Changing the Default Security Group of a Node

Scenario

When creating a cluster, you can customize a node security group to centrally manage network security policies. For a created cluster, you can change its default node security group.

Notes and Constraints

• Do not add more than 1000 pods to the same security group. Otherwise, the security group performance may be impacted. For more restrictions on security groups, see Security Group Constraints.
• Exercise caution when modifying the security group rules of a master node. For details, see Configuring Cluster Security Group Rules.

Procedure

1. Log in to the CCE console. In the navigation pane, choose Clusters.
2. Click the cluster name to access the Overview page.
3. In the Network Configuration area, click next to the Default Node Security Group.
   Figure 1 Default node security group
   

4. Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
   

   • Ensure that correct port rules are configured for the selected security group. Otherwise, the node cannot be created. The port rules that a security group must comply with vary with the cluster type. For details, see Configuring Cluster Security Group Rules.
   • The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. For details about how to modify the security group settings of the existing nodes in batches, see How Do I Change the Security Group of Nodes in a Cluster in Batches?
   Figure 2 Editing default node security group