Buying a CCE Turbo Cluster

Notes and Constraints

• During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
• You can create a maximum of 50 clusters in a single region. If more clusters are required, you can click here to increase your quota. For details about the quota, see Quotas.
• CCE Turbo clusters support only Cloud Native Network 2.0. For details about this network model, see Cloud Native Network 2.0.
• After a cluster is created, the following items cannot be changed:
  • Cluster type
  • Number of master nodes in the cluster
  • AZ of a master node
  • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings.
  • Network model. For example, change Tunnel network to VPC network.

Procedure

1. Log in to the CCE console. Choose Clusters. On the displayed page, click Buy next to CCE Turbo cluster.
2. Specify cluster parameters.
   Basic Settings

   • Cluster Name
   • Enterprise Project:

     This parameter is displayed only for enterprise users who have enabled the enterprise project function.

     After an enterprise project (for example, default) is selected, the cluster, nodes in the cluster, cluster security groups, node security groups, and elastic IPs (EIPs) of the automatically created nodes will be created in this enterprise project. After a cluster is created, you are advised not to modify the enterprise projects of nodes, cluster security groups, and node security groups in the cluster.

     Enterprise projects facilitate project-level management and grouping of cloud resources and users. For more information, see Enterprise Management.

   • Cluster Version: Select the Kubernetes version used by the cluster.
   • Cluster Scale: Select the maximum number of nodes that can be managed by the cluster. After the creation is complete, only scale-out is supported, but not scale-in.
   • HA: distribution mode of master nodes. By default, master nodes are randomly distributed in different AZs to improve DR capabilities.
     You can also expand advanced settings and customize the master node distribution mode. The following modes are supported:

     • Host: Master nodes are created on different hosts in the same AZ.
     • Custom: You can determine the location of each master node.

   Network Settings

   The cluster network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.

   • Network Model: CCE Turbo clusters support only Cloud Native Network 2.0. For details, see Cloud Native Network 2.0.
   • VPC: Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after creation.
   • Master Node Subnet: Select the subnet where the master node is deployed. If no subnet is available, click Create Subnet to create one. A master node requires at least four IP addresses, which cannot be changed after creation.
   • Pod Subnet: Select the subnet where the container is located. If no subnet is available, click Create Subnet to create one. The pod subnet determines the maximum number of containers in the cluster. You can add pod subnets after creating the cluster.
   • Service CIDR Block: CIDR block for Services used by containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after creation.

   Advanced Settings

   • Request Forwarding: The IPVS and iptables modes are supported. For details, see Comparing iptables and IPVS.
   • CPU Manager: For details, see Binding CPU Cores.
   • Resource Tag:

     You can add resource tags to classify resources.

     You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use predefined tags to improve tag creation and resource migration efficiency. For details, see Creating Predefined Tags.

     Key Specifications

     • Cannot be empty. Contains 1 to 128 single-byte characters.
     • Do not enter labels starting with _sys_, which are system labels.
     • Can contain UTF-8 letters (including Chinese characters), digits, spaces, and the following characters: _. : / = + - @

       Recommended regular expression: ^((?!_sys_)[\\p{L}\\p{Z}\\p{N}_.:\\/=+\\-@]*)$

     Value Specifications

     • Can contain up to 255 characters.
     • Can contain UTF-8 letters (including Chinese characters), digits, spaces, and the following characters: _. : / = + - @

       Recommended regular expression: ^([\p{L}\p{Z}\p{N}_.:\/=+\-@]*)$

     • The value can be empty or null.
     • The value of a predefined tag cannot be empty or null.
   • Default Node Security Group: You can use the security group automatically generated by CCE or select an existing one.
     

     The default node security group needs to allow access from certain ports to ensure normal communication. Otherwise, the node cannot be created. For details, see Configuring CCE Cluster Security Group Rules.

   • Certificate Authentication:
     • Default: The X509-based authentication mode is enabled by default. X509 is a commonly used certificate format.
     • Custom: The cluster can identify users based on the header in the request body for authentication.

       You need to upload your CA root certificate, client certificate, and private key of the client certificate.

       

       • Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
       • The validity period of the client certificate must be longer than five years.
       • The uploaded CA certificate is used for both the authentication proxy and the kube-apiserver aggregation layer configuration. If the certificate is invalid, the cluster cannot be created.
       • Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. You are advised to use the SHA256 algorithm.

3. Click Next: Add-on Configuration.

   By default, cordens and everest add-ons are installed.

   Service log

   • ICAgent:

     A log collector provided by Application Operations Management (AOM), reporting logs to AOM and Log Tank Service (LTS) according to the log collection rules you configured.

     You can collect stdout logs as required.

4. After configuring the parameters, click Next: Confirm. Review the configuration and select a payment mode and required duration.
   • Pay-per-use: Click Submit.
   • Yearly/Monthly: Click Pay Now. On the page displayed, click Pay.

   It takes about 6 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.

Related Operations

• Using kubectl to connect to the cluster: Connecting to a Cluster Using kubectl
• Add nodes to the cluster. For details, see Creating a Node.