All Products
Search

This Product

    Container Service for Kubernetes:Configure network settings for individual nodes in a cluster that uses Terway

    Document Center

    Container Service for Kubernetes:Configure network settings for individual nodes in a cluster that uses Terway

    Last Updated:Oct 16, 2023

    If your cluster uses the Terway network plug-in, all nodes in the cluster use the network settings in the eni-config ConfigMap that belongs to the kube-system namespace. If you want to configure network settings, such as vSwitches and security groups, for individual nodes, you can create another ConfigMap. Terway will merge the new configuration with the default configurations in the MergePatch(rfc7396) format. This topic describes how to configure network settings for individual nodes in a cluster that uses Terway.

    Prerequisites

    vSwitches and security groups are created. For more information, see Create and manage a vSwitch and Create a security group.

    Scenario

    Configure separate SNAT IP addresses and bandwidth values for different pods:13

    Limits

    If you want the existing elastic network interfaces (ENIs) to use the specified vSwitches and security groups, you must recreate the ENIs. The existing ENIs use only the original vSwitches and security groups.

    Procedure

    1. In the kube-system namespace, create a ConfigMap named foo.

      1. Log on to the ACK console.

      2. In the left-side navigation pane of the ACK console, click Clusters.

      3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.

      4. In the left-side navigation pane of the details page, choose Configurations > ConfigMaps.

      5. On the ConfigMap page, select kube-system in the Namespace drop-down list and click Create in the upper-right corner.

      6. On the Create page, set ConfigMap Name to foo. Click Add. Set Name to eni_conf and enter the following content in the Value field. Replace the values of the vSwitch and security group parameters with the actual values. 

        {
    "vswitches": {
        "cn-hangzhou-g": [
            "vsw-10000"
        ],
        "cn-hangzhou-i": [
            "vsw-10001"
        ]
    },
    "security_group": "sg-10000",
    "security_groups": [
        "sg-10000",
        "sg-10001"
    ]
}

        Parameter

        Description

        vswitches

        Specify vSwitch IDs and the zone IDs of the vSwitches.

        Log on to the VPC console. In the left-side navigation pane, click vSwitch. On the vSwitch page, you can view vSwitch IDs and the zone IDs of the vSwitches. Take note of the following items when you specify vSwitch IDs and zone IDs.

        • Make sure that the vSwitches that you specify reside in the same zone as the nodes that you want to manage. If the vSwitches reside in a different zone, this parameter does not take effect.

        • If you want to use the sample settings, you do not need to modify the values of the vswitches parameter.

        security_group

        • To add only one security group, specify the security_group parameter and set security_groups: null.

        • To add one or more security groups, specify the security_groups parameter and set security_group: null.

        • The system uses all the security groups specified in the security_group parameter and the security_groups parameter. Make sure that all security groups are associated with the same VPC and are of the same type. You can add at most five security groups. For more information about how to configure multiple security groups, see Associate multiple security groups with an ENI.

        • If you want to use the sample settings, you do not need to modify the parameters.

        security_groups

      7. Click OK.

    2. Add labels to nodes.

      • Add labels to the existing nodes.

        1. Add labels.

          1. In the left-side navigation pane of the cluster details page, choose Nodes > Nodes. In the upper-right corner of the Nodes page, click Manage Labels and Taints.

          2. On the Labels tab, select the nodes to which you want to add labels and click Add Label.

          3. In the Add dialog box, set Name to terway-config and set Value to foo. Then, click OK.

        2. Restart the Terway pods for the modification to take effect.

          1. In the left-side navigation pane of the cluster details page, choose Workloads > Pods.

          2. In the upper part of the Pods page, set Namespace to kube-system, enter terway-eniip in the search box, and then click the search icon. Select all pods displayed on the page and click Delete in the Actions column.

          3. In the Note dialog box, click OK. After you delete the pods, the system automatically recreates the Terway pods.

            On the Pods page, if Running is displayed in the Status column of the pods whose names start with terway-eniip, the Terway pods are restarted. The specified vSwitches and security groups are used after the Terway pods are recreated.

      • Add labels to new nodes.

        When you create a node pool, add a label to the node. Set the key to terway-config and set the value to foo. For more information about how to create a node pool, see Procedure.

    3. Check whether the ENI that is used to allocate IP addresses to Terway pods is associated with the specified vSwitches and security groups.

      1. Log on to the ECS console. In the left-side navigation pane, choose Instances & Images > Instances.

      2. Click the name of the ECS instance that you want to manage. On the instance details page, click the ENIs tab. Check whether the ENI that is used to allocate IP addresses to pods is associated with the specified vSwitches and security groups.

      Note

      For more information about how to resolve the issue that the configuration does not take effect, see What do I do if the IP address of a newly created pod does not fall within the vSwitch CIDR block in Terway mode?