All Products
Search

This Product

    Container Service for Kubernetes:Configure a filter for ENIs

    Document Center

    Container Service for Kubernetes:Configure a filter for ENIs

    Last Updated:Sep 23, 2025

    In Terway network mode, Terway manages the elastic network interfaces (ENIs) on nodes, which requires no operations from you. However, if you want to manage some ENIs yourself in specific scenarios, you must configure a filter for ENIs in Terway to prevent conflicts. After you configure the filter, Terway manages only the ENIs that match the specified tag filter conditions.

    Table of contents

    Prerequisites

    • An ACK managed cluster that uses the Terway network plug-in is available. For more information, see Create an ACK managed cluster.

    • Ensure that the ENIs have the required tags. Otherwise, these ENIs are excluded from management by Terway.

    Warning

    The operations described in this topic are high-risk. Perform them only after you fully understand and test them.

    Limits

    Terway must be V1.5.5 or later. For more information about how to upgrade a component, see Manage components.

    Procedure

    1. Modify the Terway configuration file.

      kubectl edit cm -n kube-system eni-config

    2. Add the following content to the eni_conf configuration.

       "eni_tag_filter":  { "creator": "terway" }

      "eni_tag_filter" specifies the tag filter for ENIs. {"creator": "terway"} is an example of a filter condition, which matches only the ENIs created by Terway.

      Example:

       eni_conf: |
    {
      "eni_tag_filter":  { "creator": "terway" },
      "ip_stack": "ipv4",
      "vswitch_selection_policy": "ordered"
     }
      Important

      Ensure that the ENIs have the required tags. Otherwise, Terway will not manage these ENIs.

      For more information about how to modify ENI tags, see Categorize and manage ENIs.

      For more information about how to set tags for ENIs when Terway creates them, see Customize Terway configuration parameters.

    3. Restart Terway to apply the configuration.

      kubectl delete pod -nkube-system -l app=terway-eniip

      Expected output:

      pod "terway-eniip-XXX" deleted

    4. Verify that the configuration has taken effect.

      1. Check the status of terway-eniip.

        kubectl get pods -n kube-system -l app=terway-eniip

        Expected output:

        NAME                 READY   STATUS    RESTARTS   AGE
terway-eniip-XXX   2/2     Running   0          19h

      2. View the Terway configuration information.

        kubectl logs -nkube-system terway-eniip-XXX
Or
kubectl logs -nkube-system terway-eniip-XXX -c terway-init

        If the output contains content similar to the following, the Terway configuration has taken effect.

        # ENITagFilter is the network interface tag filter. creator:terway matches only the network interfaces that are created by Terway.
ENITagFilter:map[creator:terway]

    5. Add a new node or re-add an existing node to the cluster.