Help Center/ Host Security Service/ User Guide/ Installation and Configuration on Containers/ Modifying Cluster Agent Installation Information
Updated on 2024-09-25 GMT+08:00

Modifying Cluster Agent Installation Information

Scenario

You can modify the access information in the following cases:

  • In a non-CCE cluster accessed through Internet, the access information has been configured and the command has been generated, but the command has not been executed on cluster nodes. In this case, you can refer to this section to go to the access information modification page and perform subsequent operations.
  • In a non-CCE cluster accessed through Internet, the specified certificate expiration date is earlier than the final expiration date, but needs to be changed to that date.
  • You need to modify the scope of cluster nodes where the agent is to be installed. After the modification, the agent on all cluster nodes will be automatically uninstalled, and then the agent will be reinstalled on specified nodes.
  • The container runtime type and sock address need to be modified. After the modification, the agent on all cluster nodes will be automatically uninstalled, and then the agent will be reinstalled on specified nodes.
  • Automatic agent upgrade needs to be enabled or disabled.

Modifying Access Information

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Installation & Configuration > Container Install & Config.
  4. Click the Cluster tab.
  5. In the row of a cluster, click Edit Access Information in the Operation column. The Edit Access Information dialog box is displayed.

  6. Modify access information. For details about the parameters that can be modified, see Table 1.

    Table 1 Modifiable access parameters

    Access Mode

    Parameter

    Description

    Non-CCE cluster (Internet access)

    Validity Period

    You can specify a time before the final validity period. After the specified validity period expires, you need to connect to the asset again.

    All access modes

    Configuration Rules

    Select an agent configuration rule.

    • Default Rule: Select this if the sock address of container runtime is a common address. The agent will be installed on nodes having no taints.
    • Custom: Select this rule if the sock address of your container runtime is not a common address or needs to be modified, or if you only want to install the agent on specific nodes.
    NOTE:
    • If the sock address of your container runtime is incorrect, some HSS functions may be unavailable after the cluster is connected to HSS.
    • You are advised to select all runtime types.

    (Optional) Advanced Configuration

    This parameter can be set if Custom is selected for Configuration Rules.

    Click to expand all advanced configuration items.

    • Enabling auto upgrade agent

      Configure whether to enable automatic agent upgrade. If it is enabled, HSS automatically upgrades the agent to the latest version between 00:00 to 06:00 every day to provide you with better services.

    • Node Selector Configuration

      Select the tag of the nodes where the agent is to be installed. If this parameter is not specified, the agent will be installed on all nodes having no taints by default.

    • Tolerance Configuration

      If the taint tag is selected in Node Selector Configuration and the agent needs to be installed on the taint node, you can configure taint toleration.

  7. Click Complete.

    If the container runtime type, container runtime sock address, node selection configuration, or tolerance configuration is modified, the agent on all cluster nodes will be automatically uninstalled and then reinstalled. Wait until the agent installation is complete.