Nodes
- Node Runtime
- Node Pool Runtime
- Number of Node Images
- OpenKruise Compatibility Check
- Compatibility Check of Secret Encryption
- Compatibility Between the Ubuntu Kernel and GPU Driver
- Drainage Tasks
- Image Layers on a Node
- Cluster Rolling Upgrade
- Rotation Certificates
- Ingress and ELB Configuration Consistency
-
Nodes
- Node Overview
- Container Engines
- Node OSs
- Creating a Node
- Accepting Nodes for Management
- Logging In to a Node
-
Management Nodes
- Managing Node Labels
- Managing Node Taints
- Resetting a Node
- Removing a Node
- Synchronizing the Data of Cloud Servers
- Draining a Node
- Deleting or Unsubscribing from a Node
- Changing the Billing Mode of a Node to Yearly/Monthly
- Modifying the Auto-Renewal Configuration of a Yearly/Monthly Node
- Stopping a Node
- Performing Rolling Upgrade for Nodes
-
Node O&M
- Node Resource Reservation Policy
- Space Allocation of a Data Disk
- Maximum Number of Pods That Can Be Created on a Node
- Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community
- Migrating Nodes from Docker to containerd
- Optimizing Node System Parameters
- Configuring Node Fault Detection Policies
- Node Pools
-
Workloads
- Workload Overview
- Creating a Workload
-
Configuring a Workload
- Secure Runtime and Common Runtime
- Configuring Time Zone Synchronization
- Configuring an Image Pull Policy
- Using Third-Party Images
- Configuring Container Specifications
- Configuring Container Lifecycle Parameters
- Configuring Container Health Check
- Configuring Environment Variables
- Configuring Workload Upgrade Policies
- Configuring Tolerance Policies
- Configuring Labels and Annotations
- Scheduling a Workload
- Logging In to a Container
- Managing Workloads
- Managing Custom Resources
- Pod Security
-
Scheduling
- Scheduling Overview
- CPU Scheduling
- GPU Scheduling
- NPU Scheduling
- Volcano Scheduling
- Cloud Native Hybrid Deployment
-
Networking
- Networking Overview
-
Container Networks
- Overview
-
Cloud Native Network 2.0 Settings
- Cloud Native Network 2.0
- Configuring a Default Container Subnet for a CCE Turbo Cluster
- Binding a Security Group to a Pod Using an Annotation
- Binding a Security Group to a Workload Using a Security Group Policy
- Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration
- Configuring an EIP for a Pod
- Configuring a Static EIP for a Pod
- VPC Network Settings
- Tunnel Network Settings
- Pod Network Settings
-
Services
- Overview
- ClusterIP
- NodePort
-
LoadBalancer
- Creating a LoadBalancer Service
- Configuring LoadBalancer Services Using Annotations
- Configuring HTTP/HTTPS for a LoadBalancer Service
- Configuring SNI for a LoadBalancer Service
- Configuring HTTP/2 for a LoadBalancer Service
- Configuring Timeout for a LoadBalancer Service
- Configuring Health Check on Multiple LoadBalancer Service Ports
- Configuring Passthrough Networking for a LoadBalancer Service
- Changing a Custom EIP for a LoadBalancer Service
- Configuring a Range of Listening Ports for LoadBalancer Services
- Setting the Pod Ready Status Through the ELB Health Check
- Enabling ICMP Security Group Rules
- DNAT
- Headless Services
-
Ingresses
- Ingress Overview
- Comparison Between LoadBalancer Ingresses and Nginx Ingresses
-
LoadBalancer Ingresses
- Creating a LoadBalancer Ingress on the Console
- Creating a LoadBalancer Ingress Using kubectl
- Annotations for Configuring LoadBalancer Ingresses
-
Advanced Setting Examples of LoadBalancer Ingresses
- Configuring an HTTPS Certificate for a LoadBalancer Ingress
- Updating the HTTPS Certificate for a LoadBalancer Ingress
- Configuring SNI for a LoadBalancer Ingress
- Configuring Multiple Forwarding Policies for a LoadBalancer Ingress
- Configuring HTTP/2 for a LoadBalancer Ingress
- Configuring HTTPS Backend Services for a LoadBalancer Ingress
- Configuring Timeout for a LoadBalancer Ingress
- Configuring a Slow Start for a LoadBalancer Ingress
- Configuring a Range of Listening Ports for a LoadBalancer Ingress
- Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses
- Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
- Configuring a Custom EIP for a LoadBalancer Ingress
- Configuring Advanced Forwarding Rules for a LoadBalancer Ingress
- Configuring Multiple Ingresses to Use the Same External ELB Port
-
Nginx Ingresses
- Creating an Nginx Ingress on the Console
- Creating an Nginx Ingress Using kubectl
- Annotations for Configuring Nginx Ingresses
-
Advanced Setting Examples of Nginx Ingresses
- Configuring an HTTPS Certificate for an Nginx Ingress
- Configuring Redirection Rules for an Nginx Ingress
- Configuring URL Rewriting Rules for an Nginx Ingress
- Configuring HTTPS Backend Services for an Nginx Ingress
- Configuring gRPC Backend Services for an Nginx Ingress
- Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
- Configuring Application Traffic Mirroring for an Nginx Ingress
- Configuring Cross-Origin Access for Nginx Ingresses
- Nginx Ingress Usage Suggestions
- Optimizing NGINX Ingress Controller in High-Traffic Scenarios
- NGINX Ingress Controller Upgrade Compatibility
- Migrating Data from a Bring-Your-Own Nginx Ingress to a LoadBalancer Ingress
- DNS
- Cluster Network Settings
- Configuring Intra-VPC Access
- Accessing the Internet from a Container
- Storage
- Auto Scaling
- O&M
- Namespaces
- ConfigMaps and Secrets
- Add-ons
- Helm Charts
- Permissions
- Settings
-
Best Practices
- Checklist for Deploying Containerized Applications in the Cloud
- Containerization
- Migration
- Disaster Recovery
-
Security
- Configuration Suggestions on CCE Cluster Security
- Configuration Suggestions on CCE Node Security
- Configuration Suggestions on CCE Container Runtime Security
- Configuration Suggestions on CCE Container Security
- Configuration Suggestions on CCE Container Image Security
- Configuration Suggestions on CCE Secret Security
- Auto Scaling
- Monitoring
- Cluster
-
Networking
- Planning CIDR Blocks for a Cluster
- Selecting a Network Model
- Implementing Sticky Session Through Load Balancing
- Obtaining the Client Source IP Address for a Container
- Accessing an External Network from a Pod
- CoreDNS Configuration Optimization
- Pre-Binding Container ENI for CCE Turbo Clusters
- Accessing an IP Address Outside of a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
- Storage
- Container
- Permission
- Release
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
- API URL
-
Cluster Management
- Creating a Cluster
- Reading a Specified Cluster
- Listing Clusters in a Specified Project
- Updating a Specified Cluster
- Deleting a Cluster
- Hibernating a Cluster
- Waking Up a Cluster
- Obtaining a Cluster Certificate
- Modifying Cluster Specifications
- Querying a Job
- Binding/Unbinding Public API Server Address
- Obtaining Cluster Access Address
- Obtaining a Cluster's Logging Configurations
- Configuring Cluster Logs
- Obtaining the Partition List
- Creating a Partition
- Obtaining Partition Details
- Updating a Partition
-
Node Management
- Creating a Node
- Reading a Specified Node
- Listing All Nodes in a Cluster
- Updating a Specified Node
- Deleting a Node
- Enabling Scale-In Protection for a Node
- Disabling Scale-In Protection for a Node
- Synchronizing Nodes
- Accepting a Node
- Managing a Node in a Customized Node Pool
- Resetting a Node
- Removing a Node
- Migrating a Node
- Node Pool Management
- Storage Management
- Add-on Management
-
Cluster Upgrade
- Upgrading a Cluster
- Obtaining Cluster Upgrade Task Details
- Retrying a Cluster Upgrade Task
- Suspending a Cluster Upgrade Task (Deprecated)
- Continuing to Execute a Cluster Upgrade Task (Deprecated)
- Obtaining a List of Cluster Upgrade Task Details
- Pre-upgrade Check
- Obtaining Details About a Pre-upgrade Check Task of a Cluster
- Obtaining a List of Pre-upgrade Check Tasks of a Cluster
- Post-upgrade Check
- Cluster Backup
- Obtaining a List of Cluster Backup Task Details
- Obtaining the Cluster Upgrade Information
- Obtaining a Cluster Upgrade Path
- Obtaining the Configuration of Cluster Upgrade Feature Gates
- Enabling the Cluster Upgrade Process Booting Task
- Obtaining a List of Upgrade Workflows
- Obtaining Details About a Specified Cluster Upgrade Task
- Updating the Status of a Specified Cluster Upgrade Booting Task
- Quota Management
- API Versions
- Tag Management
- Configuration Management
-
Chart Management
- Uploading a Chart
- Obtaining a Chart List
- Obtaining a Release List
- Updating a Chart
- Creating a Release
- Deleting a Chart
- Updating a Release
- Obtaining a Chart
- Deleting a Release
- Downloading a Chart
- Obtaining a Release
- Obtaining Chart Values
- Obtaining Historical Records of a Release
- Obtaining the Quota of a User Chart
-
Add-on Instance Parameters
- CoreDNS
- CCE Container Storage (Everest)
- CCE Node Problem Detector
- Kubernetes Dashboard
- CCE Cluster Autoscaler
- NGINX Ingress Controller
- Kubernetes Metrics Server
- CCE Advanced HPA
- CCE AI Suite (NVIDIA GPU)
- CCE AI Suite (Ascend NPU)
- Volcano Scheduler
- CCE Secrets Manager for DEW
- CCE Network Metrics Exporter
- NodeLocal DNSCache
- Cloud Native Cluster Monitoring
- Cloud Native Log Collection
- Kubernetes APIs
- Permissions and Supported Actions
-
Appendix
- Status Code
- Error Codes
- Obtaining a Project ID
- Obtaining an Account ID
- Specifying Add-ons to Be Installed During Cluster Creation
- How to Obtain Parameters in the API URI
- Creating a VPC and Subnet
- Creating a Key Pair
- Node Flavor Description
- Adding a Salt in the password Field When Creating a Node
- Maximum Number of Pods That Can Be Created on a Node
- Node OS
- Space Allocation of a Data Disk
- Attaching Disks to a Node
- SDK Reference
-
FAQs
- Common FAQ
- Billing
- Cluster
-
Node
- Node Creation
-
Node Running
- What Should I Do If a Cluster Is Available But Some Nodes in It Are Unavailable?
- How Do I Log In to a Node Using a Password and Reset the Password?
- How Do I Collect Logs of Nodes in a CCE Cluster?
- What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
- What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
- How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
- How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
- Specification Change
- OSs
- Node Pool
-
Workload
-
Workload Exception Troubleshooting
- How Can I Locate the Root Cause If a Workload Is Abnormal?
- What Should I Do If the Scheduling of a Pod Fails?
- What Should I Do If a Pod Fails to Pull the Image?
- What Should I Do If Container Startup Fails?
- What Should I Do If a Pod Fails to Be Evicted?
- What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
- What Should I Do If a Workload Remains in the Creating State?
- What Should I Do If a Pod Remains in the Terminating State?
- What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
- What Should I Do If an Error Occurs When I Deploy a Service on a GPU Node?
- What Should I Do If a Workload Exception Occurs Due to a Storage Volume Mount Failure?
- What Should I Do If a Workload Appears to Be Normal But Is Not Functioning Properly?
- Why Is Pod Creation or Deletion Suspended on a Node Where File Storage Is Mounted?
- How Can I Locate Faults Using an Exit Code?
-
Container Configuration
- When Is Pre-stop Processing Used?
- When Would a Container Need to Be Rebuilt?
- How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
- What Should I Do If Health Check Probes Occasionally Fail?
- How Do I Set the umask Value for a Container?
- What Is the Retry Mechanism When CCE Fails to Start a Pod?
- Scheduling Policies
-
Others
- What Should I Do If a Cron Job Cannot Be Restarted After Being Stopped for a Period of Time?
- What Is a Headless Service When I Create a StatefulSet?
- What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
- What Is the Image Pull Policy for Containers in a CCE Cluster?
- What Can I Do If a Layer Is Missing During Image Pull?
-
Workload Exception Troubleshooting
-
Networking
-
Network Exception Troubleshooting
- How Do I Locate a Workload Networking Fault?
- Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
- What Should I Do If a Container Fails to Access the Internet?
- What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
- What Should I Do If Nginx Ingress Access in the Cluster Is Abnormal After the NGINX Ingress Controller Add-on Is Upgraded?
- What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?
- Network Planning
- Security Hardening
-
Network Configuration
- How Can Container IP Addresses Survive a Container Restart?
- How Can I Check Whether an ENI Is Used by a Cluster?
- How Can I Delete a Security Group Rule Associated with a Deleted Subnet?
- How Can I Synchronize Certificates When Multiple Ingresses in Different Namespaces Share a Listener?
- How Can I Determine Which Ingress the Listener Settings Have Been Applied To?
-
Network Exception Troubleshooting
-
Storage
- How Do I Expand the Storage Capacity of a Container?
- What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-Node Mounting?
- Can I Create a CCE Node Without Adding a Data Disk to the Node?
- What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
- How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
- Can CCE PVCs Detect Underlying Storage Faults?
- Why Cannot I Delete a PV or PVC Using the kubectl delete Command?
- What Should I Do If a Yearly/Monthly EVS Disk Cannot Be Automatically Created?
- Namespace
-
Chart and Add-on
- What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
- How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
- How Can I Clean Up Residual Resources After the NGINX Ingress Controller Add-on in the Unknown State Is Deleted?
- Why TLS v1.0 or v1.1 Cannot Be Used After the NGINX Ingress Controller Add-on Is Upgraded?
- What Can I Do If a Pod Cannot Be Started After the CCE AI Suite (Ascend NPU) Add-on Is Upgraded from 1.x.x to 2.x.x?
-
API & kubectl FAQs
- How Can I Access a Cluster API Server?
- Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
- How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
- How Do I Rectify the Error Reported When Running the kubectl top node Command?
- Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
-
DNS FAQs
- What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
- Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
- How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
- How Do I Configure a DNS Policy for a Container?
- How Can I Address the Issue of CoreDNS Using Deprecated APIs?
- Image Repository FAQs
- Permissions
- Videos
On this page
Attaching Disks to a Node
Updated on 2024-03-22 GMT+08:00
Challenges
In disk planning and striped logical disk creation, it is difficult for users to flexibly attach and partition disks when creating a node.
During node creation, the storage field selects a data disk based on parameters, such as the disk size and disk type, to prevent failures in node creation, resetting, migration, and management caused by drive letter matching failures.
Solution
This section provides details about the storage field used in node creation so that you can implement complex disk selection and partitioning by calling the node creation API.
The storage field consists of storageSelectors and storageGroups. The storageSelectors field is responsible for disk selection, and the storageGroups field is responsible for disk processing.
The basic logic for field matching is as follows:
- storageSelectors selects an EVS disk or a local disk based on the value of storageType.
- Local disks do not support exact match. All local disks will be selected as data disks.
- EVS disks match the disks created in dataVolumes based on the settings of matchLabels.
- Policies have priorities to match matchLabels. The matchLabels policy nearest to storageSelectors has a higher priority and the disk nearest to dataVolumes will be preferentially matches. As matchLabels uses loose matching, you are advised to place the matchLabels policy with a small matching range on the top. For example:
- In step 1, the first disk in dataVolumes is matched by the EVS disk whose size is 100 GiB and storage class is SAS. In step 2, the second disk in dataVolumes is matched by the EVS disk whose size is 100 GiB because the first disk has been selected.
- In step 3, two disks in dataVolumes can be matched because volumeType or count is not specified in matchLabels. In this case, no disk is available for matching in step 4.
- storageGroups associates with storageSelectors based on selectorName. Finally, two 100 GiB disks are selected. The CCE backend groups the two PVs into a volume group (VG) and divides the VG into two logical volumes (LVs) in the ratio of 9:1. 10% of Kubernetes LVs are partitioned in striped mode. 90% runtime LVs are partitioned in linear mode by default because runtimeConfig is not configured.
Creating a Raw Disk
During node creation on the CCE console, click Add Data Disk. Then, click Expand next to the newly added data disk and select Default. The created disk is a raw disk.
The following figure shows the API calling logic.
- The cceUse selector matches a 100 GiB data disk.
- The selected disk is managed by CCE and used as a data disk.
- The other 100 GiB data disk created in dataVolumes is not selected by any selector and is managed by storageGroups. Therefore, this EVS disk will be attached to the node as a raw disk and will not be initialized.
After the node is created, log in to the node and check whether a 100 GiB disk has been attached but not initialized.
The following is an API example:
{
"kind": "Node",
"apiVersion": "v3",
"metadata": {
"name": "test-83790"
},
"spec": {
"flavor": "c3.large.2",
"az": "eu-west-101a",
"os": "EulerOS 2.9",
"dataVolumes": [
{
"size": 100,
"volumetype": "SAS"
},
{
"size": 100,
"volumetype": "SAS"
}
],
"billingMode": 0,
"extendParam": {
"maxPods": 110
},
"nodeNicSpec": {
"primaryNic": {
"subnetId": "ca964acf-8468-4735-8229-97940ef6c881"
}
},
"rootVolume": {
"size": 50,
"volumetype": "SAS"
},
"runtime": {
"name": "docker"
},
"login": {
"userPassword": {
"username": "root",
"password": "******"
}
},
"storage": {
"storageSelectors": [
{
"name": "cceUse",
"storageType": "evs",
"matchLabels": {
"size": "100",
"volumeType": "SAS",
"count": "1"
}
}
],
"storageGroups": [
{
"name": "vgpaas",
"selectorNames": [
"cceUse"
],
"cceManaged": true,
"virtualSpaces": [
{
"name": "runtime",
"size": "90%"
},
{
"name": "kubernetes",
"size": "10%"
}
]
}
]
},
"count": 1
}
}Attaching a Disk to a Specified Path
During node creation on the CCE console, click Add Data Disk. Then, click Expand next to the newly added data disk, select Mount Disk, and set the mount path. In this case, CCE initializes and attaches the disk by default.
The following figure shows the API calling logic.
- The user1 selector selects a 100 GiB data disk.
- Create a VG named vguser1 using LVM.
- Strip all the space of vguser1 into an LV named user and format the disk in ext4 format. Finally, attach the disk to the /tmp2 directory.
After the node is created, log in to the node and check whether a 100 GiB disk has been attached and managed by LVM.
The following is an API example. There are two data disks. One is used by CCE, and the other is mounted to the /tmp2 directory.
{
"kind": "Node",
"apiVersion": "v3",
"metadata": {
"name": "test-37106"
},
"spec": {
"flavor": "c3.large.2",
"az": "eu-west-101a",
"os": "EulerOS 2.9",
"dataVolumes": [
{
"size": 100,
"volumetype": "SAS"
},
{
"size": 100,
"volumetype": "SAS"
}
],
"billingMode": 0,
"extendParam": {
"maxPods": 110
},
"nodeNicSpec": {
"primaryNic": {
"subnetId": "ca964acf-8468-4735-8229-97940ef6c881"
}
},
"rootVolume": {
"size": 50,
"volumetype": "SAS"
},
"runtime": {
"name": "docker"
},
"login": {
"userPassword": {
"username": "root",
"password": "******"
}
},
"storage": {
"storageSelectors": [
{
"name": "cceUse",
"storageType": "evs",
"matchLabels": {
"size": "100",
"volumeType": "SAS",
"count": "1"
}
},
{
"name": "user1",
"storageType": "evs",
"matchLabels": {
"size": "100",
"volumeType": "SAS",
"count": "1"
}
}
],
"storageGroups": [
{
"name": "vgpaas",
"selectorNames": [
"cceUse"
],
"cceManaged": true,
"virtualSpaces": [
{
"name": "runtime",
"size": "80%"
},
{
"name": "kubernetes",
"size": "20%"
}
]
},
{
"name": "vguser1",
"selectorNames": [
"user1"
],
"virtualSpaces": [
{
"name": "user",
"size": "100%",
"lvmConfig": {
"lvType": "linear",
"path": "/tmp2"
}
}
]
}
]
},
"count": 1
}
}Creating Striped LVs to Improve Disk Performance
Currently, the striped LV function is supported only by calling an API. The following is an example:
- storageSelectors matches all EVS disks in dataVolumes because matchLabels is not contained in storageSelectors.
- Create a VG named vgpaas using LVM.
- Strip 90% of the vgpaas space into runtime LVs.
- Strip 10% of the vgpaas space into Kubernetes LVs.
NOTE:
- Two or more data disks are required for striping.
- When creating a striped LV, ensure that the types and sizes of the PVs added to the VG are the same. Otherwise, the creation will fail.
- When creating a striped LV, use the striping configuration for both the runtime LV and Kubernetes LV. Otherwise, the creation will fail.
Log in to the node and run the following command to view the striping result:
The following is an API example:
{
"kind": "Node",
"apiVersion": "v3",
"metadata": {
"name": "test-83773"
},
"spec": {
"flavor": "c3.large.2",
"az": "eu-west-101a",
"os": "EulerOS 2.9",
"dataVolumes": [
{
"size": 100,
"volumetype": "SAS"
},
{
"size": 100,
"volumetype": "SAS"
}
],
"billingMode": 0,
"extendParam": {
"maxPods": 110
},
"nodeNicSpec": {
"primaryNic": {
"subnetId": "ca964acf-8468-4735-8229-97940ef6c881"
}
},
"rootVolume": {
"size": 50,
"volumetype": "SAS"
},
"runtime": {
"name": "docker"
},
"login": {
"userPassword": {
"username": "root",
"password": "******"
}
},
"storage": {
"storageSelectors": [
{
"name": "cceUse",
"storageType": "evs"
}
],
"storageGroups": [
{
"name": "vgpaas",
"selectorNames": [
"cceUse"
],
"cceManaged": true,
"virtualSpaces": [
{
"name": "runtime",
"size": "90%",
"runtimeConfig": {
"lvType": "striped"
}
},
{
"name": "kubernetes",
"size": "10%",
"lvmConfig": {
"lvType": "striped"
}
}
]
}
]
},
"count": 1
}
}
Parent topic: Appendix
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
