This topic provides answers to some frequently asked questions about container networks, Services, and Ingresses.
FAQ about container networks
FAQ about Terway
- How do I resolve the issue that the cluster installed with the Terway network plug-in cannot access the Internet after I create a vSwitch for the cluster?
- How do I resolve network errors that occur when the Terway network plug-in is used in exclusive ENI mode?
- How do I resolve the issue that the IP addresses provided by vSwitches are insufficient when the Terway network plug-in is used?
- What do I do if the IP address of a newly created pod does not fall within the vSwitch CIDR block in Terway mode?
- What do I do if the IP address of a newly created pod does not fall within the vSwitch CIDR block after I add a vSwitch in Terway mode?
- Which network plug-in should I choose for an ACK cluster, Terway or Flannel?
- How do I enable load balancing within a cluster in Terway IPVLAN mode?
- How do I add the pod CIDR block to a whitelist if my cluster uses the Terway network plug-in?
FAQ about Flannel
- How do I resolve the issue that Flannel becomes incompatible with clusters of Kubernetes 1.16 or later after I manually update Flannel?
- Which network plug-in should I choose for an ACK cluster, Terway or Flannel?
FAQ about kube-proxy
- How do I modify the kube-proxy configuration?
- How do I modify the IPVS load balancing algorithm in the kube-proxy configuration?
- How do I modify the timeout period for IPVS UDP sessions in the kube-proxy configuration?
FAQ about IPv6
How do I fix common issues related to IPv4/IPv6 dual stack?Others
- How do I resolve the issue that a pod is not immediately ready for communication after it is started?
- How do I enable a pod to access a Service that is used to expose the pod?
- How do I plan the network of a cluster?
- Can I use the hostPort feature to create port mappings in an ACK cluster?
- FAQ about container networks
- How do I check the network type and vSwitches of a cluster?
- How do I check the cloud resources used in an ACK cluster?
- How do I resolve network errors of pods in a cluster?
- How do I obtain the public IP address of an application in a cluster?
- How do I troubleshoot cluster connection issues?
- How do I resolve the issue that the cluster cannot connect to the public IP address of the SLB instance that is associated with a LoadBalancer Service?
- How do I increase the maximum number of tracked connections in the conntrack table of the Linux kernel?
Service FAQ
FAQ about Server Load Balancer (SLB)
- Why is no event generated for the synchronization between a Service and an SLB instance?
- How do I handle an SLB instance that remains in the Pending state?
- What do I do if the vServer groups of an SLB instance are not updated?
- What do I do if the annotations of a Service do not take effect?
- Why is the configuration of an SLB instance modified?
- Why does the cluster fail to access the IP address of the SLB instance?
- What do I do if I accidentally delete an SLB instance?
- Is the SLB instance associated with the LoadBalancer Service automatically deleted after I delete the Service?
- How do I rename an SLB instance when the CCM version is V1.9.3.10 or earlier?
- How does the CCM calculate node weights in Local mode?
FAQ about updates of the cloud controller manager (CCM)
FAQ about using existing SLB instances
- Why does the system fail to use an existing SLB instance for more than one Services?
- Why is no listener created when I reuse an existing SLB instance?
Others
How is session persistence implemented in Kubernetes Services?
Ingress FAQ
FAQ about Ingress configurations
- Which SSL or TLS protocol versions are supported by Ingresses?
- Do Ingresses pass Layer 7 request headers to backend servers by default?
- Can ingress-nginx forward requests to backend HTTPS servers?
- Do Ingresses pass client IP addresses at Layer 7?
- Does the NGINX Ingress controller support HSTS?
- Which rewrite rules are supported by ingress-nginx?
- Configure an Ingress controller to use an internal-facing SLB instance
- What are the system updates after I update the NGINX Ingress controller on the Add-ons page of the ACK console?
- How do I specify an existing SLB instance for ingress-nginx?
- How do I change Layer 4 listeners to Layer 7 HTTP or HTTPS listeners for ingress-nginx?
- Nginx Ingress FAQ
FAQ about connectivity
- Why do I fail to access the IP address of the LoadBalancer from within the Kubernetes cluster?
- Why does the Ingress controller pod fail to access the Ingress controller?
- Why is the default TLS certificate or previous TLS certificate used after I add a TLS certificate to the cluster or change the TLS certificate?
- Why do I fail to access the Ingress by using the test domain name provided in the ACK console?
- Why do I fail to access gRPC Services that are exposed by an Ingress?
- Why do I fail to access backend HTTPS services?
- Why does the Ingress controller pod fail to preserve client IP addresses?
FAQ about canary releases
- Why do canary release rules fail to take effect?
- Why are requests not distributed based on the specified canary release rules or why do the canary release rules affect other Ingresses that are associated with the same Service?
FAQ about errors
- Why does the following error occur when you create an Ingress: "failed calling webhook"?
- Why is the following error returned for HTTPS requests: SSL_ERROR_RX_RECORD_TOO_LONG?
- Common HTTP status codes
- The following error occurs: net::ERR_HTTP2_SERVER_REFUSED_STREAM.
- Why does the following error occur: The param of ServerGroupName is illegal?
- Why does the "certificate signed by unknown authority" error occur when I create an Ingress?
FAQ about other issues
- Why does the Ingress controller pod restart after it fails the health check?
- How do I add Services that use TCP or UDP?
- Why do Ingress rules fail to take effect?
- Why does the system fail to load some web page resources or return a blank white screen when requests are redirected to the root directory?
- How do I fix the issue that Log Service cannot parse logs as expected after ingress-nginx-controller is upgraded?
FAQ about network configuration
How do I access workloads over the Internet?
Container Service for Kubernetes (ACK) allows you to use the following methods to access workloads over the Internet:
How do I configure the pods to obtain the real IP addresses of clients?
- If Web Application Firewall (WAF) is used and your cluster uses SLB instances to provide external services, set
externaltrafficpolicytoLocalfor the Services that are used to expose the pods. This way, you can obtain the real IP addresses of clients. If your cluster uses Ingresses to provide external services, setexternaltrafficpolicytoLocalfor the nginx-ingress-lb Service. - If WAF is used, refer to Configure Kubernetes Ingresses to obtain the real IP addresses of clients.