Cloud Container Engine
Cloud Container Engine
Todos los resultados de "
" dentro de este producto
Todos los resultados de "
" dentro de este producto
Descripción general del servicio
Infografía de CCE
¿Qué es Cloud Container Engine?
Ventajas del producto
Escenarios de aplicación
Infraestructura y gestión de aplicaciones en contenedores
Ajuste automático en segundos
Gestión de tráfico de microservicios
DevOps y CI/CD
Arquitectura de nube híbrida
Programación de alto rendimiento
Detalles de precios
Gestión de permisos
Notas y restricciones
Servicios relacionados
Las regiones y las AZ
Pasos iniciales
Presentación
Preparaciones
Creación de un clúster de Kubernetes
Creación de un despliegue (Nginx) a partir de una imagen
Despliegue de WordPress y de MySQL que dependen el uno del otro
Descripción general
Paso 1: Crear una carga de trabajo de MySQL
Paso 2: Crear una carga de trabajo de WordPress
Guía del usuario
Operaciones y soluciones de alto riesgo
Clústeres
Descripción del clúster
Información básica del clúster
Clústeres de CCE Turbo y clústeres de CCE
Comparación de iptables e IPVS
Notas del lanzamiento de Kubernetes
Notas del lanzamiento de CCE Kubernetes 1.25
Notas del lanzamiento de CCE Kubernetes 1.23
Notas del lanzamiento de CCE Kubernetes 1.21
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Kubernetes 1.15 (EOM) Release Notes
Kubernetes 1.13 (EOM) Release Notes
Kubernetes 1.11 (EOM) Release Notes
Release Notes for Kubernetes 1.9 (EOM) and Earlier Versions
Notas de la versión de clúster
Compra de un clúster de CCE Turbo
Compra de un clúster de CCE
Conexión de clústeres
Conexión a un clúster con kubectl
Conexión a un clúster con CloudShell
Conexión a un clúster con un certificado X.509
Personalización de una SAN de certificados de clúster
Comandos comunes de kubectl
Actualización de un clúster
Descripción de la actualización
Antes de comenzar
Realización de la actualización in situ
Actualización de sustitución/rodamiento (versión 1.13)
Realización de la verificación posterior a la actualización
Verificación del servicio
Comprobación de pod
Comprobación de red de nodos y contenedores
Comprobación de la etiqueta y la mancha del nodo
Comprobación de nuevo nodo
Comprobación de pod nuevo
Comprobación de salto de nodo para restablecer
Migración de servicios a través de clústeres de diferentes versiones
Solución de problemas de excepciones de comprobación previa a la actualización
Realización de la comprobación previa a la actualización
Comprobación del nodo
Comprobación de la lista de bloqueo
Comprobación del complemento
Comprobación del gráfico de Helm
Comprobación de la conectividad SSH del nodo principal
Comprobación del grupo de nodos
Comprobación del grupo de seguridad
Restricción del nodo de Arm
Nodo por migrar
Recurso de Kubernetes descartado
Riesgo de compatibilidad
Versión de nodo de CCEAgent
Uso de la CPU del nodo
Comprobación de CRD
Disco de nodo
Nodo de DNS
Permisos de archivo de directorio de clave de nodo
Kubelet
Memoria de nodos
Servidor de sincronización de reloj de nodo
SO del nodo
Recuento de CPU de nodo
Comando de nodo de Python
Versión de ASM
Preparación del nodo
Diario de nodo
containerd.sock
Error interno
Punto de montaje del nodo
Mancha de nodo de Kubernetes
Restricción de everest
Restricción de cce-hpa-controller
Enlace mejorado del núcleo de la CPU
Estado de componentes de nodo de usuario
Estado de los componentes del nodo del controlador
Límite de recursos de memoria del componente de Kubernetes
API de Kubernetes descartadas
Capacidad de IPv6 de un clúster de CCE Turbo
NetworkManager de nodo
Archivo de ID de nodo
Consistencia de la configuración del nodo
Archivo de configuración de nodo
Consistencia de la configuración de CoreDNS
Managing a Cluster
Gestión de configuración de clúster
Control de sobrecarga de clúster
Cambio de escala de clúster
Eliminación de un clúster
Renewing a Yearly/Monthly-Billed Cluster
Hibernación y activación de un clúster (pago por uso)
Changing the Billing Mode from Pay-per-Use to Yearly/Monthly
Cambio del grupo de seguridad predeterminado de un nodo
Nodos
Descripción del nodo
Precauciones para el uso de un nodo
Descripción del motor de contenedores
Descripción del nodo del SO
Asignación de espacio en disco de datos
Descripción de los recursos de nodos reservados
Contenedores de Kata y contenedores comunes
Número máximo de pods que se pueden crear en un nodo
Creación de un nodo
Adición de los nodos para gestión
Inicio de sesión en un nodo
Nodos de gestión
Gestión de etiquetas de nodo
Gestión de manchas de nodos
Restablecimiento de un nodo
Extracción de un nodo
Sincronización de datos con servidores en la nube
Eliminación de un nodo
Cambio de pago por uso a anual/mensual
Detención de un nodo
Realización de actualización de rodamiento para nodos
Optimizing Node System Parameters
Lista de parámetros del sistema de nodos que se pueden optimizar
Cambio del RuntimeMaxUse de la memoria utilizada por la caché de log en un nodo
Cambio del número máximo de controladores de archivo
Modificación de parámetros de núcleo de nodo
Cambio de los límites de ID de proceso (kernel.pid_max)
Migración de nodos de Docker a containerd
Grupos de nodos
Descripción de pool de nodos
Creación de un grupo de nodos
Gestión de un grupo de nodos
Configuración de un grupo de nodos
Actualización de un grupo de nodos
Escalamiento de un grupo de nodos
Copia de un grupo de nodos
Migración de un nodo
Eliminación de un pool de nodos
Workloads
Overview
Creación de una carga de trabajo
Creación de una Deployment
Creación de un StatefulSet
Creación de un DaemonSet
Creación de un trabajo
Creación de un trabajo de cron
Configuring a Container
Configuración de información básica del contenedor
Uso de una imagen de terceros
Establecimiento de las especificaciones del contenedor
Setting Container Lifecycle Parameters
Configuración de la comprobación de estado de un contenedor
Setting an Environment Variable
Configuración de la configuración de APM para el análisis de cuello de botella del rendimiento
Habilitación de reglas de grupo de seguridad ICMP
Configuración de una política de extracción de imágenes
Configuración de la sincronización de zona horaria
Configuración de la política de actualización de carga de trabajo
Política de programación (afinidad/antiafinidad)
Pod Scale-in Priorities
Etiquetas y anotaciones de pod
Gestión de cargas de trabajo y trabajos
Acceso a un contenedor
Planificación
Descripción general
Programación de CPU
Política de CPU
Política de CPU mejorada
Programación de GPU
Programación de NPU
Programación de volcano
Configuración del volcano como planificador predeterminado
Despliegue híbrido de trabajos en línea y fuera de línea
Programación de afinidad de NUMA
Red
Descripción general
Container Network Models
Descripción general
Red de túneles de contenedores
Red de VPC
Cloud Native Network 2.0
Service
Descripción general
ClusterIP
NodePort
LoadBalancer
Creación de un LoadBalancer Service
Uso de anotaciones para configurar el balanceo de carga
Service usando HTTP
Configuración de la comprobación de estado para varios puertos
Configuración del estado del pod a través de la comprobación de estado de ELB
Habilitación de redes de paso a través para los servicios de LoadBalancer
DNAT
Headless Service
Ingresos
Descripción de entrada
Ingreso de ELB
Creación de ELB Ingress en la consola
Uso de kubectl para crear una entrada de ELB
Configuración de certificados de HTTPS para ingresos de ELB
Configuración de la Server Name Indication (SNI) para las entradas de ELB
Ingreso de ELB encamina a varios servicios
Ingresos de ELB usando HTTP/2
Configuración de ingresos de ELB con anotaciones
Ingresos de Nginx
Creación de entradas de Nginx en la consola
Uso de kubectl para crear una entrada de Nginx
Configuración de certificados de HTTPS para entradas de Nginx
Configuración de reglas de reescritura de URL para ingresos de Nginx
Interconexión de ingresos de Nginx con servicios de backend HTTPS
Ingresos de Nginx usando hashing consistente para el balanceo de carga
Configuración de ingresos de Nginx con anotaciones
DNS
Descripción general
Configuración de DNS
Uso de CoreDNS para la resolución personalizada de nombres de dominio
Uso de DNSCache de NodeLocal para mejorar el rendimiento de DNS
Configuración de red de contenedores
Red de host
Configuración de la limitación de la velocidad de QoS para el acceso entre los pod
Configuración de la red del túnel del contenedor
Network Policies
Configuración de Cloud Native Network 2.0
Políticas de grupo de seguridad
Configuración de red de clúster
Adición de un bloque CIDR de VPC secundario para un clúster
Cambio de una subred de nodo
Adición de un bloque CIDR de contenedor para un clúster
Configuración del acceso dentro de la VPC
Acceso a redes públicas desde un contenedor
Almacenamiento de contenedores
Conceptos básicos del almacenamiento
Descripción del almacenamiento de contenedores
Elastic Volume Service (EVS)
Descripción general
Uso de un disco de EVS existente a través de un PV estático
Uso de un disco de EVS con un PV dinámico
Montaje dinámico de un disco de EVS en un StatefulSet
Scalable File Service (SFS)
Descripción general
Uso de un sistema de archivos de SFS existente con un PV estático
Uso de un sistema de archivos SFS a través de un PV dinámico
Configuración de las opciones de montaje de volumen de SFS
Sistemas de archivos SFS Turbo
Descripción general
Uso de un sistema de archivos de SFS Turbo existente con un PV estático
Configuración de las opciones de montaje de SFS Turbo
Creación y montaje dinámico de subdirectorios de un sistema de archivos de SFS Turbo
Object Storage Service (OBS)
Descripción general
Uso de un bucket de OBS existente con un PV estático
Uso de un bucket de OBS con un PV dinámico
Configuración de opciones de montaje de OBS
Uso de una AK/SK personalizada para montar un volumen de OBS
Uso de bucket de OBS en todas las regiones
PV local
Descripción general
Uso de un PV local a través de un PV dinámico
Montaje dinámico de un PV local en un StatefulSet
Volúmenes efímeros (emptyDir)
Descripción general
Uso de un EV
hostPath
StorageClass
Grupos de almacenamiento
Instantáneas y copias de respaldo
Monitoreo y alarma
Resumen de monitoreo
Supervisión de métricas personalizadas en AOM
Monitoreo de métricas personalizadas con prometheus
Monitorización de las métricas del componente del nodo principal
Configuraciones de alarma
Logs
Descripción general
Uso de ICAgent para recopilar logs de contenedores
Namespaces
Creación de un espacio de nombres
Gestión de espacios de nombres
Establecimiento de una cuota de recursos
ConfigMaps y Secretos
Creación de un ConfigMap
Uso de un ConfigMap
Creación de un secreto
Uso de un secreto
Secretos de clúster
Auto Scaling
Descripción general
Scaling a Workload
Mecanismos de ajuste de la carga de trabajo
Creación de una política de HPA para el escalado automático de cargas de trabajo
Creación de una política de CustomedHPA para el ajuste automático de cargas de trabajo
Políticas de CronHPA
Gestión de políticas de escalado de carga de trabajo
Ajuste de un nodo
Mecanismos de escalado de nodos
Creación de una política del ajuste de nodos
Gestión de políticas de escalado de nodos
Uso de HPA y CA para el ajuste automático de cargas de trabajo y nodos
Complementos
Descripción general
coredns (complemento de recursos del sistema, obligatorio)
everest (complemento de recursos del sistema, obligatorio)
npd
dashboard
autoscaler
nginx-ingress
metrics-server
cce-hpa-controller
prometheus
web-terminal
gpu-device-plugin (anteriormente gpu-beta)
huawei-npu
Volcano
dew-provider
dolphin
e-backup
node-local-dns
kube-prometheus-stack
storage-driver (complemento de recursos del sistema, descartado)
Gráfico de Helm
Descripción general
Despliegue de una aplicación desde un gráfico
Diferencias entre Helm v2 y Helm v3 y soluciones de adaptación
Despliegue de una aplicación a través del cliente de Helm v2
Despliegue de una aplicación a través del cliente de Helm v3
Convertir una versión de Helm v2 a v3
Permisos
Descripción de permisos
Permisos de clúster (basados en IAM)
Permisos de espacio de nombres (basados en Kubernetes RBAC)
Ejemplo: Diseño y configuración de permisos para usuarios en un departamento
Dependencia de permisos de la consola de CCE
Seguridad del pod
Configuración de una política de seguridad de pod
Configuración de admisión de seguridad de pods
Mejora de la seguridad del token de la cuenta de Service
Descripción de la confiabilidad del sistema
Cloud Trace Service (CTS)
Operaciones de CCE con el apoyo de CTS
Consulta de logs de CTS
Gestión del almacenamiento: FlexVolume (desusado)
Descripción de FlexVolume
Using EVS Disks as Storage Volumes
Overview
(kubectl) Automatically Creating an EVS Disk
(kubectl) Creación de un PV a partir de un disco de EVS existente
(kubectl) Creating a Pod Mounted with an EVS Volume
Using SFS Turbo File Systems as Storage Volumes
Overview
(kubectl) Creating a PV from an Existing SFS Turbo File System
(kubectl) Creating a Deployment Mounted with an SFS Turbo Volume
(kubectl) Creating a StatefulSet Mounted with an SFS Turbo Volume
Using OBS Buckets as Storage Volumes
Overview
(kubectl) Automatically Creating an OBS Volume
(kubectl) Creación de un PV a partir de un bucket de OBS existente
(kubectl) Creating a Deployment Mounted with an OBS Volume
(kubectl) Creating a StatefulSet Mounted with an OBS Volume
Using SFS File Systems as Storage Volumes
Overview
(kubectl) Automatically Creating an SFS Volume
(kubectl) Creación de un PV a partir de un sistema de archivos de SFS existente
(kubectl) Creating a Deployment Mounted with an SFS Volume
(kubectl) Creating a StatefulSet Mounted with an SFS Volume
Referencia de la API
Antes de comenzar
Descripción general
Invocación a las API
Puntos de conexión
Restricciones
Conceptos
Descripción de las API
Invocación a API
Realización de una solicitud de API
Autenticación
Respuesta
Ejemplos
Conexión de discos a un nodo
API
URL de la API
Gestión de clústeres
Creación de un clúster
Lectura de un clúster especificado
Listado de clústeres en un proyecto especificado
Actualización de un clúster especificado
Eliminación de un clúster
Hibernación de un clúster
Despierta de un clúster
Obtención de un certificado de clúster
Consulta de un trabajo
Gestión de nodos
Creación de un nodo
Lectura de un nodo especificado
Listado de todos los nodos en un clúster
Actualización de un nodo especificado
Eliminación de un nodo
Aceptación de un nodo
Restablecimiento de un nodo
Extracción de un nodo
Migración de un nodo
Gestión de pool de nodos
Creación de un pool de nodos
Lectura de un pool de nodos especificado
Listado de todos los pools de nodos en un clúster especificado
Actualización de un pool de nodos especificado
Eliminación de un pool de nodos
Gestión de almacenamiento
Creación de un PVC
Eliminación de un PVC
Gestión de complementos
Instalación de una instancia de complemento
Listado de plantillas de complementos
Actualización de una instancia de complemento
Eliminación de una instancia de complemento
Consulta de una instancia de complemento
Listado de instancias de complementos
Gestión de cuotas
Consulta de las cuotas de recursos
API de Kubernetes
Descripción general
API fuera de fecha
Obtención de certificados de clúster
Creación de un PersistentVolume
Eliminación de un PersistentVolume
Políticas de permisos y acciones admitidas
Apéndice
Código de estado
Códigos de error
Obtención de un ID de proyecto
Obtención del ID de cuenta
Especificación de complementos que se instalarán durante la creación de clústeres
Cómo obtener parámetros en el URI de la API
Creación de una VPC y una subred
Creación de un par de claves
Descripción de la variante de nodo
Adición de una sal en el campo de contraseña al crear un nodo
Maximum Number of Pods That Can Be Created on a Node
Descripción del nodo del SO
Data Disk Space Allocation
Historial de revisiones
Preguntas frecuentes
Preguntas frecuentes
Facturación
¿Cómo se factura/cobra la CCE?
¿Cómo cambio el modo de facturación de un clúster de CCE de pago por uso a anual/mensual?
¿Puedo cambiar el modo de facturación de los nodos de CCE de pago por uso a anual/mensual?
¿Qué modos de factura son compatibles con Huawei Cloud?
¿Se me notificará cuando mi saldo sea insuficiente?
¿Se me notificará cuando cambie el saldo de mi cuenta?
¿Puedo eliminar un clúster de CCE facturado anual/mensualmente directamente cuando expire?
¿Cómo puedo cancelar mi suscripción a CCE?
¿Se admite el reembolso de CCE?
Clúster
Creación de clústeres
¿Por qué no puedo crear un clúster de CCE?
¿La escala de gestión de un clúster está relacionada con el número de nodos principales?
¿Cómo actualizo el certificado raíz al crear un clúster de CCE?
¿A qué cuotas de recursos debo prestar atención al usar CCE?
Ejecución de clúster
¿Cómo puedo rectificar la falla cuando el estado del clúster no está disponible?
¿Cómo puedo restablecer o reinstalar un clúster de CCE?
¿Cómo puedo comprobar si un clúster está en modo multimaestro?
¿Puedo conectarme directamente al nodo maestro de un clúster?
¿Cómo puedo recuperar datos después de eliminar un clúster?
¿Cómo actualizo un espacio de nombres en estado Terminating?
¿Por qué el uso del disco del nodo de visualización de CCE es incompatible con Cloud Eye?
Eliminación de clústeres
Error al eliminar un clúster: ENI residuales
Actualización de clúster
¿Qué hago si un complemento de clúster no se actualiza durante la actualización del clúster de CCE?
Nodo
Creación de nodos
¿Cómo soluciono los problemas que se producen al agregar nodos a un clúster de CCE?
¿Cómo soluciono los problemas que se producen al aceptar nodos en un clúster de CCE?
¿Qué debo hacer si un nodo no se acepta porque no se instala?
Ejecución de nodo
¿Qué debo hacer si un clúster está disponible pero algunos nodos no están disponibles?
¿Cómo soluciono los problemas de la falla al iniciar sesión de forma remota en un nodo en un clúster de CCE?
¿Cómo inicio sesión en un nodo usando una contraseña y restablezco la contraseña?
¿Cómo puedo recopilar logs de nodos en un clúster de CCE?
¿Qué puedo hacer si la red de contenedores no está disponible después de actualizar el sistema operativo?
¿Qué debo hacer si el disco vdb de un nodo está dañado y el nodo no se puede recuperar después del restablecimiento?
¿Qué puertos se utilizan para instalar kubelet en los nodos del clúster de CCE?
¿Cómo configuro un pod para usar la capacidad de aceleración de un nodo de GPU?
¿Qué debo hacer si la suspensión de E/S ocurre ocasionalmente cuando se usan discos SCSI de EVS?
¿Qué debo hacer si los logs excesivos de auditoría de Docker afectan a la E/S del disco?
¿Cómo soluciono un contenedor o nodo anormal debido a que no hay espacio en disco de thin pool?
¿En qué puertos escucha un nodo?
¿Cómo puedo rectificar fallas cuando se utiliza el controlador de NVIDIA para iniciar contenedores en nodos de GPU?
Cambio de especificaciones
¿Cómo cambio las especificaciones de nodo en un clúster de CCE?
¿Qué debo hacer si no puedo reiniciar o crear cargas de trabajo en un nodo después de modificar las especificaciones del nodo?
¿Puedo cambiar la dirección IP de un nodo en un clúster de CCE?
Núcleo de nodos
Cuando las aplicaciones se crean y eliminan repetidamente en un nodo de CentOS con una versión de kernel anterior, se produce una fuga de cgroup Kmem de vez en cuando
Problemas causados por la configuración conn_reuse_mode en el modo de reenvío IPVS de clústeres de CCE
¿Por qué los pods son desalojados por kubelet debido a estadísticas anormales de cgroup?
Cuando se produce OOM del contenedor en el nodo de CentOS con una versión anterior del kernel, el sistema de archivos Ext4 se suspende ocasionalmente
Grupo de nodos
¿Qué debo hacer si no se muestra ningún registro de creación de nodos cuando se está expandiendo el grupo de nodos?
Carga de trabajo
Anomalías de la carga de trabajo
¿Cómo uso eventos para corregir cargas de trabajo anormales?
¿Qué debo hacer si falla la programación de pods?
¿Qué debo hacer si un pod no logra extraer la imagen?
¿Qué debo hacer si falla el inicio del contenedor?
¿Qué debo hacer si un pod no es desalojado?
¿Qué debo hacer si no se puede montar un volumen de almacenamiento o si el tiempo de montaje se agota?
¿Qué debo hacer si una carga de trabajo permanece en el estado de creación?
¿Qué debo hacer si no se pueden eliminar los pods en el estado de terminación?
¿Qué debo hacer si una carga de trabajo se detiene debido a la eliminación de pods?
¿Qué debo hacer si se produce un error al desplegar un servicio en el nodo de GPU?
¿Qué debo hacer si se notifican los errores relacionados con sandbox cuando el pod permanece en el estado de creación?
¿Por qué el pod no escribe datos?
¿Por qué se suspende la creación o eliminación de pods en un nodo donde está montado el almacenamiento de archivos?
Códigos de salida
Configuración del contenedor
¿Cuándo se utiliza el procesamiento previo a la parada?
¿Cómo configuro un FQDN para acceder a un contenedor especificado en el mismo espacio de nombres?
¿Qué debo hacer si las sondas de chequeo médico fallan ocasionalmente?
¿Cómo configuro el valor umask para un contenedor?
¿Qué puedo hacer si se informa de un error cuando se inicia un contenedor desplegado después de que se especifique el parámetro de memoria de pila de inicio de JVM para ENTRYPOINT en Dockerfile?
¿Qué es el mecanismo de reintento cuando CCE no puede iniciar un pod?
Monitoreo de alarmas
¿Durante cuánto tiempo se almacenan los eventos de una carga de trabajo?
Políticas de planificación
¿Cómo distribuyo uniformemente varios pods a cada nodo?
¿Cómo puedo evitar que un contenedor en un nodo sea desalojado?
¿Por qué los pods no se distribuyen uniformemente a los nodos?
¿Cómo desalojo todos los pods de un nodo?
Otros
¿Qué debo hacer si no se puede reiniciar una tarea programada después de haber sido detenida durante un período de tiempo?
¿Qué es un servicio sin cabeza cuando creo un StatefulSet?
¿Qué debo hacer si se muestra un mensaje de error "Auth is empty" cuando se extrae una imagen privada?
¿Por qué no se puede programar un pod en un nodo?
¿Qué es la política de extracción de imágenes para contenedores en un clúster de CCE?
¿Por qué está desinstalado el punto de montaje de un contenedor Docker en el clúster Kunpeng?
¿Qué puedo hacer si falta una capa durante la extracción de imágenes?
¿Por qué el permiso de archivo y el usuario en el contenedor son signos de interrogación?
Redes
Planificación de la red
¿Cuál es la relación entre clústeres, VPC y subredes?
¿Cómo puedo ver el bloque CIDR de VPC?
¿Cómo configuro el bloque CIDR de VPC y el bloque CIDR de subred para un clúster de CCE?
¿Cómo configuro un bloque CIDR de contenedores para un clúster de CCE?
¿Cuándo debo usar la red nativa en la nube 2.0?
¿Qué es la ENI?
Configuración de reglas de grupo de seguridad de clúster
¿Cómo configuro un bloque CIDR de servicio IPv6?
Network Fault
¿Cómo se localiza una falla de red de carga de trabajo?
¿Por qué no se puede utilizar la dirección ELB para acceder a las cargas de trabajo en un clúster?
¿Por qué no se puede acceder al ingreso fuera del clúster?
¿Por qué el navegador devuelve el código de error 404 cuando accedo a una aplicación desplegada?
¿Qué debo hacer si un contenedor no se conecta a Internet?
¿Qué puedo hacer si no se puede eliminar una subred de VPC?
¿Cómo puedo restaurar una NIC de contenedor defectuosa?
¿Qué debo hacer si un nodo no se conecta a Internet (red pública)?
¿Cómo resuelvo un conflicto entre el bloque CIDR de VPC y el bloque CIDR de contenedores?
¿Qué debo hacer si se reporta el error de Java "Connection reset by peer" durante la comprobación de estado de la capa 4 de ELB?
¿Cómo localizo el evento de servicio que indica que ningún nodo está disponible para el enlace?
¿Por qué se produce el "Dead loop on virtual device gw_11cbf51a, fix it urgently" cuando inicio sesión en una máquina virtual usando VNC?
¿Por qué ocurre un pánico ocasionalmente cuando uso políticas de red en un nodo de clúster?
¿Por qué se generan muchos logs de origen ip_type en el VNC?
Resguardo de la seguridad
¿Cómo puedo evitar que los nodos de clúster se expongan a las redes públicas?
Configuración de la red
¿Cómo se comunica CCE con otros servicios de Huawei Cloud por una intranet?
¿Cómo configuro el puerto al configurar el modo de acceso a la carga de trabajo en CCE?
¿Cómo puedo lograr la compatibilidad entre la propiedad de entrada y el client-go de Kubernetes?
Otros
¿Cómo obtengo un certificado de clave TLS?
¿Se pueden vincular varias NIC a un nodo en un clúster de CCE?
¿Por qué se elimina automáticamente el grupo de servidores backend de un ELB después de publicar un servicio en el ELB?
¿Por qué no se puede crear una entrada después de cambiar el espacio de nombres?
¿Cómo obtengo la dirección IP de origen real de un cliente después de agregar un servicio a Istio?
¿Cómo cambio el grupo de seguridad de nodos en un clúster por lotes?
Almacenamiento
¿Cuáles son las diferencias entre las clases de almacenamiento de CCE en términos de almacenamiento persistente y montaje multinodo?
¿Puedo agregar un nodo sin un disco de datos de 100 GB?
¿Puedo restaurar un disco de EVS utilizado como volumen persistente en un clúster de CCE después de que el disco se elimine o expire?
¿Qué debo hacer si no se puede encontrar el host cuando se necesitan cargar archivos en OBS durante el acceso al servicio CCE desde una red pública?
¿Cuántos nodos (ECS) se puede montar un sistema de archivos SFS?
¿Cómo puedo lograr la compatibilidad entre ExtendPathMode y Kubernetes client-go?
¿Qué debo hacer si no se crea un volumen de almacenamiento?
¿Pueden los PVC de CCE detectar fallas de almacenamiento subyacentes?
Espacio de nombres
¿Por qué no puedo eliminar un espacio de nombres debido a un error de acceso a objetos APIService?
Gráfico y complemento
¿Qué debo hacer si el complemento nginx-ingress no se instala en un clúster y permanece en el estado de creación?
¿Qué debo hacer si existen recursos de procesos residuales debido a una versión anterior del complemento npd?
¿Qué debo hacer si no se puede eliminar una versión de gráfico porque el formato del gráfico es incorrecto?
¿CCE soporta nginx-ingress?
¿Por qué falla la instalación del complemento y avisa "The release name is already exist"?
¿Por qué falla la creación o la actualización de la versión y avisa "rendered manifests contain a resource that already exists"?
API y preguntas frecuentes de kubectl
¿Cómo puedo acceder a un clúster de CCE?
¿Se pueden mostrar los recursos creados con las API o kubectl en la consola de CCE?
¿Cómo descargo kubeconfig para conectarme a un clúster usando kubectl?
¿Cómo puedo rectificar el error notificado al ejecutar el comando kubectl top node?
¿Por qué se muestra "Error from server (Forbidden)" cuando utilizo kubectl?
Preguntas frecuentes sobre DNS
¿Qué debo hacer si falla la resolución de nombres de dominio?
¿Por qué un contenedor en un clúster de CCE no puede realizar la resolución de DNS?
¿Por qué no se puede resolver el nombre de dominio de la zona del tenant después de modificar la configuración de DNS de la subred?
¿Cómo puedo optimizar la configuración si la resolución del nombre de dominio externo es lenta o se agota?
¿Cómo configuro una política de DNS para un contenedor?
Preguntas frecuentes sobre el repositorio de imágenes
¿Cómo puedo crear una imagen de Docker y resolver el problema de la extracción lenta de imágenes?
¿Cómo subo mis imágenes a CCE?
Permisos
¿Puedo configurar solo los permisos de espacio de nombres sin permisos de gestión de clústeres?
¿Puedo usar las API de CCE si los permisos de gestión de clústeres no están configurados?
¿Puedo usar kubectl si los permisos de gestión de clústeres no están configurados?
Referencia
¿Cómo puedo ampliar la capacidad de almacenamiento de un contenedor?
¿Cómo pueden las direcciones IP de contenedores sobrevivir a un reinicio de contenedores?
¿Cuáles son las diferencias entre CCE y CCI?
¿Cuáles son las diferencias entre CCE y ServiceStage?
What's New
Function Overview
Product Bulletin
Latest Notices
Product Change Notices
EOM of CentOS
Billing Changes for Huawei Cloud CCE Autopilot Data Plane
CCE Autopilot for Commercial Use on September 30, 2024, 00:00 GMT+08:00
Reliability Hardening for Cluster Networks and Storage Functions
Support for Docker
Service Account Token Security Improvement
Upgrade of Helm v2 to Helm v3
Problems Caused by conn_reuse_mode Settings in the IPVS Forwarding Mode of CCE Clusters
Optimized Key Authentication of the everest Add-on
Cluster Version Release Notes
End of Maintenance for Clusters 1.28
End of Maintenance for Clusters 1.27
End of Maintenance for Clusters 1.25
End of Maintenance for Clusters 1.23
End of Maintenance for Clusters 1.21
End of Maintenance for Clusters 1.19
End of Maintenance for Clusters 1.17
End of Maintenance for Clusters 1.15
End of Maintenance for Clusters 1.13
Creation of CCE Clusters 1.13 and Earlier Not Supported
Upgrade for Kubernetes Clusters 1.9
Vulnerability Notices
Vulnerability Fixing Policies
Notice of Kubernetes Security Vulnerability (CVE-2025-7342)
Notice of Grafana Security Vulnerability (CVE-2025-4123)
Notice of the NVIDIA Container Toolkit Container Escape Vulnerabilities (CVE-2025-23266 and CVE-2025-23267)
Notice of the NGINX Ingress Controller Vulnerabilities (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, and CVE-2025-24514)
Notice of Kubernetes Security Vulnerability (CVE-2025-0426)
Notice of Kubernetes Security Vulnerability (CVE-2024-10220)
Notice of Kubernetes Security Vulnerabilities (CVE-2024-9486 and CVE-2024-9594)
Notice of Container Escape Vulnerability in NVIDIA Container Toolkit (CVE-2024-0132)
Notice of Linux Remote Code Execution Vulnerability in CUPS (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177)
Notice of the NGINX Ingress Controller Vulnerability That Allows Attackers to Bypass Annotation Validation (CVE-2024-7646)
Notice of Docker Engine Vulnerability That Allows Attackers to Bypass AuthZ (CVE-2024-41110)
Notice of Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086)
Notice of OpenSSH Remote Code Execution Vulnerability (CVE-2024-6387)
Notice of Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)
Notice of runC systemd Attribute Injection Vulnerability (CVE-2024-3154)
Notice of the Impact of runC Vulnerability (CVE-2024-21626)
Notice of Kubernetes Security Vulnerability (CVE-2022-3172)
Notice of Privilege Escalation Vulnerability in Linux Kernel openvswitch Module (CVE-2022-2639)
Notice of nginx-ingress Add-on Security Vulnerability (CVE-2021-25748)
Notice of nginx-ingress Security Vulnerabilities (CVE-2021-25745 and CVE-2021-25746)
Notice of containerd Process Privilege Escalation Vulnerability (CVE-2022-24769)
Notice of CRI-O Container Runtime Engine Arbitrary Code Execution Vulnerability (CVE-2022-0811)
Notice of Container Escape Vulnerability Caused by the Linux Kernel (CVE-2022-0492)
Notice of Non-Security Handling Vulnerability of containerd Image Volumes (CVE-2022-23648)
Notice of Linux Kernel Integer Overflow Vulnerability (CVE-2022-0185)
Notice of Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
Notice of Vulnerability of Kubernetes subPath Symlink Exchange (CVE-2021-25741)
Notice of runC Vulnerability That Allows a Container Filesystem Breakout via Directory Traversal (CVE-2021-30465)
Notice of Docker Resource Management Vulnerability (CVE-2021-21285)
Notice of NVIDIA GPU Driver Vulnerability (CVE-2021-1056)
Notice of the Sudo Buffer Vulnerability (CVE-2021-3156)
Notice of the Kubernetes Security Vulnerability (CVE-2020-8554)
Notice of Apache containerd Security Vulnerability (CVE-2020-15257)
Notice of Docker Engine Input Verification Vulnerability (CVE-2020-13401)
Notice of Kubernetes kube-apiserver Input Verification Vulnerability (CVE-2020-8559)
Notice of Kubernetes kubelet Resource Management Vulnerability (CVE-2020-8557)
Notice of Kubernetes kubelet and kube-proxy Authorization Vulnerability (CVE-2020-8558)
Notice of Fixing the Kubernetes HTTP/2 Vulnerability
Notice of Fixing the Linux Kernel SACK Vulnerabilities
Notice of Fixing the Docker Command Injection Vulnerability (CVE-2019-5736)
Notice of Fixing the Kubernetes Permission and Access Control Vulnerability (CVE-2018-1002105)
Notice of Fixing the Kubernetes Dashboard Security Vulnerability (CVE-2018-18264)
Product Release Notes
Cluster Versions
Kubernetes Version Policy
Kubernetes Version Release Notes
Kubernetes 1.32 Release Notes
Kubernetes 1.31 Release Notes
Kubernetes 1.30 Release Notes
Kubernetes 1.29 Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 (EOM) Release Notes
Kubernetes 1.23 (EOM) Release Notes
Kubernetes 1.21 (EOM) Release Notes
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Kubernetes 1.15 (EOM) Release Notes
Kubernetes 1.13 (EOM) Release Notes
Kubernetes 1.11 (EOM) Release Notes
Kubernetes 1.9 (EOM) and Earlier Versions Release Notes
Patch Versions
OS Images
OS Version Support Mechanism
OS Image Tag Release Notes
Add-on Versions
CoreDNS Release History
CCE Container Storage (Everest) Release History
CCE Node Problem Detector Release History
Kubernetes Dashboard Release History
CCE Cluster Autoscaler Release History
NGINX Ingress Controller Release History
Kubernetes Metrics Server Release History
CCE Advanced HPA Release History
CCE Cloud Bursting Engine for CCI Release History
CCE AI Suite (NVIDIA GPU) Release History
CCE AI Suite (Ascend NPU) Release History
Volcano Scheduler Release History
CCE Secrets Manager for DEW Release History
CCE Network Metrics Exporter Release History
NodeLocal DNSCache Release History
Cloud Native Cluster Monitoring Release History
Cloud Native Log Collection Release History
Container Image Signature Verification Release History
Grafana Release History
OpenKruise Release History
Gatekeeper Release History
Kuberay Release History
Vertical Pod Autoscaler Release History
CCE Cluster Backup & Recovery (End of Maintenance) Release History
Kubernetes Web Terminal (End of Maintenance) Release History
Prometheus (End of Maintenance) Release History
Billing
Billing Overview
Billed Items
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Spot Pricing
Billing Examples
Modifying Resource Specifications
Billing Mode Changes
Overview
Pay-per-Use to Yearly/Monthly
Yearly/Monthly to Pay-per-Use
Renewing Subscriptions
Overview
Manually Renewing a CCE Resource
Automatically Renewing a CCE Resource
Bills
Arrears
Billing Termination
Billing FAQ
Kubernetes Basics
Overview
Basic Concepts
Containers and Kubernetes
Containers
Kubernetes
Using kubectl to Operate a Cluster
Pods, Liveness Probes, Labels, and Namespaces
Pods
Liveness Probes
Labels
Namespaces
Pod Orchestration and Scheduling
Deployments
StatefulSets
Jobs and CronJobs
DaemonSets
Affinity and Anti-Affinity
Configuration Management
ConfigMaps
Secrets
Kubernetes Networks
Container Networks
Services
Ingresses
Readiness Probes
Network Policies
Persistent Storage
Volumes
PVs, PVCs, and Storage Classes
Authentication and Authorization
Service Accounts
RBAC
Auto Scaling
Best Practices
Checklist for Deploying Containerized Applications in the Cloud
Containerization
Containerizing an Enterprise Application (ERP)
Solution Overview
Resource and Cost Planning
Procedure
Containerizing an Entire Application
Containerization Process
Analyzing the Application
Preparing the Application Runtime
Compiling a Startup Script
Compiling the Dockerfile
Building and Uploading an Image
Creating a Container Workload
Migration
Migrating Container Images
Solution Overview
Migrating Images to SWR Using Docker Commands
Migrating Images to SWR Using image-migrator
Migrating Images Across Clouds from Harbor to SWR
Migrating Kubernetes Clusters to CCE
Solution Overview
Resource Planning for the Target Cluster
Procedure
Migrating Resources Outside a Cluster
Installing the Migration Tool
Migrating Resources in a Cluster (Velero)
Updating Resources Accordingly
Performing Additional Tasks
Troubleshooting
DevOps
Installing and Deploying Jenkins on CCE
Solution Overview
Resource and Cost Planning
Procedure
Installing and Deploying Jenkins Master
Configuring Jenkins Agent
Using Jenkins to Build a Pipeline
Interconnecting Jenkins with RBAC of Kubernetes Clusters (Example)
Interconnecting GitLab with SWR and CCE for CI/CD
Continuous Delivery Using Argo CD
Implementing Separate DevOps Processes for Multiple Clusters Using Jenkins and GitLab
Solution Overview
Resource Planning
Procedure
Setting Up the Jenkins and GitLab Environments
Configuring Cluster Environments
Configuring a GitLab Project
Implementing Continuous Integration and Deployment
Disaster Recovery
Recommended Configurations for HA CCE Clusters
Implementing High Availability for Applications in CCE
Implementing High Availability for Add-ons in CCE
Security
Overview
Configuration Suggestions on CCE Cluster Security
Configuration Suggestions on CCE Node Security
Configuration Suggestions on CCE Container Runtime Security
Configuration Suggestions on CCE Container Security
Configuration Suggestions on CCE Container Image Security
Configuration Suggestions on CCE Secret Security
Configuration Suggestions on CCE Workload Identity Security
Auto Scaling
Using HPA and CA for Auto Scaling of Workloads and Nodes
Elastic Scaling of CCE Pods to CCI
Auto Scaling Based on Prometheus Metrics
Auto Scaling Based on ELB Monitoring Metrics
Auto Scaling of Multiple Applications Using Nginx Ingresses
Monitoring
Monitoring Multiple Clusters Using Prometheus
Monitoring GPU Metrics Using DCGM-Exporter
Reporting Prometheus Monitoring Data to a Third-Party Monitoring Platform
Obtaining Prometheus Data Using PromQL Statements
Collecting GPU Pod Monitoring Metrics and Setting Up a Grafana Dashboard
Cluster
Suggestions on CCE Cluster Selection
Creating an IPv4/IPv6 Dual-Stack Cluster in CCE
Creating a Custom CCE Node Image
Executing the Pre- or Post-installation Commands During Node Creation
Using OBS Buckets to Implement Custom Script Injection During Node Creation
Connecting to Multiple Clusters Using kubectl
Selecting a Data Disk for the Node
Implementing Cost Visualization for a CCE Cluster
Creating a CCE Turbo Cluster Using a Shared VPC
Protecting a CCE Cluster Against Overload
Managing Costs for a Cluster
Networking
Planning CIDR Blocks for a Cluster
Selecting a Network Model
Enabling Cross-VPC Network Communications Between CCE Clusters
Implementing Network Communications Between Containers and IDCs Using VPC and Direct Connect
Enabling a CCE Cluster to Resolve Domain Names on Both On-Premises IDCs and Huawei Cloud
Solution Overview
Solution 1: Using a DNS Endpoint for Cascading Resolution
Solution 2: Changing the CoreDNS Configurations
Implementing Sticky Session Through Load Balancing
Obtaining the Client Source IP Address for a Container
Increasing the Listening Queue Length by Configuring Container Kernel Parameters
Configuring Passthrough Networking for a LoadBalancer Service
Accessing an External Network from a Pod
Accessing the Internet from a Pod
Accessing Cloud Services from a Pod in the Same VPC
Accessing Cloud Services from a Pod in a Different VPC
Deploying Nginx Ingress Controllers Using a Chart
Deploying NGINX Ingress Controller in Custom Mode
Advanced Configuration of Nginx Ingress Controller
CoreDNS Configuration Optimization
CoreDNS Optimization Overview
Client
Optimizing Domain Name Resolution Requests
Selecting a Proper Image
Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
Using NodeLocal DNSCache
Upgrading the CoreDNS in the Cluster Timely
Adjusting the DNS Configuration of the VPC and VM
Server
Monitoring the coredns Add-on
Adjusting the CoreDNS Deployment Status
Configuring CoreDNS
Pre-Binding Container Elastic Network Interfaces for CCE Turbo Clusters
Connecting a Cluster to the Peer VPC Through an Enterprise Router
Accessing an IP Address Outside of a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
Using Kmesh on Huawei Cloud CCE
Storage
Expanding the Storage Space
Mounting Object Storage Across Accounts
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Changing the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest
Using Custom Storage Classes
Scheduling EVS Disks Across AZs Using csi-disk-topology
Automatically Collecting JVM Dump Files That Exit Unexpectedly Using a General Purpose File System (SFS 3.0 Capacity-Oriented)
Deploying Storage Volumes in Multiple AZs
Container
Recommended Configurations for Workloads
Properly Allocating Container Computing Resources
Upgrading Pods Without Interrupting Services
Modifying Kernel Parameters Using a Privileged Container
Using Init Containers to Initialize an Application
Setting Time Zone Synchronization
Configuration Suggestions on Container Network Bandwidth Limit
Configuring the /etc/hosts File of a Pod Using hostAliases
Configuring Domain Name Resolution for CCE Containers
Using Dual-Architecture Images (x86 and Arm) in CCE
Locating Container Faults Using the Core Dump File
Configuring Parameters to Delay the Pod Startup in a CCE Turbo Cluster
Automatically Updating a Workload Version Using SWR Triggers
Effective Troubleshooting in Kubernetes with Temporary Containers
Developing and Testing a Microservice Locally Using Telepresence
Containerizing and Using QingTian Enclave on CCE
Permission
Configuring kubeconfig for Fine-Grained Management on Cluster Resources
Configuring Namespace-level Permissions for an IAM User
Performing RBAC Authentication on a Namespace Using kubectl Commands
Release
Overview
Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
Using Nginx Ingress to Implement Grayscale Release and Blue-Green Deployment
Batch Computing
Deploying and Using Kubeflow in a CCE Cluster
Deploying Kubeflow
Training a TensorFlow Model
Using Kubeflow and Volcano to Train an AI Model
Deploying and Using Caffe in a CCE Cluster
Prerequisites
Preparing Resources
Caffe Classification Example
Deploying and Using TensorFlow in a CCE Cluster
Deploying and Using Flink in a CCE Cluster
Deploying and Using ClickHouse in a CCE Cluster
Deploying and Using Spark in a CCE Cluster
Installing Spark
Using Spark
SDK Reference
SDK Overview
Videos
More Documents
User Guide (ME-Abu Dhabi Region)
Service Overview
What Is CCE?
Product Advantages
Application Scenarios
Containerized Application Management
Auto Scaling in Seconds
DevOps and CI/CD
Hybrid Cloud
Notes and Constraints
Permissions
Related Services
Regions and AZs
Product Bulletin
Kubernetes Version Policy
EOM of CentOS
Support for Docker
Getting Started
Introduction
Preparations
Creating a Kubernetes Cluster
Deploying a Deployment (Nginx)
Deploying WordPress and MySQL That Depend on Each Other
Overview
Step 1: Deploying MySQL
Step 2: Deploying WordPress
High-Risk Operations
Clusters
Cluster Overview
Cluster Version Release Notes
Kubernetes Version Release Notes
Kubernetes 1.30 Release Notes
Kubernetes 1.29 Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 Release Notes
Kubernetes 1.23 Release Notes
Kubernetes 1.21 (EOM) Release Notes
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Patch Version Release Notes
Buying a Cluster
Comparison Between Cluster Types
Buying a CCE Standard/Turbo Cluster
Comparing iptables and IPVS
Connecting to a Cluster
Accessing a Cluster Using kubectl
Accessing a Cluster Using an X.509 Certificate
Accessing a Cluster Using a Custom Domain Name
Configuring a Cluster's API Server for Internet Access
Revoking a Cluster Access Credential
Managing a Cluster
Modifying Cluster Configurations
Enabling Overload Control for a Cluster
Changing a Cluster Scale
Changing the Default Security Group of a Node
Deleting a Cluster
Preventing Cluster Deletion
Hibernating or Waking Up a Cluster
Upgrading a Cluster
Cluster Upgrade Overview
Before You Start
Performing Post-Upgrade Verification
Cluster Status Check
Node Status Check
Node Skipping Check
Service Check
New Node Check
New Pod Check
Migrating Services Across Clusters of Different Versions
Troubleshooting for Pre-upgrade Check Exceptions
Pre-upgrade Check
Node Restrictions
Upgrade Management
Add-ons
Helm Charts
SSH Connectivity of Master Nodes
Node Pools
Security Groups
Arm Node Restrictions
Residual Nodes
Discarded Kubernetes Resources
Compatibility Risks
CCE Agent Versions
Node CPU Usage
CRDs
Node Disks
Node DNS
Node Key Directory File Permissions
kubelet
Node Memory
Node Clock Synchronization Server
Node OS
Node CPU Cores
Node Python Commands
ASM Version
Node Readiness
Node journald
containerd.sock
Internal Error
Node Mount Points
Kubernetes Node Taints
Everest Restrictions
cce-hpa-controller Limitations
Enhanced CPU Policies
Health of Worker Node Components
Health of Master Node Components
Memory Resource Limit of Kubernetes Components
Discarded Kubernetes APIs
IPv6 Support in CCE Turbo Clusters
NetworkManager
Node ID File
Node Configuration Consistency
Node Configuration File
CoreDNS Configuration Consistency
sudo
Key Node Commands
Mounting of a Sock File on a Node
HTTPS Load Balancer Certificate Consistency
Node Mounting
Login Permissions of User paas on a Node
Private IPv4 Addresses of Load Balancers
Historical Upgrade Records
CIDR Block of the Cluster Management Plane
CCE AI Suite (NVIDIA GPU)
Nodes' System Parameters
Residual Package Version Data
Node Commands
Node Swap
NGINX Ingress Controller
containerd Pod Restart Risks
Key CCE AI Suite (NVIDIA GPU) Parameters
GPU Pod Rebuild Risks
ELB Listener Access Control
Master Node Flavor
Subnet Quota of Master Nodes
Node Runtime
Node Pool Runtime
Number of Node Images
OpenKruise Compatibility Check
Compatibility Check of Secret Encryption
Compatibility Between the Ubuntu Kernel and GPU Driver
Drainage Tasks
Image Layers on a Node
Cluster Rolling Upgrade
Rotation Certificates
Ingress and ELB Configuration Consistency
Nodes
Node Overview
Container Engines
Node OSs
Creating a Node
Accepting Nodes for Management
Logging In to a Node
Management Nodes
Managing Node Labels
Managing Node Taints
Resetting a Node
Removing a Node
Synchronizing the Data of Cloud Servers
Draining a Node
Deleting a Node
Stopping a Node
Performing Rolling Upgrade for Nodes
Node O&M
Node Resource Reservation Policy
Space Allocation of a Data Disk
Maximum Number of Pods That Can Be Created on a Node
Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community
Migrating Nodes from Docker to containerd
Configuring Node Fault Detection Policies
Executing the Pre- or Post-installation Commands During Node Creation
Node Pools
Node Pool Overview
Creating a Node Pool
Scaling a Node Pool
Managing a Node Pool
Updating a Node Pool
Updating an AS Configuration
Modifying Node Pool Configurations
Accepting Nodes in a Node Pool
Copying a Node Pool
Synchronizing Node Pools
Migrating a Node
Deleting a Node Pool
Workloads
Overview
Creating a Workload
Creating a Deployment
Creating a StatefulSet
Creating a DaemonSet
Creating a Job
Creating a CronJob
Configuring a Workload
Secure Runtime and Common Runtime
Configuring Time Zone Synchronization
Configuring an Image Pull Policy
Using Third-Party Images
Configuring Container Specifications
Configuring Container Lifecycle Parameters
Configuring Container Health Check
Configuring Environment Variables
Configuring APM
Configuring Workload Upgrade Policies
Configuring Tolerance Policies
Configuring Labels and Annotations
Scheduling a Workload
Overview
Configuring Specified Node Scheduling (nodeSelector)
Configuring Node Affinity Scheduling (nodeAffinity)
Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)
Logging In to a Container
Managing Workloads
Managing Custom Resources
Pod Security
Configuring a Pod Security Policy
Configuring Pod Security Admission
Scheduling
Overview
CPU Scheduling
CPU Policy
Enhanced CPU Policy
GPU Scheduling
GPU Driver Version
Selecting a GPU Driver Version for Nodes
Recommended GPU Driver Versions for CCE
Manually Upgrading the Driver Version of a GPU Node
Upgrading the Driver Version of a GPU Node Using a Node Pool
Default GPU Scheduling in Kubernetes
GPU Metrics
Volcano Scheduling
Overview
Scheduling Workloads
Resource Usage-based Scheduling
Bin Packing
Descheduling
Node Pool Affinity
Priority-based Scheduling
Priority-based Scheduling
AI Performance-based Scheduling
DRF
Gang
NUMA Affinity Scheduling
Cloud Native Hybrid Deployment
Dynamic Resource Oversubscription
Network
Overview
Container Network
Overview
Cloud Native Network 2.0 Settings
Cloud Native Network 2.0
Configuring a Default Container Subnet for a CCE Turbo Cluster
Binding a Security Group to a Pod Using an Annotation
Binding a Security Group to a Workload Using a Security Group Policy
Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration
Configuring an EIP for a Pod
VPC Network Settings
VPC Network Model
Adding a Container CIDR Block for a Cluster
Tunnel Network Settings
Tunnel Network Model
Pod Network Settings
Configuring hostNetwork for Pods
Configuring QoS for a Pod
Configuring Network Policies to Restrict Pod Access
Service
Overview
ClusterIP
NodePort
LoadBalancer
Creating a LoadBalancer Service
Configuring LoadBalancer Services Using Annotations
Configuring HTTP/HTTPS for a LoadBalancer Service
Configuring SNI for a LoadBalancer Service
Configuring HTTP/2 for a LoadBalancer Service
Configuring Timeout for a LoadBalancer Service
Configuring Health Check on Multiple LoadBalancer Service Ports
Configuring Passthrough Networking for a LoadBalancer Service
Changing a Custom EIP for a LoadBalancer Service
Setting the Pod Ready Status Through the ELB Health Check
Enabling ICMP Security Group Rules
DNAT
Headless Services
Ingresses
Overview
LoadBalancer Ingresses
Creating a LoadBalancer Ingress on the Console
Creating a LoadBalancer Ingress Using kubectl
Annotations for Configuring LoadBalancer Ingresses
Advanced Setting Examples of LoadBalancer Ingresses
Configuring an HTTPS Certificate for a LoadBalancer Ingress
Updating the HTTPS Certificate for a LoadBalancer Ingress
Configuring SNI for a LoadBalancer Ingress
Configuring Multiple Forwarding Policies for a LoadBalancer Ingress
Configuring HTTP/2 for a LoadBalancer Ingress
Configuring HTTPS Backend Services for a LoadBalancer Ingress
Configuring Timeout for a LoadBalancer Ingress
Configuring a Slow Start for a LoadBalancer Ingress
Configuring a Range of Listening Ports for a LoadBalancer Ingress
Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses
Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
Configuring a Custom EIP for a LoadBalancer Ingress
Configuring Advanced Forwarding Rules for a LoadBalancer Ingress
Nginx Ingresses
Creating an Nginx Ingress on the Console
Creating an Nginx Ingress Using kubectl
Annotations for Configuring Nginx Ingresses
Advanced Setting Examples of Nginx Ingresses
Configuring an HTTPS Certificate for an Nginx Ingress
Configuring HTTPS Backend Services for an Nginx Ingress
Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
Optimizing NGINX Ingress Controller in High-Traffic Scenarios
DNS
Overview
DNS Configuration
Using CoreDNS for Custom Domain Name Resolution
Using NodeLocal DNSCache to Improve DNS Performance
Configuring Intra-VPC Access
Accessing the Internet from a Container
Storage
Overview
Storage Basics
Elastic Volume Service
Overview
Using an Existing EVS Disk Through a Static PV
Using an EVS Disk Through a Dynamic PV
Dynamically Mounting an EVS Disk to a StatefulSet
Encrypting EVS Disks
Expanding the Capacity of an EVS Disk
Snapshots and Backups
SFS Turbo
Overview
Using an Existing SFS Turbo File System Through a Static PV
Configuring SFS Turbo Mount Options
(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Object Storage Service
Overview
Using an Existing OBS Bucket Through a Static PV
Using an OBS Bucket Through a Dynamic PV
Configuring OBS Mount Options
Using a Custom Access Key (AK/SK) to Mount an OBS Volume
DSS
Overview
Using DSS Through a Static PV
Using DSS Through a Dynamic PV
Dynamically Mounting a DSS Disk to a StatefulSet
Local PVs
Overview
Importing a PV to a Storage Pool
Using a Local PV Through a Dynamic PV
Dynamically Mounting a Local PV to a StatefulSet
Expanding a Local PV
Ephemeral Volumes
Overview
Importing an EV to a Storage Pool
Local EV
Temporary Path
hostPath
StorageClass
Auto Scaling
Overview
Scaling a Workload
Workload Scaling Rules
Creating an HPA Policy
Creating a Scheduled CronHPA Policy
Creating a CustomedHPA Policy
Creating a VPA Policy
Managing Workload Scaling Policies
Scaling a Node
Node Scaling Rules
Priorities for Scaling Node Pools
Creating a Node Scaling Policy
Managing Node Scaling Policies
Using HPA and CA for Auto Scaling of Workloads and Nodes
O&M
Logging
Overview
Collecting Container Logs
Collecting Container Logs Using ICAgent
Log Auditing
CCE Operations Supported by Cloud Trace Service
Viewing CTS Traces in the Trace List
O&M Best Practices
Monitoring Custom Metrics Using Prometheus
Monitoring Custom Metrics on AOM
Namespaces
Creating a Namespace
Managing Namespaces
Configuring Resource Quotas
ConfigMaps and Secrets
Creating a ConfigMap
Using a ConfigMap
Creating a Secret
Using a Secret
Cluster Secrets
Add-ons
Overview
Scheduling and Elasticity Add-ons
Volcano Scheduler
CCE Cluster Autoscaler
CCE Advanced HPA
Vertical Pod Autoscaler
Cloud Native Observability Add-ons
CCE Node Problem Detector
CCE Network Metrics Exporter
Kubernetes Metrics Server
Prometheus
Cloud Native Heterogeneous Computing Add-ons
CCE AI Suite (NVIDIA GPU)
Container Network Add-ons
CoreDNS
NGINX Ingress Controller
NodeLocal DNSCache
Container Storage Add-ons
CCE Container Storage (Everest)
Container Security Add-ons
CCE Secrets Manager for DEW
Other Add-ons
Kubernetes Dashboard
OpenKruise
Gatekeeper
Helm Chart
Overview of a Chart
Deploying an Application from a Chart
Differences Between Helm v2 and Helm v3 and Adaptation Solutions
Deploying an Application Through the Helm v2 Client
Deploying an Application Through the Helm v3 Client
Converting a Release from Helm v2 to v3
Permissions
Permissions Overview
Granting Cluster Permissions to an IAM User
Namespace Permissions (Kubernetes RBAC-based)
Example: Designing and Configuring Permissions for Users in a Department
Permission Dependency of the CCE Console
Service Account Token Security Improvement
System Agencies
Settings
Dashboard
Cluster Access
Network
Scheduling
Auto Scaling
Monitoring
Kubernetes
Heterogeneous Resources
Best Practices
Checklist for Deploying Containerized Applications in the Cloud
Containerization
Containerizing an Enterprise Application (ERP)
Solution Overview
Procedure
Containerizing an Entire Application
Containerization Process
Analyzing the Application
Preparing the Application Runtime
Compiling a Startup Script
Compiling the Dockerfile
Building and Uploading an Image
Creating a Container Workload
Disaster Recovery
Recommended Configurations for HA CCE Clusters
Implementing High Availability for Applications in CCE
Implementing High Availability for Add-ons in CCE
Security
Configuration Suggestions on CCE Cluster Security
Configuration Suggestions on CCE Node Security
Configuration Suggestions on CCE Container Runtime Security
Configuration Suggestions on CCE Container Security
Configuration Suggestions on CCE Container Image Security
Configuration Suggestions on CCE Secret Security
Configuration Suggestions on CCE Workload Identity Security
Auto Scaling
Using HPA and CA for Auto Scaling of Workloads and Nodes
Monitoring
Monitoring Multiple Clusters Using Prometheus
Cluster
Suggestions on CCE Cluster Selection
Creating a Custom CCE Node Image
Executing the Pre- or Post-installation Commands During Node Creation
Connecting to Multiple Clusters Using kubectl
Selecting a Data Disk for the Node
Protecting a CCE Cluster Against Overload
Networking
Planning CIDR Blocks for a Cluster
Selecting a Network Model
Implementing Sticky Session Through Load Balancing
Obtaining the Client Source IP Address for a Container
Deploying Nginx Ingress Controllers Using a Chart
Deploying NGINX Ingress Controller in Custom Mode
Advanced Configuration of Nginx Ingress Controller
CoreDNS Configuration Optimization
CoreDNS Optimization Overview
Client
Optimizing Domain Name Resolution Requests
Selecting a Proper Image
Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
Using NodeLocal DNSCache
Upgrading the CoreDNS in the Cluster Timely
Adjusting the DNS Configuration of the VPC and VM
Server
Monitoring the coredns Add-on
Adjusting the CoreDNS Deployment Status
Configuring CoreDNS
Pre-Binding Container ENI for CCE Turbo Clusters
Accessing an IP Address Outside of a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
Storage
Expanding the Storage Space
Mounting Object Storage Across Accounts
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Using Custom Storage Classes
Scheduling EVS Disks Across AZs Using csi-disk-topology
Container
Properly Allocating Container Computing Resources
Modifying Kernel Parameters Using a Privileged Container
Using Init Containers to Initialize an Application
Configuring the /etc/hosts File of a Pod Using hostAliases
Locating Container Faults Using the Core Dump File
Permission
Configuring kubeconfig for Fine-Grained Management on Cluster Resources
Release
Overview
Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
Using Nginx Ingress to Implement Grayscale Release and Blue-Green Deployment
FAQs
Common FAQ
Billing
How Is CCE Billed?
Cluster
Cluster Creation
Why Cannot I Create a CCE Cluster?
Is Management Scale of a Cluster Related to the Number of Master Nodes?
Which Resource Quotas Should I Pay Attention To When Using CCE?
Cluster Running
How Do I Locate the Fault When a Cluster Is Unavailable?
How Do I Retrieve Data After a CCE Cluster Is Deleted?
Cluster Deletion
What Can I Do If a Cluster Deletion Fails Due to Residual Resources in the Security Group?
How Do I Clear Residual Resources After Deleting a Non-Running Cluster?
Cluster Upgrade
What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?
Node
Node Creation
How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
How Do I Troubleshoot Problems Occurred When Accepting Nodes into a CCE Cluster?
What Should I Do If a Node Cannot Be Managed and an Error Message Appears Saying That the Node Failed to Install?
Node Running
What Should I Do If a Cluster Is Available But Some Nodes in It Are Unavailable?
How Do I Log In to a Node Using a Password and Reset the Password?
How Do I Collect Logs of Nodes in a CCE Cluster?
What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
Specification Change
How Do I Change the Node Specifications in a CCE Cluster?
What Are the Impacts of Changing the Flavor of a Node in a CCE Node Pool?
What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
OSs
What Should I Do If There Is a Service Access Failure After a Backend Service Upgrade or a 1-Second Latency When a Service Accesses a CCE Cluster?
Node Pool
What Should I Do If a Node Pool Is Abnormal?
What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?
What Should I Do If a Node Pool Scale-Out Fails?
How Do I Modify ECS Configurations When an ECS Cannot Be Managed by a Node Pool?
Workload
Workload Exception Troubleshooting
How Can I Locate the Root Cause If a Workload Is Abnormal?
What Should I Do If the Scheduling of a Pod Fails?
What Should I Do If a Pod Fails to Pull the Image?
What Should I Do If Container Startup Fails?
What Should I Do If a Pod Fails to Be Evicted?
What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
What Should I Do If a Workload Remains in the Creating State?
What Should I Do If a Pod Remains in the Terminating State?
What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
What Should I Do If an Error Occurs When I Deploy a Service on a GPU Node?
How Can I Locate Faults Using an Exit Code?
Container Configuration
When Is Pre-stop Processing Used?
How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
What Should I Do If Health Check Probes Occasionally Fail?
How Do I Set the umask Value for a Container?
What Is the Retry Mechanism When CCE Fails to Start a Pod?
Scheduling Policies
How Do I Evenly Distribute Multiple Pods to Each Node?
How Do I Prevent a Container on a Node from Being Evicted?
Why Are Pods Not Evenly Distributed on Nodes?
How Do I Evict All Pods on a Node?
Why Cannot a Pod Be Scheduled to a Node?
How Do I Troubleshoot a Pod Exit Caused by a Node Label Update?
Others
What Should I Do If a Cron Job Cannot Be Restarted After Being Stopped for a Period of Time?
What Is a Headless Service When I Create a StatefulSet?
What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
What Is the Image Pull Policy for Containers in a CCE Cluster?
What Can I Do If a Layer Is Missing During Image Pull?
Networking
Network Exception Troubleshooting
How Do I Locate a Workload Networking Fault?
Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
What Should I Do If a Container Fails to Access the Internet?
What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
What Should I Do If Nginx Ingress Access in the Cluster Is Abnormal After the NGINX Ingress Controller Add-on Is Upgraded?
What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?
Network Planning
What Is the Relationship Between Clusters, VPCs, and Subnets?
How Can I Configure a Security Group Rule for a Cluster?
Security Hardening
How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
How Do I Configure an Access Policy for a Cluster?
How Do I Obtain a TLS Key Certificate?
How Do I Change the Security Group of Nodes in a Cluster in Batches?
Network Configuration
How Can Container IP Addresses Survive a Container Restart?
How Can I Check Whether an ENI Is Used by a Cluster?
How Can I Delete a Security Group Rule Associated with a Deleted Subnet?
How Can I Determine Which Ingress the Listener Settings Have Been Applied To?
Storage
How Do I Expand the Storage Capacity of a Container?
What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-Node Mounting?
Can I Create a CCE Node Without Adding a Data Disk to the Node?
What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
Can CCE PVCs Detect Underlying Storage Faults?
Why Cannot I Delete a PV or PVC Using the kubectl delete Command?
Namespace
What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
Chart and Add-on
How Can I Troubleshoot Exceptions That Occur with an Add-on?
What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
How Can I Clean Up Residual Resources After the NGINX Ingress Controller Add-on in the Unknown State Is Deleted?
Why TLS v1.0 or v1.1 Cannot Be Used After the NGINX Ingress Controller Add-on Is Upgraded?
API & kubectl FAQs
How Can I Access a Cluster API Server?
Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
How Do I Rectify the Error Reported When Running the kubectl top node Command?
Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
DNS FAQs
What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
How Do I Configure a DNS Policy for a Container?
Image Repository FAQs
How Do I Upload My Images to CCE?
Permissions
Can I Configure Only Namespace Permissions Without Cluster Management Permissions?
Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
API Reference (ME-Abu Dhabi Region)
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
API URL
Cluster Management
Creating a Cluster
Reading a Specified Cluster
Listing Clusters in a Specified Project
Updating a Specified Cluster
Deleting a Cluster
Hibernating a Cluster
Waking Up a Cluster
Obtaining a Cluster Certificate
Modifying Cluster Specifications
Querying a Job
Binding/Unbinding Public API Server Address
Obtaining Cluster Access Address
Node Management
Creating a Node
Reading a Specified Node
Listing All Nodes in a Cluster
Updating a Specified Node
Deleting a Node
Enabling Scale-In Protection for a Node
Disabling Scale-In Protection for a Node
Synchronizing Nodes
Accepting a Node
Managing a Node in a Customized Node Pool
Resetting a Node
Removing a Node
Migrating a Node
Node Pool Management
Creating a Node Pool
Reading a Specified Node Pool
Listing All Node Pools in a Specified Cluster
Updating a Specified Node Pool
Deleting a Node Pool
Scaling a Node Pool
Storage Management
Creating a PVC (to be discarded)
Deleting a PVC (to be discarded)
Add-on Management
Installing an Add-on Instance
Listing Add-on Templates
Updating an Add-on Instance
Rolling Back an Add-on Instance
Deleting an Add-on Instance
Querying an Add-on Instance
Listing Add-on Instances
Quota Management
Querying Resource Quotas
API Versions
Obtaining API Versions
Tag Management
Adding Resource Tags to a Specified Cluster in Batches
Deleting Resource Tags of a Specified Cluster in Batches
Configuration Management
Obtaining the Parameters That Can Be Configured for a Node Pool
Obtaining the List of Parameters That Can Be Configured for a Cluster
Obtaining the Parameters That Can Be Configured for a Node Pool
Changing the Values of Configuration Parameters of a Node Pool
Chart Management
Uploading a Chart
Obtaining a Chart List
Obtaining a Release List
Updating a Chart
Creating a Release
Deleting a Chart
Updating a Release
Obtaining a Chart
Deleting a Release
Downloading a Chart
Obtaining a Release
Obtaining Chart Values
Obtaining Historical Records of a Release
Obtaining the Quota of a User Chart
Add-on Instance Parameters
CoreDNS
CCE Container Storage (Everest)
CCE Node Problem Detector
Kubernetes Dashboard
CCE Cluster Autoscaler
NGINX Ingress Controller
Kubernetes Metrics Server
CCE Advanced HPA
CCE AI Suite (NVIDIA GPU)
Volcano Scheduler
CCE Secrets Manager for DEW
CCE Network Metrics Exporter
NodeLocal DNSCache
Kubernetes APIs
Permissions and Supported Actions
Appendix
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Account ID
Specifying Add-ons to Be Installed During Cluster Creation
How to Obtain Parameters in the API URI
Creating a VPC and Subnet
Creating a Key Pair
Node Flavor Description
Adding a Salt in the password Field When Creating a Node
Maximum Number of Pods That Can Be Created on a Node
Node OS
Space Allocation of a Data Disk
Attaching Disks to a Node
User Guide (Paris Regions)
Service Overview
What Is CCE?
Product Advantages
Application Scenarios
Containerized Application Management
Auto Scaling in Seconds
DevOps and CI/CD
Hybrid Cloud
Notes and Constraints
Billing
Permissions
Related Services
Regions and AZs
Product Bulletin
Risky Operations on Cluster Nodes
CCE Security Guide
Cluster Node OS Patch Notes
Vulnerability Notice
Notice on the Kubernetes Security Vulnerability (CVE-2022-3172)
Privilege Escalation Vulnerability in Linux openvswitch Kernel Module (CVE-2022-2639)
Notice on CRI-O Container Runtime Engine Arbitrary Code Execution Vulnerability (CVE-2022-0811)
Notice on the Container Escape Vulnerability Caused by the Linux Kernel (CVE-2022-0492)
Linux Kernel Integer Overflow Vulnerability (CVE-2022-0185)
CCE Console Upgrade
Kubernetes Basics
Overview
Container and Kubernetes
Containers
Kubernetes
Pod, Label, and Namespace
Pod: the Smallest Scheduling Unit in Kubernetes
Liveness Probe
Label for Managing Pods
Namespaces: Grouping Resources
Pod Orchestration and Scheduling
Deployment
StatefulSet
Job and Cron Job
DaemonSet
Affinity and Anti-Affinity Scheduling
Configuration Management
ConfigMap
Secret
Kubernetes Networking
Container Networking
Services
Ingresses
Readiness Probe
NetworkPolicy
Persistent Storage
Volume
PersistentVolumes, PersistentVolumeClaims, and StorageClasses
Authentication and Authorization
ServiceAccounts
RBAC
Auto Scaling
Getting Started
Introduction
Preparations
Creating a Kubernetes Cluster
Creating a Deployment (Nginx)
Deploying WordPress and MySQL That Depend on Each Other
Overview
Creating a MySQL Workload
Creating a WordPress Workload
High-Risk Operations
Clusters
Cluster Overview
Basic Cluster Information
Kubernetes Version Release Notes
Kubernetes 1.29 Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 Release Notes
Kubernetes 1.23 Release Notes
Kubernetes 1.21 (EOM) Release Notes
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Patch Version Release Notes
Creating a Cluster
Comparison Between Cluster Types
Creating a CCE Standard Cluster
Comparing iptables and IPVS
Connecting to a Cluster
Connecting to a Cluster Using kubectl
Accessing a Cluster Using an X.509 Certificate
Accessing a Cluster Using a Custom Domain Name
Configuring a Cluster's API Server for Internet Access
Managing a Cluster
Modifying Cluster Configurations
Enabling Overload Control for a Cluster
Changing Cluster Scale
Deleting a Cluster
Hibernating or Waking Up a Cluster
Upgrading a Cluster
Process and Method of Upgrading a Cluster
Before You Start
Performing Post-Upgrade Verification
Cluster Status Check
Node Status Check
Node Skipping Check
Service Check
New Node Check
New Pod Check
Migrating Services Across Clusters of Different Versions
Troubleshooting for Pre-upgrade Check Exceptions
Pre-upgrade Check
Node Restrictions
Upgrade Management
Add-ons
Helm Charts
SSH Connectivity of Master Nodes
Node Pools
Security Groups
Arm Node Restrictions
Residual Nodes
Discarded Kubernetes Resources
Compatibility Risks
CCE Agent Versions
Node CPU Usage
CRDs
Node Disks
Node DNS
Node Key Directory File Permissions
kubelet
Node Memory
Node Clock Synchronization Server
Node OS
Node CPU Cores
Node Python Commands
ASM Version
Node Readiness
Node journald
containerd.sock
Internal Error
Node Mount Points
Kubernetes Node Taints
Everest Restrictions
cce-hpa-controller Limitations
Enhanced CPU Policies
Health of Worker Node Components
Health of Master Node Components
Memory Resource Limit of Kubernetes Components
Discarded Kubernetes APIs
IPv6 Support in CCE Turbo Clusters
NetworkManager
Node ID File
Node Configuration Consistency
Node Configuration File
CoreDNS Configuration Consistency
sudo
Key Node Commands
Mounting of a Sock File on a Node
HTTPS Load Balancer Certificate Consistency
Node Mounting
Login Permissions of User paas on a Node
Private IPv4 Addresses of Load Balancers
Historical Upgrade Records
CIDR Block of the Cluster Management Plane
GPU Add-on
Nodes' System Parameters
Residual Package Version Data
Node Commands
Node Swap
nginx-ingress Upgrade
containerd Pod Restart Risks
Key GPU Add-on Parameters
GPU Pod Rebuild Risks
ELB Listener Access Control
Master Node Flavor
Subnet Quota of Master Nodes
Node Runtime
Node Pool Runtime
Number of Node Images
Nodes
Node Overview
Container Engines
Creating a Node
Accepting Nodes for Management
Logging In to a Node
Management Nodes
Managing Node Labels
Managing Node Taints
Resetting a Node
Removing a Node
Synchronizing the Data of Cloud Servers
Draining a Node
Deleting a Node
Stopping a Node
Performing Rolling Upgrade for Nodes
Node O&M
Node Resource Reservation Policy
Data Disk Space Allocation
Maximum Number of Pods That Can Be Created on a Node
Differences Between CCE Node mountPath Configurations and Community Native Configurations
Migrating Nodes from Docker to containerd
Configuring Node Fault Detection Policies
Node Pools
Node Pool Overview
Creating a Node Pool
Scaling a Node Pool
Managing a Node Pool
Updating a Node Pool
Updating an AS Configuration
Modifying Node Pool Configurations
Accepting Nodes in a Node Pool
Copying a Node Pool
Synchronizing Node Pools
Upgrading an OS
Migrating a Node
Deleting a Node Pool
Workloads
Overview
Creating a Workload
Creating a Deployment
Creating a StatefulSet
Creating a DaemonSet
Creating a Job
Creating a Cron Job
Configuring a Workload
Configuring Time Zone Synchronization
Configuring an Image Pull Policy
Using Third-Party Images
Configuring Container Specifications
Configuring Container Lifecycle Parameters
Configuring Container Health Check
Configuring Environment Variables
Configuring Workload Upgrade Policies
Scheduling Policies (Affinity/Anti-affinity)
Configuring Tolerance Policies
Configuring Labels and Annotations
Logging In to a Container
Managing Workloads
Managing Custom Resources
Pod Security
Configuring a Pod Security Policy
Configuring Pod Security Admission
Scheduling
Overview
CPU Scheduling
CPU Policy
GPU Scheduling
Default GPU Scheduling in Kubernetes
Volcano Scheduling
Overview
Scheduling Workloads
Resource Usage-based Scheduling
Bin Packing
Descheduling
Node Pool Affinity
Priority-based Scheduling
Priority-based Scheduling
AI Performance-based Scheduling
DRF
Gang
NUMA Affinity Scheduling
Cloud Native Hybrid Deployment
Dynamic Resource Oversubscription
Network
Overview
Container Network
Overview
VPC Network Settings
VPC Network Model
Adding a Container CIDR Block for a Cluster
Tunnel Network Settings
Tunnel Network Model
Configuring Network Policies to Restrict Pod Access
Pod Network Settings
Configuring hostNetwork for Pods
Configuring QoS for a Pod
Service
Overview
ClusterIP
NodePort
LoadBalancer
Creating a LoadBalancer Service
Using Annotations to Balance Load
Configuring HTTP/HTTPS for a LoadBalancer Service
Configuring SNI for a LoadBalancer Service
Configuring HTTP/2 for a LoadBalancer Service
Configuring Timeout for a LoadBalancer Service
Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service
Configuring Health Check on Multiple Ports of a LoadBalancer Service
Configuring Passthrough Networking for a LoadBalancer Service
Enabling ICMP Security Group Rules
Headless Services
Ingresses
Overview
LoadBalancer Ingresses
Creating a LoadBalancer Ingress on the Console
Using kubectl to Create a LoadBalancer Ingress
Configuring a LoadBalancer Ingress Using Annotations
Configuring an HTTPS Certificate for a LoadBalancer Ingress
Configuring SNI for a LoadBalancer Ingress
Routing a LoadBalancer Ingress to Multiple Services
Configuring HTTP/2 for a LoadBalancer Ingress
Configuring HTTPS Backend Services for a LoadBalancer Ingress
Configuring Timeout for a LoadBalancer Ingress
Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress
Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
Nginx Ingresses
Creating Nginx Ingresses on the Console
Using kubectl to Create an Nginx Ingress
Configuring Nginx Ingresses Using Annotations
Configuring an HTTPS Certificate for an Nginx Ingress
Configuring Redirection Rules for an Nginx Ingress
Configuring URL Rewriting Rules for an Nginx Ingress
Configuring HTTPS Backend Services for an Nginx Ingress
Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
DNS
Overview
DNS Configuration
Using CoreDNS for Custom Domain Name Resolution
Using NodeLocal DNSCache to Improve DNS Performance
Configuring Intra-VPC Access
Accessing the Internet from a Container
Storage
Overview
Storage Basics
Elastic Volume Service
Overview
Using an Existing EVS Disk Through a Static PV
Using an EVS Disk Through a Dynamic PV
Dynamically Mounting an EVS Disk to a StatefulSet
Encrypting EVS Disks
Snapshots and Backups
Scalable File Service
Overview
Using an Existing SFS File System Through a Static PV
Using an SFS File System Through a Dynamic PV
Configuring SFS Volume Mount Options
SFS Turbo
Overview
Using an Existing SFS Turbo File System Through a Static PV
Configuring SFS Turbo Mount Options
(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Object Storage Service
Overview
Using an Existing OBS Bucket Through a Static PV
Using an OBS Bucket Through a Dynamic PV
Configuring OBS Mount Options
Using a Custom Access Key (AK/SK) to Mount an OBS Volume
DSS
Overview
Using DSS Through a Static PV
Using DSS Through a Dynamic PV
Dynamically Mounting a DSS Disk to a StatefulSet
Local PVs
Overview
Importing a PV to a Storage Pool
Using a Local PV Through a Dynamic PV
Dynamically Mounting a Local PV to a StatefulSet
Ephemeral Volumes
Overview
Importing an EV to a Storage Pool
Using a Local EV
Using a Temporary Path
hostPath
StorageClass
Observability
Logging
Overview
Collecting Container Logs
Collecting Container Logs Using ICAgent
Log Auditing
CCE Operations Supported by Cloud Trace Service
Viewing CTS Traces in the Trace List
Best Practices
Monitoring Custom Metrics on AOM
Auto Scaling
Overview
Scaling a Workload
Workload Scaling Rules
Creating an HPA Policy
Creating a Scheduled CronHPA Policy
Managing Workload Scaling Policies
Scaling a Node
Node Scaling Rules
Priorities for Scaling Node Pools
Creating a Node Scaling Policy
Managing Node Scaling Policies
Using HPA and CA for Auto Scaling of Workloads and Nodes
Namespaces
Creating a Namespace
Managing Namespaces
Configuring Resource Quotas
ConfigMaps and Secrets
Creating a ConfigMap
Using a ConfigMap
Creating a Secret
Using a Secret
Cluster Secrets
Add-ons
Overview
Scheduling and Elasticity Add-ons
Volcano Scheduler
CCE Cluster Autoscaler
CCE Advanced HPA
Cloud Native Observability Add-ons
CCE Node Problem Detector
CCE Network Metrics Exporter
Kubernetes Metrics Server
Cloud Native Heterogeneous Computing Add-ons
CCE AI Suite (NVIDIA GPU)
CCE AI Suite (Ascend NPU)
Container Network Add-ons
CoreDNS
NGINX Ingress Controller
NodeLocal DNSCache
Container Storage Add-ons
CCE Container Storage (Everest)
FlexVolume (Discarded)
Container Security Add-ons
CCE Secrets Manager for DEW
Other Add-ons
Kubernetes Dashboard
Helm Chart
Overview
Deploying an Application from a Chart
Differences Between Helm v2 and Helm v3 and Adaptation Solutions
Deploying an Application Through the Helm v2 Client
Deploying an Application Through the Helm v3 Client
Converting a Release from Helm v2 to v3
Permissions
Permissions Overview
Granting Cluster Permissions to an IAM User
Namespace Permissions (Kubernetes RBAC-based)
Example: Designing and Configuring Permissions for Users in a Department
Permission Dependency of the CCE Console
Service Account Token Security Improvement
Settings
Dashboard
Cluster Access
Network
Scheduling
Auto Scaling
Kubernetes
Heterogeneous Resources
FAQs
Common Questions
Billing
How Is CCE Billed/Charged?
Will I Be Notified When My Balance Is Insufficient?
Will I Be Notified When My Account Balance Changes?
Cluster
Cluster Creation
Why Cannot I Create a CCE Cluster?
Is Management Scale of a Cluster Related to the Number of Master Nodes?
Which Resource Quotas Should I Pay Attention To When Using CCE?
Cluster Running
How Do I Locate the Fault When a Cluster Is Unavailable?
How Do I Retrieve Data After a CCE Cluster Is Deleted?
Cluster Deletion
What Can I Do If a Cluster Deletion Fails Due to Residual Resources in the Security Group?
How Do I Clear Residual Resources After Deleting a Non-Running Cluster?
Cluster Upgrade
What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?
Node
Node Creation
How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
How Do I Troubleshoot Problems Occurred When Accepting Nodes into a CCE Cluster?
What Should I Do If a Node Fails to Be Accepted Because It Fails to Be Installed?
Node Running
What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
How Do I Log In to a Node Using a Password and Reset the Password?
How Do I Collect Logs of Nodes in a CCE Cluster?
What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
Specification Change
How Do I Change the Node Specifications in a CCE Cluster?
What Are the Impacts of Changing the Flavor of a Node in a CCE Node Pool?
What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
OSs
What Should I Do If There Is a Service Access Failure After a Backend Service Upgrade or a 1-Second Latency When a Service Accesses a CCE Cluster?
Node Pool
What Should I Do If a Node Pool Is Abnormal?
What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?
What Should I Do If a Node Pool Scale-Out Fails?
How Do I Modify ECS Configurations When an ECS Cannot Be Managed by a Node Pool?
Workload
Workload Abnormalities
How Do I Use Events to Fix Abnormal Workloads?
What Should I Do If Pod Scheduling Fails?
What Should I Do If a Pod Fails to Pull the Image?
What Should I Do If Container Startup Fails?
What Should I Do If a Pod Fails to Be Evicted?
What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
What Should I Do If a Workload Remains in the Creating State?
What Should I Do If Pods in the Terminating State Cannot Be Deleted?
What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?
Container Configuration
When Is Pre-stop Processing Used?
How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
What Should I Do If Health Check Probes Occasionally Fail?
How Do I Set the umask Value for a Container?
What Is the Retry Mechanism When CCE Fails to Start a Pod?
Scheduling Policies
How Do I Evenly Distribute Multiple Pods to Each Node?
How Do I Prevent a Container on a Node from Being Evicted?
Why Are Pods Not Evenly Distributed on Nodes?
How Do I Evict All Pods on a Node?
Why Cannot a Pod Be Scheduled to a Node?
Others
What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?
What Is a Headless Service When I Create a StatefulSet?
What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
What Is the Image Pull Policy for Containers in a CCE Cluster?
What Can I Do If a Layer Is Missing During Image Pull?
Networking
Network Planning
What Is the Relationship Between Clusters, VPCs, and Subnets?
How Can I Configure a Security Group Rule in a Cluster?
Network Fault
How Do I Locate a Workload Networking Fault?
Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
What Should I Do If a Container Fails to Access the Internet?
What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
What Should I Do If an Nginx Ingress Access in the Cluster Is Abnormal After the Add-on Is Upgraded?
Security Hardening
How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
How Do I Configure an Access Policy for a Cluster?
How Do I Obtain a TLS Key Certificate?
Network Configuration
How Can Container IP Addresses Survive a Container Restart?
Storage
How Do I Expand the Storage Capacity of a Container?
What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mounting?
Can I Create a CCE Node Without Adding a Data Disk to the Node?
What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
Can CCE PVCs Detect Underlying Storage Faults?
Namespace
What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
Chart and Add-on
What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
How Can I Clean Up Residual Resources After the NGINX Ingress Controller Add-on in the Unknown State Is Deleted?
Why TLS v1.0 and v1.1 Cannot Be Used After the NGINX Ingress Controller Add-on Is Upgraded?
API & kubectl FAQs
How Can I Access a Cluster API Server?
Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
How Do I Rectify the Error Reported When Running the kubectl top node Command?
Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
DNS FAQs
What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
How Do I Configure a DNS Policy for a Container?
Image Repository FAQs
How Do I Upload My Images to CCE?
Permissions
Can I Configure Only Namespace Permissions Without Cluster Management Permissions?
Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
Best Practices
Checklist for Deploying Containerized Applications in the Cloud
Containerization
Containerizing an Enterprise Application (ERP)
Solution Overview
Procedure
Containerizing an Entire Application
Containerization Process
Analyzing the Application
Preparing the Application Runtime
Compiling a Startup Script
Compiling the Dockerfile
Building and Uploading an Image
Creating a Container Workload
Disaster Recovery
Recommended Configurations for HA CCE Clusters
Implementing High Availability for Applications in CCE
Implementing High Availability for Add-ons in CCE
Security
Configuration Suggestions on CCE Cluster Security
Configuration Suggestions on CCE Node Security
Configuration Suggestions on CCE Container Security
Configuration Suggestions on CCE Secret Security
Auto Scaling
Using HPA and CA for Auto Scaling of Workloads and Nodes
Monitoring
Monitoring Multiple Clusters Using Prometheus
Cluster
Suggestions on CCE Cluster Selection
Executing the Pre- or Post-installation Commands During Node Creation
Connecting to Multiple Clusters Using kubectl
Selecting a Data Disk for the Node
Protecting a CCE Cluster Against Overload
Networking
Planning CIDR Blocks for a Cluster
Selecting a Network Model
Implementing Sticky Session Through Load Balancing
Obtaining the Client Source IP Address for a Container
CoreDNS Configuration Optimization
Overview
Client
Optimizing Domain Name Resolution Requests
Selecting a Proper Image
Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
Using NodeLocal DNSCache
Upgrading the CoreDNS in the Cluster Timely
Adjusting the DNS Configuration of the VPC and VM
Server
Monitoring the coredns Add-on
Adjusting the CoreDNS Deployment Status
Configuring CoreDNS
Retaining the Original IP Address of a Pod
Storage
Expanding the Storage Space
Mounting an Object Storage Bucket of a Third-Party Tenant
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Changing the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest
Using Custom Storage Classes
Scheduling EVS Disks Across AZs Using csi-disk-topology
Container
Properly Allocating Container Computing Resources
Modifying Kernel Parameters Using a Privileged Container
Using Init Containers to Initialize an Application
Configuring the /etc/hosts File of a Pod Using hostAliases
Locating Container Faults Using the Core Dump File
Permission
Configuring kubeconfig for Fine-Grained Management on Cluster Resources
Release
Overview
Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
Migrating Data from CCE 1.0 to CCE 2.0
Differences Between CCE 1.0 and CCE 2.0
Migrating Images
Migrating Clusters
Migrating Applications
Applications Created Through APIs or kubectl
Applications Created Through Component Templates
Applications Created Through App Designer
API Reference (Paris Regions)
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
API URL
Cluster Management
Creating a Cluster
Reading a Specified Cluster
Listing Clusters in a Specified Project
Updating a Specified Cluster
Deleting a Cluster
Hibernating a Cluster
Waking Up a Cluster
Obtaining a Cluster Certificate
Modifying Cluster Specifications
Querying a Job
Binding/Unbinding Public API Server Address
Obtaining Cluster Access Address
Node Management
Creating a Node
Reading a Specified Node
Listing All Nodes in a Cluster
Updating a Specified Node
Deleting a Node
Accepting a Node
Resetting a Node
Removing a Node
Migrating a Node
Node Pool Management
Creating a Node Pool
Reading a Specified Node Pool
Listing All Node Pools in a Specified Cluster
Updating a Specified Node Pool
Deleting a Node Pool
Add-on Management
Installing an Add-on Instance
Listing Add-on Templates
Updating an Add-on Instance
Rolling Back an Add-on Instance
Deleting an Add-on Instance
Querying an Add-on Instance
Listing Add-on Instances
Quota Management
Querying Resource Quotas
API Versions
Obtaining API Versions
Tag Management
Adding Resource Tags to a Specified Cluster in Batches
Deleting Resource Tags of a Specified Cluster in Batches
Configuration Management
Obtaining the Parameters That Can Be Configured for a Node Pool
Obtaining the List of Parameters That Can Be Configured for a Cluster
Obtaining the Parameters That Can Be Configured for a Node Pool
Changing the Values of Configuration Parameters of a Node Pool
Chart Management
Uploading a Chart
Obtaining a Chart List
Obtaining a Release List
Updating a Chart
Creating a Release
Deleting a Chart
Updating a Release
Obtaining a Chart
Deleting a Release
Downloading a Chart
Obtaining a Release
Obtaining Chart Values
Obtaining Historical Records of a Release
Obtaining the Quota of a User Chart
Add-on Instance Parameters
CoreDNS
CCE Container Storage (Everest)
CCE Node Problem Detector
Kubernetes Dashboard
CCE Cluster Autoscaler
NGINX Ingress Controller
Kubernetes Metrics Server
CCE Advanced HPA
CCE AI Suite (NVIDIA GPU)
Volcano Scheduler
CCE Secrets Manager for DEW
NodeLocal DNSCache
Kubernetes APIs
Permissions and Supported Actions
Appendix
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Account ID
Specifying Add-ons to Be Installed During Cluster Creation
How to Obtain Parameters in the API URI
Creating a VPC and Subnet
Creating a Key Pair
Node Flavor Description
Adding a Salt in the password Field When Creating a Node
Maximum Number of Pods That Can Be Created on a Node
Node OS
Space Allocation of a Data Disk
Attaching Disks to a Node
User Guide (Kuala Lumpur Region)
Service Overview
What Is CCE?
Product Advantages
Application Scenarios
Containerized Application Management
Auto Scaling in Seconds
DevOps and CI/CD
Hybrid Cloud
Permissions
Notes and Constraints
Related Services
Regions and AZs
Product Bulletin
EOM of CentOS
Getting Started
Introduction
Preparations
Creating a Kubernetes Cluster
Deploying a Deployment (Nginx)
Deploying WordPress and MySQL That Depend on Each Other
Overview
Step 1: Deploying MySQL
Step 2: Deploying WordPress
High-Risk Operations
Clusters
Cluster Overview
Cluster Version Release Notes
Kubernetes Version Release Notes
Kubernetes 1.31 Release Notes
Kubernetes 1.30 Release Notes
Kubernetes 1.29 Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 (EOM) Release Notes
Kubernetes 1.23 (EOM) Release Notes
Kubernetes 1.21 (EOM) Release Notes
Kubernetes 1.19 (EOM) Release Notes
Kubernetes 1.17 (EOM) Release Notes
Patch Version Release Notes
Buying a Cluster
Comparison Between Cluster Types
Buying a CCE Standard Cluster
Comparing iptables and IPVS
Connecting to a Cluster
Accessing a Cluster Using kubectl
Accessing a Cluster Using an X.509 Certificate
Accessing a Cluster Using a Custom Domain Name
Configuring a Cluster's API Server for Internet Access
Revoking a Cluster Access Credential
Managing a Cluster
Modifying Cluster Configurations
Enabling Overload Control for a Cluster
Changing a Cluster Scale
Changing the Default Security Group of a Node
Deleting a Cluster
Preventing Cluster Deletion
Hibernating or Waking Up a Cluster
Upgrading a Cluster
Cluster Upgrade Overview
Before You Start
Performing Post-Upgrade Verification
Cluster Status Check
Node Status Check
Node Skipping Check
Service Check
New Node Check
New Pod Check
Migrating Services Across Clusters of Different Versions
Troubleshooting for Pre-upgrade Check Exceptions
Pre-upgrade Check
Node Restrictions
Upgrade Management
Add-ons
Helm Charts
SSH Connectivity of Master Nodes
Node Pools
Security Groups
Arm Node Restrictions
Residual Nodes
Discarded Kubernetes Resources
Compatibility Risks
CCE Agent Versions
Node CPU Usage
CRDs
Node Disks
Node DNS
Node Key Directory File Permissions
kubelet
Node Memory
Node Clock Synchronization Server
Node OS
Node CPU Cores
Node Python Commands
ASM Version
Node Readiness
Node journald
containerd.sock
Internal Error
Node Mount Points
Kubernetes Node Taints
Everest Restrictions
cce-hpa-controller Limitations
Enhanced CPU Policies
Health of Worker Node Components
Health of Master Node Components
Memory Resource Limit of Kubernetes Components
Discarded Kubernetes APIs
NetworkManager
Node ID File
Node Configuration Consistency
Node Configuration File
CoreDNS Configuration Consistency
sudo
Key Node Commands
Mounting of a Sock File on a Node
HTTPS Load Balancer Certificate Consistency
Node Mounting
Login Permissions of User paas on a Node
Private IPv4 Addresses of Load Balancers
Historical Upgrade Records
CIDR Block of the Cluster Management Plane
CCE AI Suite (NVIDIA GPU)
Nodes' System Parameters
Residual Package Version Data
Node Commands
Node Swap
NGINX Ingress Controller
Upgrade of Cloud Native Cluster Monitoring
containerd Pod Restart Risks
Key CCE AI Suite (NVIDIA GPU) Parameters
GPU Pod Rebuild Risks
ELB Listener Access Control
Master Node Flavor
Subnet Quota of Master Nodes
Node Runtime
Node Pool Runtime
Number of Node Images
OpenKruise Compatibility Check
Compatibility Check of Secret Encryption
Compatibility Between the Ubuntu Kernel and GPU Driver
Drainage Tasks
Image Layers on a Node
Cluster Rolling Upgrade
Rotation Certificates
Ingress and ELB Configuration Consistency
Network Policies of Cluster Network Components
Cluster and Node Pool Configurations
Time Zone of Master Nodes
SNATIPRanges
Add-on Configuration Consistency
Nodes
Node Overview
Container Engines
Node OSs
Creating a Node
Accepting Nodes for Management
Logging In to a Node
Management Nodes
Managing Node Labels
Managing Node Taints
Resetting a Node
Removing a Node
Synchronizing the Data of Cloud Servers
Draining a Node
Deleting a Node
Stopping a Node
Performing Rolling Upgrade for Nodes
Node O&M
Node Resource Reservation Policy
Space Allocation of a Data Disk
Maximum Number of Pods That Can Be Created on a Node
Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community
Migrating Nodes from Docker to containerd
Configuring Node Fault Detection Policies
Executing the Pre- or Post-installation Commands During Node Creation
Node Pools
Node Pool Overview
Creating a Node Pool
Scaling a Node Pool
Managing a Node Pool
Updating a Node Pool
Updating an AS Configuration
Modifying Node Pool Configurations
Accepting Nodes in a Node Pool
Copying a Node Pool
Synchronizing Node Pools
Upgrading an OS
Migrating a Node
Deleting a Node Pool
Workloads
Overview
Creating a Workload
Creating a Deployment
Creating a StatefulSet
Creating a DaemonSet
Creating a Job
Creating a CronJob
Configuring a Workload
Configuring Time Zone Synchronization
Configuring an Image Pull Policy
Using Third-Party Images
Configuring Container Specifications
Configuring Container Lifecycle Parameters
Configuring Container Health Check
Configuring Environment Variables
Configuring Workload Upgrade Policies
Configuring Tolerance Policies
Configuring Labels and Annotations
Scheduling a Workload
Overview
Configuring Specified Node Scheduling (nodeSelector)
Configuring Node Affinity Scheduling (nodeAffinity)
Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)
Logging In to a Container
Managing Workloads
Managing Custom Resources
Pod Security
Configuring a Pod Security Policy
Configuring Pod Security Admission
Scheduling
Overview
CPU Scheduling
CPU Policy
Enhanced CPU Policy
GPU Scheduling
Default GPU Scheduling in Kubernetes
GPU Virtualization
Overview
Preparing Virtualized GPU Resources
Using GPU Virtualization
Supporting Kubernetes' Default GPU Scheduling
Monitoring GPU Metrics
Configuring Workload Scaling Based on GPU Monitoring Metrics
Configuring Auto Scaling for xGPU Nodes
GPU Metrics
Volcano Scheduling
Overview
Scheduling Workloads
Resource Usage-based Scheduling
Bin Packing
Descheduling
Node Pool Affinity
Load-aware Scheduling
Configuration Cases for Resource Usage-based Scheduling
Priority-based Scheduling
Priority-based Scheduling
AI Performance-based Scheduling
DRF
Gang
NUMA Affinity Scheduling
Network
Overview
Container Network
Overview
VPC Network Settings
VPC Network Model
Adding a Container CIDR Block for a Cluster
Tunnel Network Settings
Tunnel Network Model
Pod Network Settings
Configuring hostNetwork for Pods
Configuring QoS for a Pod
Configuring Network Policies to Restrict Pod Access
Service
Overview
ClusterIP
NodePort
LoadBalancer
Creating a LoadBalancer Service
Configuring LoadBalancer Services Using Annotations
Configuring HTTP/HTTPS for a LoadBalancer Service
Configuring SNI for a LoadBalancer Service
Configuring HTTP/2 for a LoadBalancer Service
Configuring Timeout for a LoadBalancer Service
Configuring Health Check on Multiple LoadBalancer Service Ports
Configuring Passthrough Networking for a LoadBalancer Service
Changing a Custom EIP for a LoadBalancer Service
Enabling ICMP Security Group Rules
DNAT
Headless Services
Ingresses
Overview
LoadBalancer Ingresses
Creating a LoadBalancer Ingress on the Console
Creating a LoadBalancer Ingress Using kubectl
Annotations for Configuring LoadBalancer Ingresses
Advanced Setting Examples of LoadBalancer Ingresses
Configuring an HTTPS Certificate for a LoadBalancer Ingress
Updating the HTTPS Certificate for a LoadBalancer Ingress
Configuring SNI for a LoadBalancer Ingress
Configuring Multiple Forwarding Policies for a LoadBalancer Ingress
Configuring HTTP/2 for a LoadBalancer Ingress
Configuring HTTPS Backend Services for a LoadBalancer Ingress
Configuring Timeout for a LoadBalancer Ingress
Configuring a Slow Start for a LoadBalancer Ingress
Configuring a Range of Listening Ports for a LoadBalancer Ingress
Configuring URL Redirection for a LoadBalancer Ingress
Configuring URL Rewriting for a LoadBalancer Ingress
Redirecting HTTP to HTTPS for a LoadBalancer Ingress
Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses
Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
Configuring a Custom EIP for a LoadBalancer Ingress
Configuring Advanced Forwarding Rules for a LoadBalancer Ingress
Configuring Advanced Forwarding Actions for a LoadBalancer Ingress
Forwarding Policy Priorities of LoadBalancer Ingresses
Configuring Multiple Ingresses to Use the Same External ELB Port
Nginx Ingresses
Creating an Nginx Ingress on the Console
Creating an Nginx Ingress Using kubectl
Annotations for Configuring Nginx Ingresses
Advanced Setting Examples of Nginx Ingresses
Configuring an HTTPS Certificate for an Nginx Ingress
Configuring Redirection Rules for an Nginx Ingress
Configuring URL Rewriting Rules for an Nginx Ingress
Configuring HTTPS Backend Services for an Nginx Ingress
Configuring Consistent Hashing for Load Balancing of an Nginx Ingress
Nginx Ingress Usage Suggestions
Optimizing NGINX Ingress Controller in High-Traffic Scenarios
Configuring an ELB Certificate for NGINX Ingress Controller
NGINX Ingress Controller Upgrade Compatibility
DNS
Overview
DNS Configuration
Using CoreDNS for Custom Domain Name Resolution
Using NodeLocal DNSCache to Improve DNS Performance
Changing the Default NodeLocal DNSCache Port
Configuring Intra-VPC Access
Accessing the Internet from a Container
Storage
Overview
Storage Basics
Elastic Volume Service
Overview
Using an Existing EVS Disk Through a Static PV
Using an EVS Disk Through a Dynamic PV
Dynamically Mounting an EVS Disk to a StatefulSet
Encrypting EVS Disks
Expanding the Capacity of an EVS Disk
Snapshots and Backups
SFS Turbo
Overview
Using an Existing SFS Turbo File System Through a Static PV
Configuring SFS Turbo Mount Options
(Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Object Storage Service
Overview
Using an Existing OBS Bucket Through a Static PV
Using an OBS Bucket Through a Dynamic PV
Configuring OBS Mount Options
Using a Custom Access Key (AK/SK) to Mount an OBS Volume
Local PVs
Overview
Importing a PV to a Storage Pool
Using a Local PV Through a Dynamic PV
Dynamically Mounting a Local PV to a StatefulSet
Ephemeral Volumes
Overview
Importing an EV to a Storage Pool
Local EV
Temporary Path
hostPath
StorageClass
Auto Scaling
Overview
Scaling a Workload
Workload Scaling Rules
Creating an HPA Policy
Creating an HPA Policy with Custom Metrics
Creating a Scheduled CronHPA Policy
Creating a CustomedHPA Policy
Creating a VPA Policy
Creating an AHPA Policy
Managing Workload Scaling Policies
Scaling a Node
Node Scaling Rules
Priorities for Scaling Node Pools
Creating a Node Scaling Policy
Managing Node Scaling Policies
Specifying Node Scale-in Conditions for a Node Pool
Using HPA and CA for Auto Scaling of Workloads and Nodes
O&M
Logging
Overview
Collecting Container Logs
Collecting Container Logs Using ICAgent
Log Auditing
CCE Operations Supported by Cloud Trace Service
Viewing CTS Traces in the Trace List
O&M Best Practices
Monitoring Custom Metrics Using Cloud Native Cluster Monitoring
Monitoring Custom Metrics on AOM
Monitoring Master Node Components Using Prometheus
Monitoring Metrics of NGINX Ingress Controller
Migrating Custom Views of Grafana
Namespaces
Creating a Namespace
Managing Namespaces
Configuring Resource Quotas
ConfigMaps and Secrets
Creating a ConfigMap
Using a ConfigMap
Creating a Secret
Using a Secret
Cluster Secrets
Add-ons
Overview
Scheduling and Elasticity Add-ons
Volcano Scheduler
CCE Cluster Autoscaler
CCE Advanced HPA
Vertical Pod Autoscaler
Cloud Native Observability Add-ons
Cloud Native Cluster Monitoring
Cloud Native Log Collection
CCE Node Problem Detector
CCE Network Metrics Exporter
Kubernetes Metrics Server
Grafana
Prometheus
Cloud Native Heterogeneous Computing Add-ons
CCE AI Suite (NVIDIA GPU)
Container Network Add-ons
CoreDNS
NGINX Ingress Controller
NodeLocal DNSCache
Container Storage Add-ons
CCE Container Storage (Everest)
Container Security Add-ons
CCE Secrets Manager for DEW
Other Add-ons
Kubernetes Dashboard
OpenKruise
Gatekeeper
Kubernetes Web Terminal (EOM)
Helm Chart
Overview of a Chart
Deploying an Application from a Chart
Differences Between Helm v2 and Helm v3 and Adaptation Solutions
Deploying an Application Through the Helm v2 Client
Deploying an Application Through the Helm v3 Client
Converting a Release from Helm v2 to v3
Permissions
Permissions Overview
Granting Cluster Permissions to an IAM User
Namespace Permissions (Kubernetes RBAC-based)
Example: Designing and Configuring Permissions for Users in a Department
Permission Dependency of the CCE Console
Service Account Token Security Improvement
System Agencies
Settings
Dashboard
Cluster Access
Network
Scheduling
Auto Scaling
Monitoring
Kubernetes
Heterogeneous Resources
Best Practices
Checklist for Deploying Containerized Applications in the Cloud
Containerization
Containerizing an Enterprise Application (ERP)
Solution Overview
Procedure
Containerizing an Entire Application
Containerization Process
Analyzing the Application
Preparing the Application Runtime
Compiling a Startup Script
Compiling the Dockerfile
Building and Uploading an Image
Creating a Container Workload
Disaster Recovery
Recommended Configurations for HA CCE Clusters
Implementing High Availability for Applications in CCE
Implementing High Availability for Add-ons in CCE
Security
Configuration Suggestions on CCE Cluster Security
Configuration Suggestions on CCE Node Security
Configuration Suggestions on CCE Container Runtime Security
Configuration Suggestions on CCE Container Security
Configuration Suggestions on CCE Container Image Security
Configuration Suggestions on CCE Secret Security
Auto Scaling
Using HPA and CA for Auto Scaling of Workloads and Nodes
Monitoring
Monitoring Multiple Clusters Using Prometheus
Reporting Prometheus Monitoring Data to a Third-Party Monitoring Platform
Cluster
Suggestions on CCE Cluster Selection
Creating an IPv4/IPv6 Dual-Stack Cluster in CCE
Executing the Pre- or Post-installation Commands During Node Creation
Connecting to Multiple Clusters Using kubectl
Selecting a Data Disk for the Node
Protecting a CCE Cluster Against Overload
Networking
Planning CIDR Blocks for a Cluster
Selecting a Network Model
Implementing Sticky Session Through Load Balancing
Obtaining the Client Source IP Address for a Container
CoreDNS Configuration Optimization
CoreDNS Optimization Overview
Client
Optimizing Domain Name Resolution Requests
Selecting a Proper Image
Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
Using NodeLocal DNSCache
Upgrading the CoreDNS in the Cluster Timely
Adjusting the DNS Configuration of the VPC and VM
Server
Monitoring the coredns Add-on
Adjusting the CoreDNS Deployment Status
Configuring CoreDNS
Accessing an IP Address Outside of a Cluster That Uses a VPC Network by Using Source Pod IP Addresses Within the Cluster
Storage
Expanding the Storage Space
Mounting Object Storage Across Accounts
Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
Using Custom Storage Classes
Scheduling EVS Disks Across AZs Using csi-disk-topology
Container
Properly Allocating Container Computing Resources
Modifying Kernel Parameters Using a Privileged Container
Using Init Containers to Initialize an Application
Configuring the /etc/hosts File of a Pod Using hostAliases
Locating Container Faults Using the Core Dump File
Permission
Configuring kubeconfig for Fine-Grained Management on Cluster Resources
Release
Overview
Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
Using Nginx Ingress to Implement Grayscale Release and Blue-Green Deployment
FAQs
Common FAQ
Cluster
Cluster Creation
Why Cannot I Create a CCE Cluster?
Is Management Scale of a Cluster Related to the Number of Master Nodes?
Which Resource Quotas Should I Pay Attention To When Using CCE?
Cluster Running
How Do I Locate the Fault When a Cluster Is Unavailable?
How Do I Retrieve Data After a CCE Cluster Is Deleted?
Cluster Deletion
What Can I Do If a Cluster Deletion Fails Due to Residual Resources in the Security Group?
How Do I Clear Residual Resources After Deleting a Non-Running Cluster?
Cluster Upgrade
What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?
Node
How Can I Locate a Fault That Occurs with a Node?
Node Creation
How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
How Do I Troubleshoot Problems Occurred When Accepting Nodes into a CCE Cluster?
What Should I Do If a Node Cannot Be Managed and an Error Message Appears Saying That the Node Failed to Install?
Node Running
What Should I Do If a Cluster Is Available But Some Nodes in It Are Unavailable?
How Do I Log In to a Node Using a Password and Reset the Password?
How Do I Collect Logs of Nodes in a CCE Cluster?
What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
Specification Change
How Do I Change the Node Specifications in a CCE Cluster?
What Are the Impacts of Changing the Flavor of a Node in a CCE Node Pool?
What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
OSs
What Should I Do If There Is a Service Access Failure After a Backend Service Upgrade or a 1-Second Latency When a Service Accesses a CCE Cluster?
Node Pool
What Should I Do If a Node Pool Is Abnormal?
What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?
What Should I Do If a Node Pool Scale-Out Fails?
How Do I Modify ECS Configurations When an ECS Cannot Be Managed by a Node Pool?
Workload
Workload Exception Troubleshooting
How Can I Locate the Root Cause If a Workload Is Abnormal?
What Should I Do If the Scheduling of a Pod Fails?
What Should I Do If a Pod Fails to Pull the Image?
What Should I Do If Container Startup Fails?
What Should I Do If a Pod Fails to Be Evicted?
What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
What Should I Do If a Workload Remains in the Creating State?
What Should I Do If a Pod Remains in the Terminating State?
What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
What Should I Do If an Error Occurs When I Deploy a Service on a GPU Node?
How Can I Locate Faults Using an Exit Code?
Container Configuration
When Is Pre-stop Processing Used?
How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
What Should I Do If Health Check Probes Occasionally Fail?
How Do I Set the umask Value for a Container?
What Is the Retry Mechanism When CCE Fails to Start a Pod?
Scheduling Policies
How Do I Evenly Distribute Multiple Pods to Each Node?
How Do I Prevent a Container on a Node from Being Evicted?
Why Are Pods Not Evenly Distributed on Nodes?
How Do I Evict All Pods on a Node?
Why Cannot a Pod Be Scheduled to a Node?
How Do I Troubleshoot a Pod Exit Caused by a Node Label Update?
Others
What Should I Do If a Cron Job Cannot Be Restarted After Being Stopped for a Period of Time?
What Is a Headless Service When I Create a StatefulSet?
What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
What Is the Image Pull Policy for Containers in a CCE Cluster?
What Can I Do If a Layer Is Missing During Image Pull?
Networking
Network Exception Troubleshooting
How Do I Locate a Workload Networking Fault?
Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
What Should I Do If a Container Fails to Access the Internet?
What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
What Should I Do If Nginx Ingress Access in the Cluster Is Abnormal After the NGINX Ingress Controller Add-on Is Upgraded?
What Could Cause Access Exceptions After Configuring an HTTPS Certificate for a LoadBalancer Ingress?
Network Planning
What Is the Relationship Between Clusters, VPCs, and Subnets?
How Can I Configure a Security Group Rule for a Cluster?
Security Hardening
How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
How Do I Configure an Access Policy for a Cluster?
How Do I Obtain a TLS Key Certificate?
How Do I Change the Security Group of Nodes in a Cluster in Batches?
Network Configuration
How Can Container IP Addresses Survive a Container Restart?
How Can I Determine Which Ingress the Listener Settings Have Been Applied To?
Storage
How Do I Expand the Storage Capacity of a Container?
What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-Node Mounting?
Can I Create a CCE Node Without Adding a Data Disk to the Node?
What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
Can CCE PVCs Detect Underlying Storage Faults?
Why Cannot I Delete a PV or PVC Using the kubectl delete Command?
Namespace
What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
Chart and Add-on
What Should I Do If Residual Process Resources Exist Due to an Earlier npd Add-on Version?
What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
How Can I Clean Up Residual Resources After the NGINX Ingress Controller Add-on in the Unknown State Is Deleted?
Why TLS v1.0 or v1.1 Cannot Be Used After the NGINX Ingress Controller Add-on Is Upgraded?
API & kubectl FAQs
How Can I Access a Cluster API Server?
Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
How Do I Rectify the Error Reported When Running the kubectl top node Command?
Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
DNS FAQs
What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
How Do I Configure a DNS Policy for a Container?
Image Repository FAQs
How Do I Upload My Images to CCE?
Permissions
Can I Configure Only Namespace Permissions Without Cluster Management Permissions?
Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
What Is an OBS Global Access Key and How Do I Check Whether a Global Access Key Is Used in a Cluster?
API Reference (Kuala Lumpur Region)
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
API URL
Cluster Management
Creating a Cluster
Reading a Specified Cluster
Listing Clusters in a Specified Project
Updating a Specified Cluster
Deleting a Cluster
Hibernating a Cluster
Waking Up a Cluster
Obtaining a Cluster Certificate
Revoking a Cluster Certificate of a User
Modifying Cluster Specifications
Querying a Job
Binding/Unbinding Public API Server Address
Node Management
Creating a Node
Reading a Specified Node
Listing All Nodes in a Cluster
Updating a Specified Node
Deleting a Node
Enabling Scale-In Protection for a Node
Disabling Scale-In Protection for a Node
Synchronizing Nodes
Accepting a Node
Managing a Node in a Customized Node Pool
Resetting a Node
Removing a Node
Migrating a Node
Migrating a Node to a Custom Node Pool
Node Pool Management
Creating a Node Pool
Reading a Specified Node Pool
Listing All Node Pools in a Specified Cluster
Updating a Specified Node Pool
Deleting a Node Pool
Scaling a Node Pool
Synchronizing Node Configurations in a Node Pool
Storage Management
Creating a PVC (to be discarded)
Deleting a PVC (to be discarded)
Add-on Management
Installing an Add-on Instance
Listing Add-on Templates
Updating an Add-on Instance
Rolling Back an Add-on Instance
Deleting an Add-on Instance
Querying an Add-on Instance
Listing Add-on Instances
Tag Management
Adding Resource Tags to a Specified Cluster in Batches
Deleting Resource Tags of a Specified Cluster in Batches
Configuration Management
Obtaining the List of Parameters That Can Be Configured for a Node Pool
Obtaining the List of Parameters That Can Be Configured for a Cluster
Obtaining the Parameters That Can Be Configured for a Node Pool
Changing the Values of Configuration Parameters of a Node Pool
Chart Management
Uploading a Chart
Obtaining a Chart List
Obtaining a Release List
Updating a Chart
Creating a Release
Deleting a Chart
Updating a Release
Obtaining a Chart
Deleting a Release
Downloading a Chart
Obtaining a Release
Obtaining Chart Values
Obtaining Historical Records of a Release
Obtaining the Quota of a User Chart
Add-on Instance Parameters
CoreDNS
CCE Container Storage (Everest)
CCE Node Problem Detector
Kubernetes Dashboard
CCE Cluster Autoscaler
NGINX Ingress Controller
Kubernetes Metrics Server
CCE Advanced HPA
CCE AI Suite (NVIDIA GPU)
Volcano Scheduler
CCE Secrets Manager for DEW
CCE Network Metrics Exporter
NodeLocal DNSCache
Cloud Native Cluster Monitoring
Cloud Native Log Collection
Kubernetes APIs
Permissions and Supported Actions
Appendix
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Account ID
Specifying Add-ons to Be Installed During Cluster Creation
How to Obtain Parameters in the API URI
Creating a VPC and Subnet
Creating a Key Pair
Node Flavor Description
Adding a Salt in the password Field When Creating a Node
Maximum Number of Pods That Can Be Created on a Node
Node OS
Space Allocation of a Data Disk
Attaching Disks to a Node
User Guide (Ankara Region)
Service Overview
What Is CCE?
Product Advantages
Application Scenarios
Containerized Application Management
Auto Scaling in Seconds
DevOps and CI/CD
Hybrid Cloud
Constraints
Permissions
Related Services
Regions and AZs
Product Bulletin
Kubernetes Version Policy
Getting Started
Introduction
Preparations
Creating a Kubernetes Cluster
Creating a Deployment (Nginx)
Deploying WordPress and MySQL That Depend on Each Other
Overview
Creating a MySQL Workload
Creating a WordPress Workload
High-Risk Operations and Solutions
Clusters
Cluster Overview
Basic Cluster Information
Kubernetes Version Release Notes
Kubernetes 1.28 Release Notes
Kubernetes 1.27 Release Notes
Kubernetes 1.25 Release Notes
Patch Version Release Notes
Creating a Cluster
Creating a CCE Standard Cluster
Comparing iptables and IPVS
Connecting to a Cluster
Connecting to a Cluster Using kubectl
Connecting to a Cluster Using an X.509 Certificate
Accessing a Cluster Using a Custom Domain Name
Upgrading a Cluster
Upgrade Overview
Before You Start
Performing Post-Upgrade Verification
Cluster Status Check
Node Status Check
Node Skipping Check
Service Check
New Node Check
New Pod Check
Migrating Services Across Clusters of Different Versions
Troubleshooting for Pre-upgrade Check Exceptions
Pre-upgrade Check
Node Restrictions
Upgrade Management
Add-ons
Helm Charts
SSH Connectivity of Master Nodes
Node Pools
Security Groups
Arm Node Restrictions
To-Be-Migrated Nodes
Discarded Kubernetes Resources
Compatibility Risks
CCE Agent Versions
Node CPU Usage
CRDs
Node Disks
Node DNS
Node Key Directory File Permissions
Kubelet
Node Memory
Node Clock Synchronization Server
Node OS
Node CPU Cores
Node Python Commands
ASM Version
Node Readiness
Node journald
containerd.sock
Internal Error
Node Mount Points
Kubernetes Node Taints
Everest Restrictions
cce-hpa-controller Limitations
Enhanced CPU Policies
Health of Worker Node Components
Health of Master Node Components
Memory Resource Limit of Kubernetes Components
Discarded Kubernetes APIs
Node NetworkManager
Node ID File
Node Configuration Consistency
Node Configuration File
CoreDNS Configuration Consistency
sudo Commands of a Node
Key Commands of Nodes
Mounting of a Sock File on a Node
HTTPS Load Balancer Certificate Consistency
Node Mounting
Login Permissions of User paas on a Node
Private IPv4 Addresses of Load Balancers
Historical Upgrade Records
CIDR Block of the Cluster Management Plane
GPU Add-on
Nodes' System Parameters
Residual Package Versions
Node Commands
Node Swap
nginx-ingress Upgrade
Upgrade of Cloud Native Cluster Monitoring
containerd Pod Restart Risks
Key GPU Add-on Parameters
GPU or NPU Pod Rebuild Risks
ELB Listener Access Control
Master Node Flavor
Subnet Quota of Master Nodes
Node Runtime
Node Pool Runtime
Number of Node Images
Managing a Cluster
Cluster Configuration Management
Cluster Overload Control
Changing Cluster Scale
Changing the Default Security Group of a Node
Deleting a Cluster
Hibernating and Waking Up a Cluster
Nodes
Node Overview
Container Engine
Creating a Node
Accepting Nodes for Management
Management Nodes
Managing Node Labels
Managing Node Taints
Resetting a Node
Removing a Node
Synchronizing the Data of Cloud Servers
Draining a Node
Deleting a Node
Stopping a Node
Performing Rolling Upgrade for Nodes
Node O&M
Node Resource Reservation Policy
Data Disk Space Allocation
Maximum Number of Pods That Can Be Created on a Node
Migrating Nodes from Docker to containerd
Node Fault Detection Policy
Node Pools
Node Pool Overview
Creating a Node Pool
Managing a Node Pool
Updating a Node Pool
Scaling a Node Pool
Updating an AS Configuration
Configuring a Node Pool
Accepting Nodes in a Node Pool
Copying a Node Pool
Synchronizing Node Pools
Upgrading an OS
Migrating a Node
Deleting a Node Pool
Workloads
Overview
Creating a Workload
Creating a Deployment
Creating a StatefulSet
Creating a DaemonSet
Creating a Job
Creating a Cron Job
Configuring a Container
Configuring Time Zone Synchronization
Configuring an Image Pull Policy
Using Third-Party Images
Configuring Container Specifications
Configuring Container Lifecycle Parameters
Configuring Container Health Check
Configuring Environment Variables
Workload Upgrade Policies
Scheduling Policies (Affinity/Anti-affinity)
Taints and Tolerations
Labels and Annotations
Accessing a Container
Managing Workloads and Jobs
Managing Custom Resources
Scheduling
Overview
CPU Scheduling
CPU Policy
Enhanced CPU Policy
GPU Scheduling
Default GPU Scheduling in Kubernetes
GPU Virtualization
Overview
Preparing xGPU Resources
Using GPU Virtualization
Supporting Kubernetes' Default GPU Scheduling
Monitoring GPU Metrics
GPU-based HPA Practice
GPU Fault Handling
NPU Scheduling
Volcano Scheduling
Overview
Scheduling Workloads
Resource Usage-based Scheduling
Bin Packing
Descheduling
Node Pool Affinity
Load-aware Scheduling
Configuration Cases for Resource Usage-based Scheduling
Priority-based Scheduling
Priority-based Scheduling
AI Performance-based Scheduling
DRF
Gang
NUMA Affinity Scheduling
Cloud Native Hybrid Deployment
Dynamic Resource Oversubscription
Network
Overview
Container Network Models
Overview
Container Tunnel Network
VPC Network
Service
Overview
ClusterIP
NodePort
LoadBalancer
Creating a LoadBalancer Service
Using Annotations to Balance Load
Configuring an HTTP or HTTPS Service
Configuring SNI for a Service
Configuring HTTP/2 for a Service
Configuring Timeout for a Service
Configuring Health Check on Multiple Service Ports
Enabling Passthrough Networking for LoadBalancer Services
Enabling ICMP Security Group Rules
Headless Services
Ingresses
Overview
LoadBalancer Ingresses
Creating a LoadBalancer Ingress on the Console
Using kubectl to Create a LoadBalancer Ingress
Configuring a LoadBalancer Ingress Using Annotations
Configuring an HTTPS Certificate for a LoadBalancer Ingress
Configuring SNI for a LoadBalancer Ingress
LoadBalancer Ingresses to Multiple Services
Configuring HTTP/2 for a LoadBalancer Ingress
Configuring URL Redirection for a LoadBalancer Ingress
Configuring URL Rewriting for a LoadBalancer Ingress
Configuring Timeout for a LoadBalancer Ingress
Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
Nginx Ingresses
Creating Nginx Ingresses on the Console
Using kubectl to Create an Nginx Ingress
Configuring Nginx Ingresses Using Annotations
Configuring HTTPS Certificates for Nginx Ingresses
Configuring Redirection Rules for an Nginx Ingress
Configuring URL Rewriting Rules for Nginx Ingresses
Nginx Ingresses Using Consistent Hashing for Load Balancing
DNS
Overview
DNS Configuration
Using CoreDNS for Custom Domain Name Resolution
Using NodeLocal DNSCache to Improve DNS Performance
Container Network Settings
Host Network
Configuring QoS for a Pod
Container Tunnel Network Settings
Network Policies
Cluster Network Settings
Adding a Secondary VPC CIDR Block for a Cluster
Switching a Node Subnet
Adding a Container CIDR Block for a Cluster
Configuring Intra-VPC Access
Accessing the Internet from a Container
Storage
Overview
Storage Basics
Elastic Volume Service
Overview
Using an Existing EVS Disk Through a Static PV
Using an EVS Disk Through a Dynamic PV
Dynamically Mounting an EVS Disk to a StatefulSet
Snapshots and Backups
Object Storage Service
Overview
Using an Existing OBS Bucket Through a Static PV
Using an OBS Bucket Through a Dynamic PV
Configuring OBS Mount Options
Using a Custom Access Key (AK/SK) to Mount an OBS Volume
Local Persistent Volumes
Overview
Importing a PV to a Storage Pool
Using a Local PV Through a Dynamic PV
Dynamically Mounting a Local PV to a StatefulSet
Ephemeral Volumes
Overview
Importing an EV to a Storage Pool
Using a Local EV
Using a Temporary Path
hostPath
StorageClass
Observability
Logging
Overview
Collecting Container Logs
Collecting Container Logs Using ICAgent
Best Practices
Monitoring Custom Metrics Using Cloud Native Cluster Monitoring
Monitoring Custom Metrics on AOM
Monitoring Metrics of Master Node Components Using Prometheus
Monitoring Metrics of NGINX Ingress Controller
Namespaces
Creating a Namespace
Managing Namespaces
Configuring Resource Quotas
ConfigMaps and Secrets
Creating a ConfigMap
Using a ConfigMap
Creating a Secret
Using a Secret
Cluster Secrets
Auto Scaling
Overview
Scaling a Workload
Workload Scaling Rules
HPA Policies
CronHPA Policies
CustomedHPA Policies
Managing Workload Scaling Policies
Scaling a Node
Node Scaling Rules
Creating a Node Scaling Policy
Managing Node Scaling Policies
Using HPA and CA for Auto Scaling of Workloads and Nodes
Add-ons
Overview
CoreDNS
CCE Container Storage (Everest)
CCE Node Problem Detector
Kubernetes Dashboard
CCE Cluster Autoscaler
Nginx Ingress Controller
Kubernetes Metrics Server
CCE Advanced HPA
CCE AI Suite (NVIDIA GPU)
CCE AI Suite (Ascend NPU)
Volcano Scheduler
NodeLocal DNSCache
Cloud Native Cluster Monitoring
Cloud Native Logging
Grafana
Prometheus
Helm Chart
Overview
Deploying an Application from a Chart
Differences Between Helm v2 and Helm v3 and Adaptation Solutions
Deploying an Application Through the Helm v2 Client
Deploying an Application Through the Helm v3 Client
Converting a Release from Helm v2 to v3
Permissions
Permissions Overview
Granting Cluster Permissions to an IAM User
Namespace Permissions (Kubernetes RBAC-based)
Example: Designing and Configuring Permissions for Users in a Department
Permission Dependency of the CCE Console
Pod Security
Configuring a Pod Security Policy
Configuring Pod Security Admission
Service Account Token Security Improvement
FAQs
Common Questions
Cluster
Cluster Creation
Why Cannot I Create a CCE Cluster?
Is Management Scale of a Cluster Related to the Number of Master Nodes?
Which Resource Quotas Should I Pay Attention To When Using CCE?
Cluster Running
How Do I Locate the Fault When a Cluster Is Unavailable?
How Do I Retrieve Data After a Cluster Is Deleted?
Cluster Deletion
What Can I Do If a Cluster Deletion Fails Due to Residual Resources in the Security Group?
How Do I Clear Residual Resources After Deleting a Non-Running Cluster?
Node
Node Creation
How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
How Do I Troubleshoot Problems Occurred When Accepting Nodes into a CCE Cluster?
What Should I Do If a Node Fails to Be Accepted Because It Fails to Be Installed?
Node Running
What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
How Do I Log In to a Node Using a Password and Reset the Password?
How Do I Collect Logs of Nodes in a CCE Cluster?
What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
Specification Change
How Do I Change the Node Specifications in a CCE Cluster?
What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
OSs
What Should I Do If There Is a Service Access Failure After a Backend Service Upgrade or a 1-Second Latency When a Service Accesses a CCE Cluster?
Node Pool
What Should I Do If a Node Pool Is Abnormal?
What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?
What Should I Do If a Node Pool Scale-Out Fails?
How Do I Modify ECS Configurations When an ECS Cannot Be Managed by a Node Pool?
Workload
Workload Abnormalities
How Do I Use Events to Fix Abnormal Workloads?
What Should I Do If Pod Scheduling Fails?
What Should I Do If a Pod Fails to Pull the Image?
What Should I Do If Container Startup Fails?
What Should I Do If a Pod Fails to Be Evicted?
What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
What Should I Do If a Workload Remains in the Creating State?
What Should I Do If Pods in the Terminating State Cannot Be Deleted?
What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?
Container Configuration
When Is Pre-stop Processing Used?
How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
What Should I Do If Health Check Probes Occasionally Fail?
How Do I Set the umask Value for a Container?
What Is the Retry Mechanism When CCE Fails to Start a Pod?
Scheduling Policies
How Do I Evenly Distribute Multiple Pods to Each Node?
How Do I Prevent a Container on a Node from Being Evicted?
Why Are Pods Not Evenly Distributed on Nodes?
How Do I Evict All Pods on a Node?
Others
What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?
What Is a Headless Service When I Create a StatefulSet?
What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
Why Cannot a Pod Be Scheduled to a Node?
What Is the Image Pull Policy for Containers in a CCE Cluster?
What Can I Do If a Layer Is Missing During Image Pull?
Networking
Network Planning
What Is the Relationship Between Clusters, VPCs, and Subnets?
How Can I Configure a Security Group Rule in a Cluster?
Network Fault
How Do I Locate a Workload Networking Fault?
Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
What Should I Do If a Container Fails to Access the Internet?
What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
What Should I Do If an Nginx Ingress Access in the Cluster Is Abnormal After the Add-on Is Upgraded?
Security Hardening
How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
How Do I Configure an Access Policy for a Cluster?
Others
How Do I Change the Security Group of Nodes in a Cluster in Batches?
Storage
What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mounting?
Can I Add a Node Without a Data Disk?
What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
Can CCE PVCs Detect Underlying Storage Faults?
Namespace
What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
Chart and Add-on
Why Does Add-on Installation Fail and Prompt "The release name is already exist"?
How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
What Should I Do If the Helm Chart Uploaded Before the Tenant Account Name Is Changed Is Abnormal?
How Can I Clean Up Residual Resources After the NGINX Ingress Controller Add-on in the Unknown State Is Deleted?
Why TLS v1.0 and v1.1 Cannot Be Used After the NGINX Ingress Controller Add-on Is Upgraded?
API & kubectl FAQs
How Can I Access a Cluster API Server?
Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
How Do I Rectify the Error Reported When Running the kubectl top node Command?
Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
DNS FAQs
What Should I Do If Domain Name Resolution Fails?
Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
How Do I Configure a DNS Policy for a Container?
Permissions
Can I Configure Only Namespace Permissions Without Cluster Management Permissions?
Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
Reference
How Do I Expand the Storage Capacity of a Container?
How Can Container IP Addresses Survive a Container Restart?
Best Practices
Checklist for Deploying Containerized Applications in the Cloud
Containerization
Containerizing an Enterprise Application (ERP)
Solution Overview
Procedure
Containerizing an Entire Application
Containerization Process
Analyzing the Application
Preparing the Application Runtime
Compiling a Startup Script
Compiling the Dockerfile
Building and Uploading an Image
Creating a Container Workload
Disaster Recovery
Recommended Configurations for Cluster HA
Implementing High Availability for Applications in CCE
Implementing High Availability for Add-ons in CCE
Security
Configuration Suggestions on CCE Cluster Security
Configuration Suggestions on CCE Node Security
Configuration Suggestions on CCE Container Security
Configuration Suggestions on CCE Secret Security
Auto Scaling
Using HPA and CA for Auto Scaling of Workloads and Nodes
Monitoring
Using Prometheus for Multi-cluster Monitoring
Cluster
Configuring a CCE Cluster
Creating an IPv4/IPv6 Dual-Stack Cluster in CCE
Executing the Post-installation Command During Node Creation
Connecting to Multiple Clusters Using kubectl
Selecting a Data Disk for the Node
Protecting a CCE Cluster Against Overload
Networking
Planning CIDR Blocks for a Cluster
Selecting a Network Model
Implementing Sticky Session Through Load Balancing
Obtaining the Client Source IP Address for a Container
CoreDNS Configuration Optimization
Overview
Client
Optimizing Domain Name Resolution Requests
Selecting a Proper Image
Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
Using NodeLocal DNSCache
Upgrading the CoreDNS in the Cluster Timely
Adjusting the DNS Configuration of the VPC and VM
Server
Monitoring the coredns Add-on
Adjusting the coredns Deployment Status
Configuring coredns
Retaining the Original IP Address of a Pod
Storage
Expanding the Storage Space
Mounting an Object Storage Bucket of a Third-Party Tenant
Custom Storage Classes
Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topology)
Container
Properly Allocating Container Computing Resources
Modifying Kernel Parameters Using a Privileged Container
Using Init Containers to Initialize an Application
Using hostAliases to Configure /etc/hosts in a Pod
Configuring Core Dumps
Permission
Configuring kubeconfig for Fine-Grained Management on Cluster Resources
Release
Overview
Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
Using Nginx Ingress to Implement Grayscale Release and Blue-Green Deployment
API Reference (Ankara Region)
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
API URL
Cluster Management
Creating a Cluster
Reading a Specified Cluster
Listing Clusters in a Specified Project
Updating a Specified Cluster
Deleting a Cluster
Hibernating a Cluster
Waking Up a Cluster
Obtaining a Cluster Certificate
Modifying Cluster Specifications
Querying a Job
Binding/Unbinding Public API Server Address
Obtaining Cluster Access Address
Node Management
Creating a Node
Reading a Specified Node
Listing All Nodes in a Cluster
Updating a Specified Node
Deleting a Node
Accepting a Node
Resetting a Node
Removing a Node
Migrating a Node
Node Pool Management
Creating a Node Pool
Reading a Specified Node Pool
Listing All Node Pools in a Specified Cluster
Updating a Specified Node Pool
Deleting a Node Pool
Storage Management
Creating a PVC (to be discarded)
Deleting a PVC (to be discarded)
Add-on Management
Installing an Add-on Instance
Listing Add-on Templates
Updating an Add-on Instance
Rolling Back an Add-on Instance
Deleting an Add-on Instance
Querying an Add-on Instance
Listing Add-on Instances
Quota Management
Querying Resource Quotas
API Versions
Obtaining API Versions
Tag Management
Adding Resource Tags to a Specified Cluster in Batches
Deleting Resource Tags of a Specified Cluster in Batches
Configuration Management
Obtaining the Parameters That Can Be Configured for a Node Pool
Obtaining the List of Parameters That Can Be Configured for a Cluster
Obtaining the Parameters That Can Be Configured for a Node Pool
Changing the Values of Configuration Parameters of a Node Pool
Chart Management
Uploading a Chart
Obtaining a Chart List
Obtaining a Release List
Updating a Chart
Creating a Release
Deleting a Chart
Updating a Release
Obtaining a Chart
Deleting a Release
Downloading a Chart
Obtaining a Release
Obtaining Chart Values
Obtaining Historical Records of a Release
Obtaining the Quota of a User Chart
Kubernetes APIs
Permissions and Supported Actions
Appendix
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Account ID
Specifying Add-ons to Be Installed During Cluster Creation
How to Obtain Parameters in the API URI
Creating a VPC and Subnet
Creating a Key Pair
Node Flavor Description
Adding a Salt in the password Field When Creating a Node
Maximum Number of Pods That Can Be Created on a Node
Node OS
Data Disk Space Allocation
Attaching Disks to a Node