Easily Switch Between Product Types

You can click the drop-down list box to switch between different product types.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
Software Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Modifying Node Pool Configurations

Updated on 2024-10-14 GMT+08:00

Notes and Constraints

The default node pool does not support the following management operations.

Configuration Management

CCE allows you to highly customize Kubernetes parameter settings on core components in a cluster. For more information, see kubelet.

This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.

  1. Log in to the CCE console.
  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
  3. Click Manage in the Operation column of the target node pool
  4. On the Manage Components page on the right, change the values of Kubernetes parameters.

    Table 1 kubelet

    Item

    Parameter

    Description

    Value

    Modification

    CPU management policy

    cpu-manager-policy

    CPU management policy configuration. For details, see CPU Scheduling.

    • none: disables pods from exclusively occupying CPUs. Select this value if you want a large pool of shareable CPU cores.
    • static: enables pods to exclusively occupy CPUs. Select this value if your workload is sensitive to latency in CPU cache and scheduling.

    Default: none

    None

    QPS for requests to kube-apiserver

    kube-api-qps

    Number of queries per second for communication with the API server.

    Default: 100

    None

    Burst for requests to kube-apiserver

    kube-api-burst

    Maximum number of burst requests sent to the API server per second.

    Default: 100

    None

    Limit on the pods managed by kubelet

    max-pods

    Maximum number of pods that can run on a node.

    None

    Limited number of processes in a pod

    pod-pids-limit

    Maximum number of PIDs that can be used in each pod.

    Default: -1, which indicates that the number of PIDs is not limited

    None

    Whether to use a local IP address as a node's ClusterDNS

    with-local-dns

    The default ENI IP address of the node will be automatically added to the node's kubelet configuration as the preferred DNS address.

    Default: false

    None

    QPS limit on creating events

    event-qps

    Number of events that can be generated per second.

    Default: 5

    None

    Upper Limit for Burst Events

    event-burst

    Upper limit for burst event creation. The number of burst events can be temporarily increased to the specified value.

    Default: 10

    None

    Allowed unsafe sysctls

    allowed-unsafe-sysctls

    Insecure system configuration allowed.

    Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. Add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe Sysctls in Pod Security Policy.

    Default: []

    None

    Node oversubscription

    over-subscription-resource

    Whether to enable node oversubscription.

    If this parameter is set to true, node oversubscription is enabled on nodes.

    • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
    • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later

    None

    Hybrid deployment

    colocation

    Whether to enable hybrid deployment on nodes.

    If this parameter is set to true, hybrid deployment is enabled on nodes.

    • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
    • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later

    None

    Topology management policy

    topology-manager-policy

    Set the topology management policy.

    Valid values are as follows:

    • restricted: kubelet accepts only pods that achieve optimal NUMA alignment on the requested resources.
    • best-effort: kubelet preferentially selects pods that implement NUMA alignment on CPU and device resources.
    • none (default): The topology management policy is disabled.
    • single-numa-node: kubelet allows only pods that are aligned to the same NUMA node in terms of CPU and device resources.

    Default: none

    NOTICE:

    Modifying topology-manager-policy and topology-manager-scope will restart kubelet, and the resource allocation of pods will be recalculated based on the modified policy. In this case, running pods may restart or even fail to receive any resources.

    Topology management scope

    topology-manager-scope

    Configure the resource alignment granularity of the topology management policy. Valid values are as follows:

    • container (default)
    • pod

    Default: container

    Specified DNS configuration file

    resolv-conf

    DNS resolution configuration file specified by the container

    Default: null

    None

    Timeout for all runtime requests except long-running requests

    runtime-request-timeout

    Timeout interval of all runtime requests except long-running requests (pull, logs, exec, and attach).

    Default: 2m0s

    This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.

    Whether to allow kubelet to pull only one image at a time

    serialize-image-pulls

    Pull an image in serial mode.

    • false: recommended configuration so that an image can be pulled in parallel mode to improve pod startup.
    • true: allows images to be pulled in serial mode.
    • Enabled by default if the cluster version is earlier than v1.21.12-r0, v1.23.11-r0, v1.27.3-r0 or v1.25.6-r0
    • Disabled by default if the cluster version is v1.21.12-r0, v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later

    This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.

    Image repository pull limit per second

    registry-pull-qps

    QPS upper limit of an image repository.

    Default: 5

    The value ranges from 1 to 50.

    This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.

    Upper limit of burst image pull

    registry-burst

    Maximum number of burst image pulls.

    Default: 10

    The value ranges from 1 to 100 and must be greater than or equal to the value of registry-pull-qps.

    This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.

    Upper Limit for Image Garbage Collection

    image-gc-high-threshold

    When the kubelet disk usage reaches this value, kubelet starts to collect image garbage.

    Default: 80

    Value range: 1 to 100

    To disable image garbage collection, set this parameter to 100.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

    Lower Limit for Image Garbage Collection

    image-gc-low-threshold

    When the disk usage reduces to this value, image garbage collection stops.

    Default: 70

    Value range: 1 to 100

    The value of this parameter cannot be greater than the upper limit for image garbage collection.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

    Node memory reservation

    system-reserved-mem

    System memory reservation reserves memory resources for OS system daemons such as sshd and udev.

    Default value: automatically calculated, which varies depending on node flavors. For details, see Node Resource Reservation Policy.

    The sum of kube-reserved-mem and system-reserved-mem must be less than 50% of the minimum memory of nodes in the node pool.

    kube-reserved-mem

    Kubernetes memory reservation reserves memory resources for Kubernetes daemons such kubelet and container runtime.

    Hard eviction

    memory.available

    Available memory on a node.

    The value is fixed at 100 MiB.

    For details, see Node-pressure Eviction.

    NOTICE:

    Exercise caution when modifying an eviction configuration item. Improper configuration may cause pods to be frequently evicted or fail to be evicted when the node is overloaded.

    kubelet can identify the following specific file system identifiers:

    • nodefs: main file system of a node. It is used for local disk volumes, emptyDir volumes that are not supported by memory, and log storage. For example, nodefs contains /var/lib/kubelet/.
    • imagefs: file system partition used by a container engine.

    nodefs.available

    Percentage of the available capacity in the filesystem used by kubelet.

    Default: 10%

    Value range: 1% to 99%

    nodefs.inodesFree

    Percentage of available inodes in the filesystem used by kubelet.

    Default: 5%

    Value range: 1% to 99%

    imagefs.available

    Percentage of the available capacity in the filesystem used by container runtimes to store resources such as images.

    Default: 10%

    Value range: 1% to 99%

    imagefs.inodesFree

    Percentage of available inodes in the filesystem used by container runtimes to store resources such as images.

    This parameter is left blank by default.

    Value range: 1% to 99%

    pid.available

    Percentage of allocatable PIDs reserved for pods.

    Default: 10%

    Value range: 1% to 99%

    Soft eviction

    memory.available

    Available memory on a node.

    The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.

    This parameter is left blank by default.

    Value range: 100 to 1000000

    nodefs.available

    Percentage of the available capacity in the filesystem used by kubelet.

    The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.

    This parameter is left blank by default.

    Value range: 1% to 99%

    nodefs.inodesFree

    Percentage of available inodes in the filesystem used by kubelet.

    The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.

    This parameter is left blank by default.

    Value range: 1% to 99%

    imagefs.available

    Percentage of the available capacity in the filesystem used by container runtimes to store resources such as images.

    The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.

    This parameter is left blank by default.

    Value range: 1% to 99%

    imagefs.inodesFree

    Percentage of available inodes in the filesystem used by container runtimes to store resources such as images.

    The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.

    This parameter is left blank by default.

    Value range: 1% to 99%

    pid.available

    Percentage of allocatable PIDs reserved for pods.

    The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.

    This parameter is left blank by default.

    Value range: 1% to 99%

    Table 2 kube-proxy

    Item

    Parameter

    Description

    Value

    Modification

    Maximum number of connection tracking entries

    conntrack-min

    Maximum number of connection tracking entries

    To obtain the value, run the following command:

    sysctl -w net.nf_conntrack_max

    Default: 131072

    None

    Wait time of a closed TCP connection

    conntrack-tcp-timeout-close-wait

    Wait time of a closed TCP connection

    To obtain the value, run the following command:

    sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait

    Default: 1h0m0s

    None

    Table 3 Docker (available only for node pools that use Docker)

    Item

    Parameter

    Description

    Value

    Modification

    Container umask

    native-umask

    The default value normal indicates that the umask value of the started container is 0022.

    Default: normal

    The parameter value cannot be changed.

    Available data space for a single container

    docker-base-size

    Maximum data space that can be used by each container.

    Default: 0

    The parameter value cannot be changed.

    Insecure image source address

    insecure-registry

    Whether an insecure image source address can be used.

    false

    The parameter value cannot be changed.

    Maximum size of a container core file

    limitcore

    Maximum size of a core file in a container. The unit is byte.

    If not specified, the value is infinity.

    Default: 5368709120

    None

    Limit on the number of handles in a container

    default-ulimit-nofile

    Maximum number of handles that can be used in a container.

    Default: {soft}:{hard}

    The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.

    You can run the following command to obtain the kernel parameter nr_open:

    sysctl -a | grep nr_open

    Image pull timeout

    image-pull-progress-timeout

    If the image fails to be pulled before time outs, the image pull will be canceled.

    Default: 1m0s

    This parameter is supported in v1.25.3-r0 and later.

    Maximum Number of Concurrent Requests for Downloading an Image at a Time

    max-concurrent-downloads

    This parameter specifies the maximum number of concurrent requests for downloading an image at a time.

    Default: 3

    Value range: 1 to 20

    If this parameter is set to a large value, the network performance of other services on the node may be affected or the disk I/O and CPU usage may increase.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

    Maximum Container Log File Size

    max-size

    Maximum size of a container log file to be dumped. When the size of a log file reaches this value, the current log file will be closed and a new log file will be created to continue logging.

    Default: 50

    Value range: 1 to 4096

    If this parameter is set to a small value, important logs may be lost. If this parameter is set to a large value, too much disk space may be occupied.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

    Maximum Number of Container Log Files

    max-file

    Maximum number of log files that can be retained in a container. When the number of existing log files exceeds this value, the earliest log file will be deleted to release space for new log files.

    Default: 20

    Value range: 2 to 100

    If this parameter is set to a small value, important logs may be lost. If this parameter is set to a large value, too much disk space may be occupied.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

    Table 4 containerd (available only for node pools that use containerd)

    Item

    Parameter

    Description

    Value

    Modification

    Available data space for a single container

    devmapper-base-size

    Maximum data space that can be used by each container.

    Default: 0

    The parameter value cannot be changed.

    Maximum size of a container core file

    limitcore

    Maximum size of a core file in a container. The unit is byte.

    If not specified, the value is infinity.

    Default: 5368709120

    None

    Limit on the number of handles in a container

    default-ulimit-nofile

    Maximum number of handles that can be used in a container.

    Default: 1048576

    The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.

    You can run the following command to obtain the kernel parameter nr_open:

    sysctl -a | grep nr_open

    Image pull timeout

    image-pull-progress-timeout

    If the image fails to be pulled before time outs, the image pull will be canceled.

    Default: 1m0s

    This parameter is supported in v1.25.3-r0 and later.

    Verification on insure skips

    insecure_skip_verify

    Whether to skip repository certificate verification.

    Default: false

    The parameter value cannot be changed.

    Maximum Number of Concurrent Requests for Downloading an Image at a Time

    max-concurrent-downloads

    This parameter specifies the maximum number of concurrent requests for downloading an image at a time.

    Default: 3

    Value range: 1 to 20

    If this parameter is set to a large value, the network performance of other services on the node may be affected or the disk I/O and CPU usage may increase.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

    Maximum Container Log Line Size

    max-container-log-line-size

    Maximum log line size of a container, in the unit of bytes. The log lines exceeding the limit will be split into multiple lines.

    Default: 16384

    Value range: 1 to 2097152

    A larger value will lead to more containerd memory consumption.

    This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

  5. Click OK.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback