Cloud Container Engine
Cloud Container Engine
Standard/Turbo
Autopilot
All results for "
" in this service
Standard/Turbo
Autopilot
All results for "
" in this service
What's New
What's New
Function Overview
Product Bulletin
Latest Notices
Product Change Notices
EOM of CentOS
Reliability Hardening for Cluster Networks and Storage Functions
Support for Docker
Service Account Token Security Improvement
Upgrade of Helm v2 to Helm v3
Optimized Key Authentication of the everest Add-on
Cluster Version Release Notes
End of Maintenance for Clusters 1.28
End of Maintenance for Clusters 1.27
End of Maintenance for Clusters 1.25
End of Maintenance for Clusters 1.23
End of Maintenance for Clusters 1.21
End of Maintenance for Clusters 1.19
Vulnerability Notices
Vulnerability Fixing Policies
Notice of Kubernetes Security Vulnerability (CVE-2025-7342)
Notice of the NVIDIA Container Toolkit Container Escape Vulnerabilities (CVE-2025-23266 and CVE-2025-23267)
Notice of the NGINX Ingress Controller Vulnerabilities (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, and CVE-2025-24514)
Notice of Kubernetes Security Vulnerability (CVE-2025-0426)
Notice of Kubernetes Security Vulnerability (CVE-2024-10220)
Notice of Kubernetes Security Vulnerabilities (CVE-2024-9486 and CVE-2024-9594)
Notice of Container Escape Vulnerability in NVIDIA Container Toolkit (CVE-2024-0132)
Notice of Linux Remote Code Execution Vulnerability in CUPS (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177)
Notice of the NGINX Ingress Controller Vulnerability That Allows Attackers to Bypass Annotation Validation (CVE-2024-7646)
Notice of Docker Engine Vulnerability That Allows Attackers to Bypass AuthZ (CVE-2024-41110)
Notice of Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086)
Notice of OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387)
Notice of runC systemd Attribute Injection Vulnerability (CVE-2024-3154)
Notice of the Impact of runC Vulnerability (CVE-2024-21626)
Notice of Kubernetes Security Vulnerability (CVE-2022-3172)
Notice of Privilege Escalation Vulnerability in Linux Kernel openvswitch Module (CVE-2022-2639)
Notice of nginx-ingress Add-on Security Vulnerability (CVE-2021-25748)
Notice of nginx-ingress Security Vulnerabilities (CVE-2021-25745 and CVE-2021-25746)
Notice of containerd Process Privilege Escalation Vulnerability (CVE-2022-24769)
Notice of CRI-O Container Runtime Engine Arbitrary Code Execution Vulnerability (CVE-2022-0811)
Notice of Container Escape Vulnerability Caused by the Linux Kernel (CVE-2022-0492)
Notice of Non-Security Handling Vulnerability of containerd Image Volumes (CVE-2022-23648)
Notice of Linux Kernel Integer Overflow Vulnerability (CVE-2022-0185)
Notice of Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
Notice of Vulnerability of Kubernetes subPath Symlink Exchange (CVE-2021-25741)
Notice of runC Vulnerability That Allows a Container Filesystem Breakout via Directory Traversal (CVE-2021-30465)
Notice of Docker Resource Management Vulnerability (CVE-2021-21285)
Notice of NVIDIA GPU Driver Vulnerability (CVE-2021-1056)
Notice of the Sudo Buffer Vulnerability (CVE-2021-3156)
Notice of the Kubernetes Security Vulnerability (CVE-2020-8554)
Notice of Apache containerd Security Vulnerability (CVE-2020-15257)
Notice of Docker Engine Input Verification Vulnerability (CVE-2020-13401)
Notice of Kubernetes kube-apiserver Input Verification Vulnerability (CVE-2020-8559)
Notice of Kubernetes kubelet Resource Management Vulnerability (CVE-2020-8557)
Notice of Kubernetes kubelet and kube-proxy Authorization Vulnerability (CVE-2020-8558)
Notice of Fixing the Kubernetes HTTP/2 Vulnerability
Notice of Fixing the Linux Kernel SACK Vulnerabilities
Notice of Fixing the Docker Command Injection Vulnerability (CVE-2019-5736)
Notice of Fixing the Kubernetes Permission and Access Control Vulnerability (CVE-2018-1002105)
Notice of Fixing the Kubernetes Dashboard Security Vulnerability (CVE-2018-18264)
Product Release Notes
Cluster Versions
Kubernetes Version Policy
Kubernetes Version Release Notes
Kubernetes 1.32 Release Notes
Kubernetes 1.31 Release Notes
Kubernetes 1.30 Release Notes
Kubernetes 1.29 Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 (EOM) Release Notes
Kubernetes 1.23 (EOM) Release Notes
Kubernetes 1.21 (EOM) Release Notes
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Kubernetes 1.15 (EOM) Release Notes
Kubernetes 1.13 (EOM) Release Notes
Kubernetes 1.11 (EOM) Release Notes
Kubernetes 1.9 (EOM) and Earlier Versions Release Notes
Patch Versions
OS Images
OS Version Support Mechanism
OS Image Tag Release Notes
Add-on Versions
CoreDNS Release History
CCE Container Storage (Everest) Release History
CCE Node Problem Detector Release History
Kubernetes Dashboard Release History
CCE Cluster Autoscaler Release History
NGINX Ingress Controller Release History
Kubernetes Metrics Server Release History
CCE Advanced HPA Release History
CCE AI Suite (NVIDIA GPU) Release History
CCE AI Suite (Ascend NPU) Release History
Volcano Scheduler Release History
CCE Secrets Manager for DEW Release History
CCE Network Metrics Exporter Release History
NodeLocal DNSCache Release History
Cloud Native Cluster Monitoring Release History
Cloud Native Log Collection Release History
OpenKruise Release History
Gatekeeper Release History
Vertical Pod Autoscaler Release History
Prometheus (End of Maintenance) Release History
Service Overview
CCE Infographic
What Is CCE?
Product Advantages
Application Scenarios
Containerized Application Management
Auto Scaling in Seconds
DevOps and CI/CD
Hybrid Cloud
Permissions
Notes and Constraints
Billing
Related Services
Regions and AZs
Billing
Billing Overview
Billed Items
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Billing Examples
Modifying Resource Specifications
Billing Mode Changes
Overview
Pay-per-Use to Yearly/Monthly
Yearly/Monthly to Pay-per-Use
Renewing Subscriptions
Overview
Manually Renewing a CCE Resource
Automatically Renewing a CCE Resource
Bills
Arrears
Billing Termination
Kubernetes Basics
Overview
Basic Concepts
Containers and Kubernetes
Containers
Kubernetes
Using kubectl to Operate a Cluster
Pods, Liveness Probes, Labels, and Namespaces
Pods
Liveness Probes
Labels
Namespaces
Pod Orchestration and Scheduling
Deployments
StatefulSets
Jobs and CronJobs
DaemonSets
Affinity and Anti-Affinity
Configuration Management
ConfigMaps
Secrets
Kubernetes Networks
Container Networks
Services
Ingresses
Readiness Probes
Network Policies
Persistent Storage
Volumes
PVs, PVCs, and Storage Classes
Authentication and Authorization
Service Accounts
RBAC
Auto Scaling
Getting Started
Deploying an Nginx Deployment in a CCE Cluster
Deploying a WordPress StatefulSet in a CCE Cluster
Deploying an Application in a CCE Cluster Using a Helm Chart
User Guide
High-Risk Operations
Clusters
Cluster Overview
Cluster Version Release Notes
Kubernetes Version Release Notes
Kubernetes 1.32 Release Notes
Kubernetes 1.31 Release Notes
Kubernetes 1.30 Release Notes
Kubernetes 1.29 Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 (EOM) Release Notes
Kubernetes 1.23 (EOM) Release Notes
Kubernetes 1.21 (EOM) Release Notes
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Kubernetes 1.15 (EOM) Release Notes
Kubernetes 1.13 (EOM) Release Notes
Kubernetes 1.11 (EOM) Release Notes
Release Notes for Kubernetes 1.9 (EOM) and Earlier Versions
Patch Version Release Notes
Buying a Cluster
Comparison Between Cluster Types
Buying a CCE Standard/Turbo Cluster
Comparing iptables and IPVS
Accessing a Cluster
Accessing a Cluster Using kubectl
Accessing a Cluster Using an X.509 Certificate
Accessing a Cluster Using a Custom Domain Name
Configuring a Cluster's API Server for Internet Access
Revoking a Cluster Access Credential
Managing Clusters
Cluster Management Overview
Modifying Cluster Configurations
Enabling Overload Control for a Cluster
Changing a Cluster Scale
Changing the Default Security Group of a Node
Deleting a Cluster
Preventing Cluster Deletion
Hibernating or Waking Up a Cluster
Renewing a Yearly/Monthly Cluster
Changing the Billing Mode of a Cluster from Pay-per-Use to Yearly/Monthly
Upgrading a Cluster
Cluster Upgrade Overview
Before You Start
Performing Post-Upgrade Verification
Cluster Status Check
Node Status Check
Node Skipping Check
Service Check
New Node Check
New Pod Check
Migrating Services Across Clusters of Different Versions
Troubleshooting for Pre-upgrade Check Exceptions
Pre-upgrade Check
Node Restrictions
Upgrade Management
Add-ons
Helm Charts
Node Pools
Security Groups
Arm Node Restrictions
Residual Nodes
Discarded Kubernetes Resources
Compatibility Risks
CCE Agent Versions
Node CPU Usage
Node Disks
Node DNS
Node Key Directory File Permissions
kubelet
Node Memory
Node Clock Synchronization Server
Node OS
Node CPU Cores
ASM Version
Node Readiness
Node journald
containerd.sock
Internal Error
Node Mount Points
Kubernetes Node Taints
Everest Restrictions
cce-hpa-controller Limitations
Enhanced CPU Policies
Health of Worker Node Components
Health of Master Node Components
Memory Resource Limit of Kubernetes Components
Discarded Kubernetes APIs
IPv6 Support in CCE Turbo Clusters
NetworkManager
Node ID File
Node Configuration Consistency
Node Configuration File
CoreDNS Configuration Consistency
sudo
Key Node Commands
Mounting of a Sock File on a Node
HTTPS Load Balancer Certificate Consistency
Node Mounting
Login Permissions of User paas on a Node
Private IPv4 Addresses of Load Balancers
Historical Upgrade Records
CIDR Block of the Cluster Management Plane
CCE AI Suite (NVIDIA GPU) Exceptions
Nodes' System Parameters
Residual Package Version Data
Node Commands
Node Swap
NGINX Ingress Controller
Upgrade of Cloud Native Cluster Monitoring
containerd Pod Restart Risks
Key CCE AI Suite (NVIDIA GPU) Parameters
GPU or NPU Pod Rebuild Risks
ELB Listener Access Control
Subnet Quota of Master Nodes
Node Runtime
Node Pool Runtime
Number of Node Images
OpenKruise Compatibility Check
Compatibility Check of At-Rest Encryption for Secrets
Compatibility Between the Ubuntu Kernel and GPU Driver
Drainage Tasks
Image Layers on a Node
Cluster Rolling Upgrade
Rotation Certificates
Ingress and ELB Configuration Consistency
Network Policies of Cluster Network Components
Cluster and Node Pool Configurations
Time Zone of Master Nodes
SNATIPRanges
Add-on Configuration Consistency
Nodes
Node Overview
Container Engines
Node OSs
Node Specifications
Creating a Node
Accepting Nodes for Management
Logging In to a Node
Management Nodes
Managing Node Labels
Managing Node Taints
Resetting a Node
Removing a Node
Synchronizing the Data of Cloud Servers
Draining a Node
Deleting or Unsubscribing from a Node
Changing the Billing Mode of a Node to Yearly/Monthly
Modifying the Auto-Renewal Configuration of a Yearly/Monthly Node
Stopping a Node
Performing Rolling Upgrade for Nodes
Node O&M
Node Resource Reservation Rules
Space Allocation of a Data Disk
Maximum Number of Pods That Can Be Created on a Node
Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community
Migrating Nodes from Docker to containerd
Optimizing Node System Parameters
Optimizable Node System Parameters
Changing the RuntimeMaxUse of the Memory Used by the Log Cache on a Node
Changing the Maximum Number of File Handles
Modifying Node Kernel Parameters
Changing Process ID Limits (kernel.pid_max)
Configuring Node Fault Detection Policies
Executing the Pre- or Post-installation Commands During Node Creation
Node Pools
Node Pool Overview
Upgrading to New Node Pools
Multi-flavor Billing Description
Creating a Node Pool
Scaling a Node Pool
Automatically Assigning an EIP to Each Node in a Node Pool
Managing Node Pools
Updating a Node Pool
Updating an AS Configuration
Modifying Node Pool Configurations
Accepting Nodes in a Node Pool
Copying a Node Pool
Synchronizing Node Pools
Upgrading an OS
Migrating a Node
Deleting a Node Pool
Workloads
Workload Overview
Creating a Workload
Creating a Deployment
Creating a StatefulSet
Creating a DaemonSet
Creating a Job
Creating a CronJob
Configuring a Workload
Secure Runtime and Common Runtime
Configuring Time Zone Synchronization
Configuring an Image Pull Policy
Using Third-Party Images
Configuring Container Specifications
Configuring the Container Lifecycle
Configuring Container Health Check
Configuring Environment Variables
Upgrading and Rolling Back a Workload
Configuring Tolerance Policies
Configuring Labels and Annotations
Scheduling a Workload
Overview
Configuring Specified Node Scheduling (nodeSelector)
Configuring Node Affinity Scheduling (nodeAffinity)
Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)
Logging In to a Container
Managing Workloads
Managing Custom Resources
Pod Security
Configuring a Pod Security Policy
Configuring Pod Security Admission
Scheduling
Scheduling Overview
CPU Scheduling
CPU Policy
Enhanced CPU Policy
GPU Scheduling
GPU Driver Version
Selecting a GPU Driver Version for Nodes
Recommended GPU Driver Versions for CCE
Manually Upgrading the Driver Version of a GPU Node
Upgrading the Driver Version of a GPU Node Using a Node Pool
Default GPU Scheduling in Kubernetes
GPU Virtualization
Overview
Preparing Virtualized GPU Resources
Using GPU Virtualization
Enabling Kubernetes' Default GPU Scheduling in GPU Virtualization
Equal Distribution Scheduling on Virtual GPUs
GPU Monitoring
GPU Metrics
Comprehensive Monitoring of GPU, Virtualization, and Pod Resource Metrics
GPU Auto Scaling
Configuring Workload Scaling Based on GPU Monitoring Metrics
Configuring Auto Scaling for xGPU Nodes
GPU Fault Handling
NPU Scheduling
Complete NPU Allocation
NPU Monitoring
NPU Metrics
Comprehensive Monitoring of NPU Metrics
Volcano Scheduling
Volcano Scheduling Overview
Scheduling Workloads
Resource Usage-based Scheduling
Bin Packing
Descheduling
Node Pool Affinity
Load-aware Scheduling
Configuration Cases for Resource Usage-based Scheduling
Priority-based Scheduling
Priority-based Scheduling
AI Performance-based Scheduling
DRF
Gang
NUMA Affinity Scheduling
Application Scaling Priority Policies
Cloud Native Hybrid Deployment
Overview
Dynamic Resource Oversubscription
Networking
Networking Overview
Container Networks
Overview
Cloud Native Network 2.0 Settings
Cloud Native Network 2.0
Adding or Deleting the Default Pod Subnet of a CCE Turbo Cluster
Configuring an EIP for a Pod
Configuring a Static EIP for a Pod
Configuring a Security Group for a Workload in a CCE Turbo Cluster
Comparison of Workload Security Group Configuration Methods
Binding a Security Group to a Pod Using an Annotation
Binding a Security Group to a Workload Using a Security Group Policy
Using Node Pool Settings to Bind the Default Security Group to Pods in the Node Pool
Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration
VPC Network Settings
VPC Network Model
Expanding the Container CIDR Block of a Cluster That Uses a VPC Network
Tunnel Network Settings
Tunnel Network Model
Pod Network Settings
Configuring hostNetwork for Pods
Configuring QoS for a Pod
Configuring Network Policies to Restrict Pod Access
Services
Service Overview
ClusterIP
NodePort
LoadBalancer
Creating a LoadBalancer Service
Configuring Advanced Load Balancing Functions Using Annotations
Configuring HTTP/HTTPS for a LoadBalancer Service
Configuring SNI for a LoadBalancer Service
Configuring HTTP/2 for a LoadBalancer Service
Configuring Timeout for a LoadBalancer Service
Configuring GZIP Data Compression for a LoadBalancer Service
Configuring Health Check on Multiple LoadBalancer Service Ports
Configuring Passthrough Networking for a LoadBalancer Service
Changing a Custom EIP for a LoadBalancer Service
Configuring a Range of Listening Ports for LoadBalancer Services
Setting the Pod Ready Status Through the ELB Health Check
Enabling ICMP Security Group Rules
DNAT
Headless Service
Ingresses
Ingress Overview
Comparison Between LoadBalancer Ingresses and Nginx Ingresses
LoadBalancer Ingresses
Creating a LoadBalancer Ingress on the Console
Creating a LoadBalancer Ingress Using kubectl
Configuring an Advanced Forwarding Policy for a LoadBalancer Ingress
Forwarding Policy Priorities of LoadBalancer Ingresses
Configuring Advanced LoadBalancer Ingress Functions Using Annotations
Configuring Multiple Ingresses to Use the Same Load Balancer
Advanced Setting Examples of LoadBalancer Ingresses
Configuring an HTTPS Certificate for a LoadBalancer Ingress
Updating the HTTPS Certificate for a LoadBalancer Ingress
Configuring SNI for a LoadBalancer Ingress
Configuring Multiple Forwarding Policies for a LoadBalancer Ingress
Configuring HTTP/2 for a LoadBalancer Ingress
Configuring HTTPS Backend Services for a LoadBalancer Ingress
Configuring Timeout for a LoadBalancer Ingress
Configuring a Slow Start for a LoadBalancer Ingress
Configuring a Range of Listening Ports for a LoadBalancer Ingress
Configuring GZIP Data Compression for a LoadBalancer Ingress
Configuring URL Redirection for a LoadBalancer Ingress
Configuring URL Rewriting for a LoadBalancer Ingress
Redirecting HTTP to HTTPS for a LoadBalancer Ingress
Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses
Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
Configuring a Custom EIP for a LoadBalancer Ingress
Configuring Cross-Origin Access for LoadBalancer Ingresses
Nginx Ingresses
Creating an Nginx Ingress on the Console
Creating an Nginx Ingress Using kubectl
Configuring Advanced Nginx Ingress Functions Using Annotations
Advanced Setting Examples of Nginx Ingresses
Configuring an HTTPS Certificate for an Nginx Ingress
Configuring Redirection Rules for an Nginx Ingress
Configuring URL Rewriting Rules for an Nginx Ingress
Configuring HTTPS Backend Services for an Nginx Ingress
Configuring gRPC Backend Services for an Nginx Ingress
Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
Configuring Application Traffic Mirroring for an Nginx Ingress
Configuring Cross-Origin Access for Nginx Ingresses
Nginx Ingress Usage Suggestions
Optimizing NGINX Ingress Controller in High-Traffic Scenarios
NGINX Ingress Controller Upgrade Compatibility
Migrating Data from a Bring-Your-Own Nginx Ingress to a LoadBalancer Ingress
DNS
DNS Overview
DNS Configuration
Using CoreDNS for Custom Domain Name Resolution
Using NodeLocal DNSCache to Improve DNS Performance
Changing the Default NodeLocal DNSCache Port
Cluster Network Settings
Adding a Secondary VPC CIDR Block for a Cluster
Configuring Intra-VPC Access
Accessing the Internet from a Container
Storage
Storage Overview
Storage Basics
EVS
EVS Overview
Using an Existing EVS Disk Through a Static PV
Using an EVS Disk Through a Dynamic PV
Dynamically Mounting an EVS Disk to a StatefulSet
Encrypting EVS Disks
Expanding the Capacity of an EVS Disk
Snapshots and Backups
SFS Turbo
SFS Turbo Overview
Using an Existing SFS Turbo File System Through a Static PV
Configuring SFS Turbo Mount Options
(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
OBS
OBS Overview
Using an Existing OBS Bucket Through a Static PV
Using an OBS Bucket Through a Dynamic PV
Configuring OBS Mount Options
Using a Custom Access Key (AK/SK) to Mount an OBS Volume
Automatically Applying Updated Access Keys (AK/SK) for an OBS Volume
Local PVs
Local PV Overview
Importing a PV to a Storage Pool
Using a Local PV Through a Dynamic PV
Dynamically Mounting a Local PV to a StatefulSet
emptyDir
emptyDir Overview
Importing an EV to a Storage Pool
Local EV
Temporary Path
hostPath
Customizing a StorageClass
Auto Scaling
Auto Scaling Overview
Workload Scaling
Workload Scaling Rules
Creating an HPA Policy
Creating an HPA Policy with Custom Metrics
Creating a Scheduled CronHPA Policy
Creating a CustomedHPA Policy
Creating a VPA Policy
Creating an AHPA Policy
Managing Workload Scaling Policies
Node Scaling
Node Scaling Rules
Priorities for Scaling Node Pools
Creating a Node Auto Scaling Policy
Managing Node Scaling Policies
Using HPA and CA for Auto Scaling of Workloads and Nodes
O&M
Overview
Agency Permissions
Health Center
Overview
Cluster Diagnosis
Workload Diagnosis
Diagnosis Items and Rectification Solutions
Monitoring Center
Overview
Enabling Monitoring Center
Managing Collection Tasks
Cluster Monitoring
Node Monitoring
Workload Monitoring
Pod Monitoring
Event Monitoring
Dashboard
Using Dashboard
Cluster View
API Server View
Pod View
Host View
Node View
Node Pool View
GPU View
xGPU View
CoreDNS View
PVC View
Kubelet View
Prometheus Server View
Prometheus Agent View
Logging
Overview
Collecting Container Logs
Collecting Container Logs Using the Cloud Native Log Collection Add-on
Collecting Container Logs Using ICAgent (Not Recommended)
Collecting Multi-Line Container Logs
Collecting Kubernetes Events
Collecting Control Plane Component Logs
Collecting Audit Logs
Collecting NGINX Ingress Controller Logs
Alarm Center
Overview
Configuring Alarms in Alarm Center
Configuring Custom Alarms on CCE
CCE Events
Log Auditing
CCE Operations Supported by CTS
Viewing CTS Traces in the Trace List
O&M FAQ
Monitoring Center FAQ
Logging FAQ
Alarm Center FAQ
O&M Best Practices
Cloud Native Cluster Monitoring Is Compatible with Self-Built Prometheus
Monitoring Custom Metrics Using Cloud Native Cluster Monitoring
Monitoring Custom Metrics on AOM
Configuring Monitoring and Alarm Rules Using PrometheusRule
Monitoring Master Node Components Using Prometheus
Monitoring Metrics of NGINX Ingress Controller
Monitoring Container Network Metrics of CCE Turbo Clusters
Smooth Migration from Prometheus to Cloud Native Cluster Monitoring
Configuring the Cloud Native Cluster Monitoring Add-on in a Large-Scale Cluster
Configuring Metrics and Alarms for Log Collection Status
Component OOM of the Cloud Native Cluster Monitoring Add-on
Cloud Native AI
AI Task Management
Kuberay
Namespaces
Creating a Namespace
Managing Namespaces
Configuring Resource Quotas
ConfigMaps and Secrets
Creating a ConfigMap
Using a ConfigMap
Creating a Secret
Using a Secret
Cluster Secrets
Add-ons
Overview
Scheduling and Elasticity Add-ons
Volcano Scheduler
CCE Cluster Autoscaler
CCE Advanced HPA
VPA
Cloud Native Observability Add-ons
Cloud Native Cluster Monitoring
Cloud Native Log Collection
CCE Node Problem Detector
CCE Network Metrics Exporter
Kubernetes Metrics Server
Prometheus
Cloud Native AI Add-ons
CCE AI Suite (NVIDIA GPU)
CCE AI Suite (Ascend NPU)
Container Network Add-ons
CoreDNS
NGINX Ingress Controller
NodeLocal DNSCache
Container Storage Add-ons
CCE Container Storage (Everest)
Container Security Add-ons
CCE Secrets Manager for DEW
Other Add-ons
Kubernetes Dashboard
OpenKruise
Gatekeeper
Helm Charts
Chart Overview
Deploying an Application from a Chart
Differences Between Helm v2 and Helm v3 and Adaptation Solutions
Deploying an Application Through the Helm v2 Client
Deploying an Application Through the Helm v3 Client
Converting a Release from Helm v2 to v3
Permissions
Permissions Overview
Granting Cluster Permissions to an IAM User
Namespace Permissions (Kubernetes RBAC-based)
Using the AccessPolicy API to Manage Namespace Permissions (Kubernetes RBAC-based)
Example: Designing and Configuring Permissions for Users in a Department
Permission Dependency of the CCE Console
Service Account Token Security Improvement
System Agencies
Settings
Dashboard
Cluster Access
Network
Scheduling
Auto Scaling
Monitoring
Kubernetes
Heterogeneous Resources
Best Practices
Checklist for Deploying Containerized Applications in the Cloud
Containerization
Containerizing an Enterprise Application (ERP)
Solution Overview
Procedure
Containerizing an Entire Application
Containerization Process
Analyzing the Application
Preparing the Application Runtime
Compiling a Startup Script
Compiling the Dockerfile
Building and Uploading an Image
Creating a Container Workload
Backup and Migration
Backing Up and Migrating Clusters
Migrating Kubernetes Clusters to CCE Using Velero
Solution Overview
Resource Planning for the Target Cluster
Procedure
Migrating Resources Outside a Cluster
Installing the Migration Tool
Migrating Resources in a Cluster
Updating Resources Accordingly
Performing Additional Tasks
Troubleshooting
Disaster Recovery
Recommended Configurations for HA CCE Clusters
Implementing High Availability for Applications in CCE
Implementing High Availability for Add-ons in CCE
Security
Configuration Suggestions on CCE Cluster Security
Configuration Suggestions on CCE Node Security
Configuration Suggestions on CCE Container Runtime Security
Configuration Suggestions on CCE Container Security
Configuration Suggestions on CCE Container Image Security
Configuration Suggestions on CCE Secret Security
Auto Scaling
Using HPA and CA for Auto Scaling of Workloads and Nodes
Monitoring
Monitoring Multiple Clusters Using Prometheus
Reporting Prometheus Monitoring Data to a Third-Party Monitoring Platform
Cluster
Suggestions on CCE Cluster Selection
Creating a Custom CCE Node Image
Executing the Pre- or Post-installation Commands During Node Creation
Connecting to Multiple Clusters Using kubectl
Selecting a Data Disk for the Node
Protecting a CCE Cluster Against Overload
Managing Costs for a Cluster
Networking
Planning CIDR Blocks for a Cluster
Selecting a Network Model
Implementing Sticky Session Through Load Balancing
Obtaining the Client Source IP Address for a Container
Accessing an External Network from a Pod
Accessing the Internet from a Pod
Accessing Cloud Services from a Pod in the Same VPC
Accessing Cloud Services from a Pod in a Different VPC
CoreDNS Configuration Optimization
CoreDNS Optimization Overview
Client
Optimizing Domain Name Resolution Requests
Selecting a Proper Image
Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
Using NodeLocal DNSCache
Upgrading the CoreDNS in the Cluster Timely
Adjusting the DNS Configuration of the VPC and VM
Server
Monitoring the coredns Add-on
Adjusting the CoreDNS Deployment Status
Configuring CoreDNS
Pre-Binding Container Elastic Network Interfaces for CCE Turbo Clusters
Accessing an IP Address Outside a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
Storage
Expanding the Storage Space
Mounting Object Storage Across Accounts
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Using Custom Storage Classes
Scheduling EVS Disks Across AZs Using csi-disk-topology
Container
Properly Allocating Container Computing Resources
Modifying Kernel Parameters Using a Privileged Container
Using Init Containers to Initialize an Application
Setting the Container Time Zone
Configuring the /etc/hosts File of a Pod Using hostAliases
Locating Container Faults Using the Core Dump File
Permission
Configuring kubeconfig for Fine-Grained Management on Cluster Resources
Configuring Namespace-level Permissions for an IAM User
Release
Overview
Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
Using Nginx Ingress to Implement Grayscale Release and Blue-Green Deployment
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
API URL
Cluster Management
Creating a Cluster
Reading a Specified Cluster
Listing Clusters in a Specified Project
Updating a Specified Cluster
Deleting a Cluster
Hibernating a Cluster
Waking Up a Cluster
Obtaining a Cluster Certificate
Modifying Cluster Specifications
Querying a Job
Binding/Unbinding Public API Server Address
Obtaining Cluster Access Address
Obtaining a Cluster's Logging Configurations
Configuring Cluster Logs
Obtaining the Partition List
Creating a Partition
Obtaining Partition Details
Updating a Partition
Node Management
Creating a Node
Reading a Specified Node
Listing All Nodes in a Cluster
Updating a Specified Node
Deleting a Node
Enabling Scale-In Protection for a Node
Disabling Scale-In Protection for a Node
Synchronizing Nodes
Accepting a Node
Managing a Node in a Customized Node Pool
Resetting a Node
Removing a Node
Migrating a Node
Node Pool Management
Creating a Node Pool
Reading a Specified Node Pool
Listing All Node Pools in a Specified Cluster
Synchronizing Node Pool Configurations to Existing Nodes
Updating a Specified Node Pool
Deleting a Node Pool
Scaling a Node Pool
Synchronizing Node Pools
Storage Management
Creating a PVC (to be discarded)
Deleting a PVC (to be discarded)
Add-on Management
Installing an Add-on Instance
Listing Add-on Templates
Updating an Add-on Instance
Rolling Back an Add-on Instance
Deleting an Add-on Instance
Querying an Add-on Instance
Listing Add-on Instances
Cluster Upgrade
Upgrading a Cluster
Obtaining Cluster Upgrade Task Details
Retrying a Cluster Upgrade Task
Suspending a Cluster Upgrade Task (Deprecated)
Continuing to Execute a Cluster Upgrade Task (Deprecated)
Obtaining a List of Cluster Upgrade Task Details
Pre-upgrade Check
Obtaining Details About a Pre-upgrade Check Task of a Cluster
Obtaining a List of Pre-upgrade Check Tasks of a Cluster
Post-upgrade Check
Cluster Backup
Obtaining a List of Cluster Backup Task Details
Obtaining the Cluster Upgrade Information
Obtaining a Cluster Upgrade Path
Obtaining the Configuration of Cluster Upgrade Feature Gates
Enabling the Cluster Upgrade Process Booting Task
Obtaining a List of Upgrade Workflows
Obtaining Details About a Specified Cluster Upgrade Task
Updating the Status of a Specified Cluster Upgrade Booting Task
Quota Management
Querying Resource Quotas
API Versions
Obtaining API Versions
Tag Management
Adding Resource Tags to a Specified Cluster in Batches
Deleting Resource Tags of a Specified Cluster in Batches
Configuration Management
Obtaining the Parameters That Can Be Configured for a Node Pool
Obtaining the List of Parameters That Can Be Configured for a Cluster
Obtaining the Parameters That Can Be Configured for a Node Pool
Changing the Values of Configuration Parameters of a Node Pool
Chart Management
Uploading a Chart
Obtaining a Chart List
Obtaining a Release List
Updating a Chart
Creating a Release
Deleting a Chart
Updating a Release
Obtaining a Chart
Deleting a Release
Downloading a Chart
Obtaining a Release
Obtaining Chart Values
Obtaining Historical Records of a Release
Obtaining the Quota of a User Chart
Add-on Instance Parameters
CoreDNS
CCE Container Storage (Everest)
CCE Node Problem Detector
Kubernetes Dashboard
CCE Cluster Autoscaler
NGINX Ingress Controller
Kubernetes Metrics Server
CCE Advanced HPA
CCE AI Suite (NVIDIA GPU)
CCE AI Suite (Ascend NPU)
Volcano Scheduler
CCE Secrets Manager for DEW
CCE Network Metrics Exporter
NodeLocal DNSCache
Cloud Native Cluster Monitoring
Cloud Native Log Collection
Kubernetes APIs
Permissions and Supported Actions
Appendix
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Account ID
Specifying Add-ons to Be Installed During Cluster Creation
How to Obtain Parameters in the API URI
Creating a VPC and Subnet
Creating a Key Pair
Node Flavor Description
Adding a Salt in the password Field When Creating a Node
Maximum Number of Pods That Can Be Created on a Node
Node OS
Space Allocation of a Data Disk
Attaching Disks to a Node
SDK Reference
SDK Overview
FAQs
Common FAQ
Billing
How Is CCE Billed?
How Do I Change the Billing Mode of a CCE Cluster from Pay-per-Use to Yearly/Monthly?
Can I Change the Billing Mode of CCE Nodes from Pay-per-Use to Yearly/Monthly?
Can I Delete a Yearly/Monthly-Billed CCE Cluster Directly When It Expires?
Cluster
Cluster Creation
Why Can't I Create a CCE Cluster?
Is Management Scale of a Cluster Related to the Number of Master Nodes?
How Do I Update the Root Certificate When Creating a CCE Cluster?
Which Resource Quotas Should I Pay Attention To When Using CCE?
Cluster Running
How Do I Locate the Fault When a Cluster Is Unavailable?
How Do I Retrieve Data After a CCE Cluster Is Deleted?
How Can I Identify the Cause of an Exception When There Is an Issue with Console Access?
Cluster Deletion
What Can I Do If a Cluster Deletion Fails Due to Residual Resources in the Security Group?
How Do I Clear Residual Resources After Deleting a Non-Running Cluster?
Cluster Upgrade
What Do I Do If a Cluster Add-on Fails to be Upgraded During the CCE Cluster Upgrade?
What Should I Do If the LoadBalancer Ingress Configuration Is Inconsistent with the Load Balancer Configuration During a CCE Cluster Upgrade?
Node
How Can I Locate a Fault That Occurs with a Node?
Node Creation
How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
How Do I Troubleshoot Problems Occurred When Accepting Nodes into a CCE Cluster?
What Should I Do If a Node Cannot Be Managed and an Error Message Appears Saying That the Node Failed to Install?
Node Running
What Should I Do If a Cluster Is Available But Some Nodes in It Are Unavailable?
How Do I Log In to a Node Using a Password and Reset the Password?
How Do I Collect Logs of Nodes in a CCE Cluster?
What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
Why Does My Node Memory Usage Obtained by Running the kubelet top node Command Exceed 100%?
What Can I Do If a GPU Card Is Unavailable on a GPU Node?
Specification Change
How Do I Change the Node Specifications in a CCE Cluster?
What Are the Impacts of Changing the Flavor of a Node in a CCE Node Pool?
What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
OSs
What Should I Do If There Is a Service Access Failure After a Backend Service Upgrade or a 1-Second Latency When a Service Accesses a CCE Cluster?
Node Pool
What Should I Do If a Node Pool Is Abnormal?
What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Scaled Out?
What Should I Do If a Node Pool Scale-Out Fails?
How Do I Modify ECS Configurations When an ECS Can't Be Managed by a Node Pool?
Workload
Workload Exception Troubleshooting
How Can I Locate the Root Cause If a Workload Is Abnormal?
What Should I Do If the Scheduling of a Pod Fails?
What Should I Do If a Pod Fails to Pull the Image?
What Should I Do If a Pod Startup Fails?
What Should I Do If a Pod Fails to Be Evicted?
What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
What Should I Do If a Workload Remains in the Creating State?
What Should I Do If a Pod Remains in the Terminating State?
What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
What Should I Do If an Error Occurs When I Deploy a Service on a GPU Node?
What Should I Do If a Workload Exception Occurs Due to a Storage Volume Mount Failure?
What Should I Do If a Workload Appears to Be Normal But Is Not Functioning Properly?
Why Is Pod Creation or Deletion Suspended on a Node Where File Storage Is Mounted?
How Can I Locate Faults Using an Exit Code?
Container Configuration
When Is Pre-stop Processing Used?
When Would a Container Need to Be Rebuilt?
How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
What Should I Do If Health Check Probes Occasionally Fail?
How Do I Set the umask Value for a Container?
What Is the Retry Mechanism When CCE Fails to Start a Pod?
Monitoring Log
How Long Are the Events of a Workload Stored?
Why Is the Reported Container Memory Usage Inconsistent with the Auto Scaling Action?
Scheduling Policies
How Do I Evenly Distribute Multiple Pods to Each Node?
How Do I Prevent a Container on a Node from Being Evicted?
Why Are Pods Not Evenly Distributed on Nodes?
How Do I Evict All Pods on a Node?
Why Cannot a Pod Be Scheduled to a Node?
How Do I Troubleshoot a Pod Exit Caused by a Node Label Update?
Others
What Should I Do If a Cron Job Cannot Be Restarted After Being Stopped for a Period of Time?
What Is a Headless Service When I Create a StatefulSet?
What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
What Is the Image Pull Policy for Containers in a CCE Cluster?
What Can I Do If a Layer Is Missing During Image Pull?
Networking
Network Exception Troubleshooting
How Do I Locate a Workload Networking Fault?
How Do I Resolve Issues with a LoadBalancer Service?
Why Can't the ELB Address Be Used to Access Workloads in a Cluster?
Why Can't the Ingress Be Accessed Outside the Cluster?
Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
What Should I Do If a Container Fails to Access the Internet?
What Should I Do If a Node Fails to Access the Internet?
What Should I Do If Nginx Ingress Access in the Cluster Is Abnormal After the NGINX Ingress Controller Add-on Is Upgraded?
What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?
Network Planning
What Is the Relationship Between Clusters, VPCs, and Subnets?
How Can I Configure a Security Group Rule for a Cluster?
Security Hardening
How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
How Do I Configure an Access Policy for a Cluster?
How Do I Obtain a TLS Key Certificate?
How Do I Change the Security Group of Nodes in a Cluster in Batches?
Network Configuration
Why Is the Backend Server Group of an ELB Automatically Deleted After a Service Is Published to the ELB?
How Can Container IP Addresses Survive a Container Restart?
How Can I Check Whether an ENI Is Used by a Cluster?
How Can I Delete a Security Group Rule Associated with a Deleted Subnet?
How Can I Synchronize Certificates When Multiple Ingresses in Different Namespaces Share a Listener?
How Can I Determine Which Ingress the Listener Settings Have Been Applied To?
Storage
How Do I Expand the Storage Capacity of a Container?
What Are the Differences Among CCE StorageClasses in Terms of Persistent Storage and Multi-Node Mounting?
Can I Create a CCE Node Without Adding a Data Disk to the Node?
What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
Can CCE PVCs Detect Underlying Storage Faults?
Why Cannot I Delete a PV or PVC Using the kubectl delete Command?
What Should I Do If a Yearly/Monthly EVS Disk Cannot Be Automatically Created?
Namespace
How Many Namespaces Can Be Created in a Cluster?
What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
How Do I Delete a Namespace in the Terminating State?
Chart and Add-on
How Can I Troubleshoot Exceptions That Occur with an Add-on?
What Should I Do If a Chart Release Cannot Be Deleted Because the Chart Format Is Incorrect?
What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
What Should I Do If a Chart Creation or Upgrade Fails and "rendered manifests contain a resource that already exists" Is Displayed?
What Can I Do If a Chart Fails to Be Uploaded?
How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
How Can I Clean Up Residual Resources After the NGINX Ingress Controller Add-on in the Unknown State Is Deleted?
Why Can't TLS v1.0 or v1.1 Be Used After the NGINX Ingress Controller Add-on Is Upgraded?
What Can I Do If a Pod Cannot Be Started After the CCE AI Suite (Ascend NPU) Add-on Is Upgraded from 1.x.x to 2.x.x?
API & kubectl FAQs
How Can I Access a Cluster API Server?
Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
How Do I Rectify the Error Reported When Running the kubectl top node Command?
Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
DNS FAQs
What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
How Do I Configure a DNS Policy for a Container?
How Can I Address the Issue of CoreDNS Using Deprecated APIs?
Image Repository FAQs
How Do I Upload My Images to CCE?
Permissions
Can I Configure Only Namespace Permissions Without Cluster Management Permissions?
Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
What Is an OBS Global Access Key and How Do I Check Whether a Global Access Key Is Used in a Cluster?
Videos