Cluster Access
Access Mode
- kubectl: You need to download and configure the kubectl and kubeconfig configuration files first, and then use kubectl to access a Kubernetes cluster. For details, see Connecting to a Cluster Using kubectl.
- EIP: You can bind an EIP to the cluster API server. Then, the cluster API server can access the public network.
- Binding an EIP to a cluster could bring the cluster potential access risks from the public network. You are advised to harden the inbound rule of port 5443 for the master node security group. For details, see How Can I Configure a Security Group Rule in a Cluster?
- This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
- Custom SAN: The Subject Alternative Name (SAN) allows multiple values (including IP addresses and domain names) to be associated with certificates. After the custom SAN is configured in the cluster access certificate, the cluster can be accessed using the domain names or IP addresses specified by the SAN. For details, see Accessing a Cluster Using a Custom Domain Name.
This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
Authentication
CCE allows you to download the X509 certificate, which contains the client.key, client.crt, and ca.crt files. Keep your certificate secure.
For details about how to use a certificate to access clusters, see Accessing a Cluster Using an X.509 Certificate.
Server Request Settings
Item |
Parameter |
Description |
Value |
---|---|---|---|
Maximum Number of Concurrent Modification API Calls |
max-mutating-requests-inflight |
Maximum number of concurrent modification API calls. Any requests that exceeding the specified value will be rejected by the server. The value 0 specifies that there is no limitation on the maximum number of concurrent modification calls. This parameter is related to the cluster scale. You are advised not to change the value. |
Manual configuration is no longer supported since clusters of v1.21. The value is automatically specified based on the cluster scale:
|
Maximum Number of Concurrent Non-Modification API Calls |
max-requests-inflight |
Maximum number of concurrent non-modification API calls. Any requests that exceeding the specified value will be rejected by the server. The value 0 specifies that there is no limitation on the maximum number of concurrent non-modification calls. This parameter is related to the cluster scale. You are advised not to change the value. |
Manual configuration is no longer supported since clusters of v1.21. The value is automatically specified based on the cluster scale:
|
Request Timeout |
request-timeout |
Default request timeout interval of kube-apiserver. Exercise caution when changing the value of this parameter. Ensure that the changed value is proper to prevent frequent API timeout or other errors. This parameter is available only in clusters of v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions. |
Default: 1m0s Options: Min ≥ 1s Max ≤ 1 hour |
Overload Control |
support-overload |
Cluster overload control. If enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster. This parameter is available only in clusters of v1.23 or later.
NOTE:
In particular scenarios, such as request burst over a short period of time, a cluster could still be overloaded even though overload control is enabled for it. In such cases, you are advised to manage and control access to the cluster in a timely manner. |
- |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot