This topic describes the constraints on using services such as Container Service for Kubernetes (ACK) and Alibaba Cloud Container Registry (ACR) in Enterprise Distributed Application Service (EDAS).
Constraints on managing Elastic Compute Service (ECS) instances that are purchased by EDAS during a scale-out in an ECS cluster
You cannot delete the ESS label of the ECS instances that are purchased by EDAS during a scale-out.
Constraints on configuring ECS instances when you create an application
When you create an application, you may need to configure a security group for and bind a Server Load Balancer (SLB) instance to the ECS instances of the application. After the ECS instances are created, you may need to log on to the ECS instances. This section describes the constraints on configuring ECS instances.
Constraints on modifying system configurations in an ECS cluster: After an application is created, you may need to log on to an ECS instance of the application to configure the system. You must conform with the following constraints:
You cannot delete the admin user.
You cannot delete the /home/admin configuration.
You cannot stop the following processes on the ECS instance:
/home/staragent/bin/staragentd
com.alibaba.edas.agent.AgentDaemon
You cannot delete the following crontab files on the ECS instance:
bash /home/admin/edas-agent/bin/monitor.sh crontab file of the root user
bash /home/admin/edas-agent/bin/rotator.sh crontab file of the admin user
You must reserve enough free space in the root disk partition.
If you use the CentOS operating system, make sure that you correctly configure yum repositories.
If the ECS instance has multiple network interface controllers (NICs) and the application that you use is a High-Speed Service Framework (HSF) application, you must specify the -Dhsf.server.ip parameter for the application to ensure that the registered IP address works as expected. For example, the ECS instance has multiple NICs if Docker is installed. For more information, see Set JVM -D startup parameters.
The time clock of the ECS instance must be accurate. The maximum error cannot exceed 15 seconds. Otherwise, the access from the application to the EDAS registry will be affected.
If you use an ECS advanced security group, make sure that the UDP-based port 123 of the security group is enabled for outbound traffic. This ensures that the NTP (Network Time Protocol) protocol of the operating system works properly.
Constraints on configuring the security group in an ECS cluster: You cannot delete or modify the security rules that are created by EDAS.
Constraints on configuring an SLB instance in an ECS cluster: You must not disable the session persistence feature enabled for HTTP listeners by EDAS.
Constraints on using ACR in a Kubernetes cluster:
To use images in ACR across accounts or across regions, you must configure the aliyun-acr-credential-helper component for ACR.
You must also add the virtual private cloud (VPC) in which the cluster resides to the access control list (ACL) of the corresponding repository.
Constraints on importing a Kubernetes cluster
Constraints on configuring the security group of the Kubernetes cluster:
You must ensure that all the nodes in the Kubernetes cluster are in or can connect to the security group of the cluster. For more information, see Why do containers fail to communicate with each other?
You cannot delete the default rules that are set by ACK for the security group.
Constraints on configuring nodes in a Kubernetes cluster:
To ensure that the management component of EDAS properly runs in the cluster, you must reserve sufficient CPUs, memory, and pods that can be allocated.
You cannot delete the
KubernetesWorkerRole-*RAM role that ACK configures for a node.
Constraints on configuring an SLB instance for API Server of the Kubernetes cluster:
You cannot block access requests from the 100.104.0.0/16 internal addresses.
You cannot delete the built-in labels added to the SLB instance by ACK.
You cannot reuse port 6443 on the SLB instance.
Constraints on managing Helm charts in a Kubernetes cluster:
You cannot delete the ahas-sentinel-pilot, arms-eventer, arms-pilot, or arms-prom component installed by EDAS and all resources installed by these Helm charts.
You cannot install open source oam-runtime, kubevela, keda, or flagger.
You cannot delete or modify Kubernetes resources within the edas-oam-system namespace.
Constraints on managing ClusterRole:
You cannot use the ACK console, kubectl, or third-party tools to delete or modify edas-default-cluster-role.
Constraints on managing ClusterRoleBinding:
You cannot use the ACK console, kubectl, or third-party tools to delete or modify edas-default-cluster-role-binding, edas-oam-cluster-role-binding, or keda-hpa-controller-external-metrics.
Constraints on managing custom resource definitions (CRDs) and custom resources (CRs):
You cannot directly manage the following CRDs or CRs:
alertproviders.flagger.app
applicationconfigurations.core.oam.dev
applications.oam-domain.alibabacloud.com
applicationscopes.core.oam.dev
autoscalings.edas.aliyun.oam.com
basecomponents.oam-domain.alibabacloud.com
canaries.flagger.app
componentschematics.core.oam.dev
crdreleases.clm.cloudnativeapp.io
dynamiclabels.extension.oam.dev
imagebuilders.edas.aliyun.oam.com
logcollectors.edas.aliyun.oam.com
meshtraits.edas.aliyun.oam.com
metrictemplates.flagger.app
mseruletraits.edas.aliyun.oam.com
packageversions.oam-domain.alibabacloud.com
rollouts.edas.aliyun.oam.com
scaledobjects.keda.k8s.io
scalingrules.oam-domain.alibabacloud.com
serviceregistrytraits.edas.aliyun.oam.com
servicetraits.edas.aliyun.oam.com
sources.clm.cloudnativeapp.io
traits.core.oam.dev
triggerauthentications.keda.k8s.io
workloadtypes.core.oam.dev
You cannot modify the aliyunlogconfigs.log.alibabacloud.com resource created by EDAS. The resource has the
edas-domain: edas-admincodelabel.
Constraints on managing Ingresses in a Kubernetes cluster
You cannot modify the Ingress resources created by EDAS. The resources have the edas-domain: edas-admin or edas-domain label.
Constraints on managing configurations in a Kubernetes cluster:
You cannot modify the ConfigMap and Secret resources created by EDAS. The resources have the edas-domain: edas-admin or edas-domain label.
Constraints on binding an SLB instance in a Kubernetes cluster:
You cannot use the ACK console, kubectl, or third-party tools to delete or modify the Service resources created by EDAS. The resources have the
edas-domain: edas-adminlabel. For more information, see Service FAQ.You cannot use the SLB console to delete or modify the SLB instances purchased by EDAS.
You cannot use the SLB console to delete or modify the HTTP listeners of the SLB instances purchased by EDAS.
Constraints on editing YAML files in a Kubernetes cluster:
Operations that are forbidden:
You cannot use the ACK console, kubectl, or third-party tools to delete or modify the Deployment resources created by EDAS. The resources have the
edas-domain: edas-adminlabel.You cannot modify the apiVersion, kind, name, namespace, uid, resourceVersion, selfLink, generation, creationTimestamp, ownerReferences, managedFields, selector, strategy, revisionHistoryLimit, or progressDeadlineSeconds fields of a Deployment. You cannot modify the information in the Status field.
You cannot delete or modify the following ERAS-specific labels and annotations in a Deployment, including the labels and annotations in the pod template:
edas-domain
edas.aliyun.oam.com/rollout-name
edas.aliyun.oam.com/rollout-namespace
edas.aliyun.oam.com/rollout-revision
edas.appid
edas.controlplane
edas.oam.acname
edas.oam.acversion
edas.oam.basecomponent
deployment.kubernetes.io/revision
ARMSApmAppId
ARMSApmLicenseKey
app
edas.component
edas.groupid
version
edas.revision
sidecar.istio.io/inject
You cannot modify the HostPath volume of a Deployment that records the configurations of disk mounting. You can modify the configurations by using the deployment feature in the EDAS console.
You cannot modify the name of the
group-1container of a Deployment.You cannot modify the following environment variables reserved by EDAS:
POD_IP
HOST_IP
EDAS_APP_ID
EDAS_PROJECT_NAME
EDAS_GROUP_ID
EDAS_APP_NAME
EDAS_AC_NAME
EDAS_ECC_ID
EDAS_JM_CONTAINER_ID
EDAS_PACKAGE_VERSION
EDAS_AHAS_APPNAME
EDAS_DPATH_OPTS
EDAS_GRAY_OPTS
ALIBABA_ALIWARE_NAMESPACE
ALIBABA_ALIWARE_ENDPOINT_URL
ALIBABA_ALIWARE_ENDPOINT_PORT
ALIBABA_DEPLOY_VERSION
profiler.micro.service.canary.enable
profiler.micro.service.metadata.report.enable
profiler.micro.service.auth.enable
You cannot modify the volume named volume-edas-certs that records the configurations of disk mounting.
You cannot modify the restartPolicy, schedulerName, or runtimeClassName field of a Deployment.
Operations that are allowed:
You can modify the replicas field for a Deployment to scale out or scale in applications.
You can modify the emptyDir volume of a Deployment that records the configurations of disk mounting to share files across containers.
You can add multiple containers for a Deployment to enable the sidecar feature. However, you must ensure that the group-1 container is at the top of the container list.
You can modify the hostAlias field of a Deployment to resolve a custom domain name.
You can modify the nodeAffinity, podAffinity, and podAntiAffinity fields of a Deployment to specify the scheduling policy.
You can modify the toleration field of a Deployment to manage the scheduling.
You can add labels and annotations to a Deployment to enable specific features.
Constraints on managing Horizontal Pod Autoscaling (HPA) in a Kubernetes cluster
You cannot use the ACK console, kubectl, or third-party tools to configure HPA resources for EDAS applications. You must configure HPA resources by using the auto scaling feature in the EDAS console.
You cannot delete the HPA resources created by EDAS. ownerReferences of the resources is set to ScaledObject.
After you enable auto scaling, you cannot directly modify the replicas field of a Deployment.