This topic provides answers to some frequently asked questions about cluster management.
- Can I add nodes that support Intel Software Guard Extensions (Intel SGX) to an existing cluster?
- Are ACK clusters that run Alibaba Cloud Linux 2 compatible with container images that are based on CentOS?
- How do I troubleshoot cluster creation failures?
- Troubleshoot cluster scale-out errors
- How do I troubleshoot cluster deletion failures?
- Timeout errors in cluster management by using Cloud Shell
- Can I change the container runtime after a cluster is created?
- What are the differences between Docker and Sandboxed-Container?
- Is ACK certified for Level 3 Cybersecurity?
- Can I upgrade a dedicated Kubernetes cluster after I accidentally delete a master node of the cluster?
Can I add nodes that support Intel Software Guard Extensions (Intel SGX) to an existing cluster?
- The Kubernetes version is 1.14.0 or later.
- The network plug-in is Flannel.
- The operating system is set to AliyunLinux 2.xxxx when you create the cluster. Do not select custom images when you add nodes to the cluster.
Are ACK clusters that run Alibaba Cloud Linux 2 compatible with container images that are based on CentOS?
Yes, ACK clusters that run Alibaba Cloud Linux 2 are fully compatible with container images that are based on CentOS. For more information, see Use Alibaba Cloud Linux 2.
Can I change the container runtime after a cluster is created?
Issue: I created a cluster that uses containerd as the container runtime and I want to change the container runtime to Docker.
Solution: After a cluster is created, you cannot change the container runtime used by the cluster. However, you can create node pools that use different container runtimes in the cluster. The container runtimes used by node pools in the cluster can be different. For more information, see Node pool overview.
What are the differences between Docker and Sandboxed-Container?
Sandboxed-Container is an alternative to the Docker runtime. Sandboxed-Container allows you to run applications in a sandboxed and lightweight virtual machine that has a dedicated kernel. This enhances resource isolation and improves security. Sandboxed-Container is suitable in scenarios such as untrusted application isolation, fault isolation, performance isolation, and load isolation among multiple users. Sandboxed-Container improves security and has minor impacts on application performance. In addition, Sandboxed-Container provides the same user experience as Docker in terms of logging, monitoring, and elastic scaling. Sandboxed-Container supports only Elastic Compute Service (ECS) bare metal instances. Other ECS instance types are not supported.
For more information about Docker and Sandboxed-Container, see Comparison of Docker, containerd, and Sandboxed-Container.
Is ACK certified for Level 3 Cybersecurity?
- Items for which Alibaba Cloud bears responsibility:
- The security of infrastructure resources for Alibaba Cloud services.
- The security of etcd and nodes in the cluster control plane.
- The security compliance of components in the cluster control plane. Alibaba Cloud also accepts security inspections from third parties.
- Items for which you bear responsibility:
- Security configurations of the data plane, including the configurations of security groups of virtual private clouds (VPCs).
- Configurations of nodes and pods.
- Operating systems of nodes, including upgrades and security patches.
- Other related software.
- Access control on devices and networks, such as firewall rules.
- Platform-level identity verification and access control by using Resource Access Management (RAM) or other services.
- Security of sensitive data.
Can I upgrade a dedicated Kubernetes cluster after I accidentally delete a master node of the cluster?
No. After a master node of a dedicated Kubernetes cluster is deleted, you cannot add another master node or upgrade the Kubernetes version of the cluster.