Changing the Default Node Security Group
Scenario
When creating a cluster, you can specify a node security group to centrally manage network security policies. For a created cluster, you can change its default node security group.
Constraints
- Do not associate more than 1,000 instances with the same security group. Otherwise, security group performance may degrade. For more restrictions on security groups, see Security Group Constraints.
- Exercise caution when modifying the security group rules of master nodes. For details, see How Can I Configure a Security Group Rule in a Cluster?
Procedure
- Log in to the CCE console. In the navigation pane, choose Clusters.
- Click the cluster name to access the Overview page.
- In the Networking Configuration area, click Edit next to the Default Node Security Group. Figure 1 Default node security group
- Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
- Ensure that correct port rules are configured for the selected security group. Otherwise, the nodes cannot be created. The port rules that a security group must comply with vary with the cluster type. For details, see How Can I Configure a Security Group Rule in a Cluster?
- The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. For details about how to modify the security group settings of the existing nodes in batches, see How Do I Change the Security Group of Nodes in a Cluster in Batches?
Figure 2 Editing default node security group
Helpful Links
Modifying cluster or node settings can affect services due to high-risk operations. To avoid potential risks, see High-Risk Operations.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot