Updated on 2022-12-07 GMT+08:00

Risky Operations on Cluster Nodes

Precautions for Using a Cluster

  • When performing operations such as creating, deleting, and scaling clusters, do not change user permissions on the Identity and Access Management (IAM) console. Otherwise, these operations may fail.
  • Canal, the CNI plug-ins used by CCE nodes, uses a CIDR block as the CIDR block of the container network. This CIDR block can be configured during cluster creation and defaults to 172.16.0.0/16. The Docker service creates a docker0 bridge by default. The default docker0 address is 172.17.0.1. When creating a cluster, ensure that the CIDR block of the VPC in the cluster is different from those of the container network and the docker0 bridge. If VPC peering connections are used, ensure that the CIDR block of the peer VPC is different from those of the container network and the docker0 bridge.
  • For clusters of Kubernetes v1.15, the DNS server of nodes in the cluster uses the DNS server in the VPC subnet. The CoreDNS address of Kubernetes is not added. Ensure that the DNS address in the subnet exists and is configurable.
  • For clusters of Kubernetes v1.17, the network of a node is a single network plane. In the multi-network plane scenario, if you bind a new NIC to the ECS, you need to configure the NIC information on the node and restart the NIC after the binding.
  • Do not modify the security groups, Elastic Volume Service (EVS) disks, and other resources created by CCE. Otherwise, clusters may not function properly. The resources created by CCE are labeled "cce", for example, "cce-evs-jwh9pcl7-****".
  • When a node is added, the DNS server in the subnet must be able to resolve the domain name of the corresponding service. Otherwise, the node cannot be installed properly.

Precautions for Using a Node

Some of the node resources will be used to run necessary Kubernetes system components and resources to make the node as part of your cluster. Therefore, the amount of your node resources differs from that of node allocatable resources in Kubernetes. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components.

To ensure node stability, a certain amount of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications.

You are advised not to install private software or modify the operating system (OS) configuration on a cluster node. This may cause exceptions on Kubernetes components installed on the node, and make the node unavailable.

Risky Operations on Nodes

After logging in to a node created by CCE, do not perform the following operations. Otherwise, the node will become unready.

Table 1 Operations that will cause nodes to become unready

No.

Operation

Impact

Solution

1

Reinstalling the operating system using the original image or another image

The node will become unavailable.

Delete the node and create a new one.

2

Modifying OS configuration

The node will become unavailable.

Restore the original configuration or create a new node.

3

Deleting the opt directory, /var/paas directory, or a data disk

The node will become unavailable.

Delete the node and create a new one.

4

Formatting and partitioning a node disk

The node will become unavailable.

Delete the node and create a new one.

5

Modifying a security group

The node will become unready or the cluster will exhibit unexpected behavior.

Correct the security group settings based on security group settings of normal clusters.