Documentation | Tencent Cloud

Recent Pages

Annotation

Last updated: 2021-03-23 16:40:53

Workload Template Annotation Description

You can define template annotation in a YAML file to implement capabilities such as binding security groups and allocating resources for pods. For more information on the configuration method, see the following table.

Note：

If no security group is specified, a pod is bound to the default security group in the same region by default. Ensure that the network policy of the default security group does not affect the pod.

To allocate GPU resources, you must specify eks.tke.cloud.tencent.com/gpu-type.

Except eks.tke.cloud.tencent.com/gpu-type, the other four annotations related to resource allocation in the following table are optional. If you specify them, ensure that they are correct.

To allocate CPU resources, you must specify both cpu and mem and make sure that their values meet the CPU specifications in Resource Specifications. In addition, you can select Intel or AMD CPUs to allocate by specifying cpu-type. AMD CPUs are more cost-effective. For more information, see Pricing.

To allocate GPU resources, you must specify the cpu, mem, gpu-type, and gpu-count annotations and ensure that their values meet the GPU specifications in Resource Specifications.

Annotation Key	Annotation Value and Description	Required
eks.tke.cloud.tencent.com/security-group-id	Default security group bound to a workload. Specify the security group ID. Multiple security group IDs can be specified and separated by a comma (`,`), such as `sg-id1,sg-id2`. Network policies take effect based on the sequence of security groups.	No. If you do not specify it, the `default` security group in the same region bound to the workload is associated by default. If you specify it, ensure that the security group ID already exists in the region where the workload resides.
eks.tke.cloud.tencent.com/cpu	Number of CPU cores required by a pod. For more information, see Resource Specifications. The unit is core by default.	No. If you specify it, ensure that the specifications are supported and specify the `cpu` and `mem` parameters.
eks.tke.cloud.tencent.com/mem	Memory required by a pod. For more information, see Resource Specifications. The unit must be included in the value, for example, 512 MiB, 0.5 GiB, or 1 GiB.	No. If you specify it, ensure that the specifications are supported and specify the `cpu` and `mem` parameters.
eks.tke.cloud.tencent.com/cpu-type	Model of the CPU resources required by a pod. Currently, supported models include: intel amd For more information on configurations supported by different models, see Resource Specifications.	No. If you do not specify it, the CPU type is not specified forcibly by default. The system will calculate the most suitable specifications according to Methods for Specifying Resource Specifications. If the calculated specifications are supported by both Intel and AMD, Intel CPUs are preferred.
eks.tke.cloud.tencent.com/gpu-type	Model of the GPU resources required by a pod. Currently, supported models include: 1/4V100 1/2V100 V100 1/4T4 1/2T4 T4 For more information on configurations supported by different models, see Resource Specifications.	If GPU resources are required, this option is required. When specifying it, ensure that the GPU model is supported. Otherwise, an error will be reported.
eks.tke.cloud.tencent.com/gpu-count	Number of GPUs required by a pod. For more information, please see Resource Specifications. The unit is card by default.	No. If you specify it, ensure that the specifications are supported.
eks.tke.cloud.tencent.com/static-ip	Fixed IP address for a pod. You can enable this feature by setting the value to `true`. If this feature is enabled, the IP address of a StatefulSet or Bare pod will not change when the pod is updated or restarted.	No. This annotation is valid only for StatefulSet and Pod workloads.
eks.tke.cloud.tencent.com/role-name	CAM role associated to a pod. The value is a CAM role name. A pod can obtain the permission policy of the associated CAM role to facilitate cloud resource operations such as purchasing resources and reading from or writing to storage.	No. If you specify it, ensure that the CAM role exists.
eks.tke.cloud.tencent.com/monitor-port	Sets an open port for monitoring data for a pod, to facilitate collection by Prometheus and other components.	No. If you do not specify it, the default value is 9100.
eks.tke.cloud.tencent.com/custom-metrics-url	Sets the custom monitoring metric pull address for a pod. The monitoring data opened at this address will be automatically read and reported by the monitoring component.	No. If you specify it, please ensure that the opened data protocol can be recognized by the monitoring system, such as the Prometheus protocol and cloud monitoring data protocol.

Sample

The following example shows the complete GPU specifications of the security group bound to a pod.

apiVersion: apps/v1
kind: StatefulSet
metadata:
  generation: 1
  labels:
    k8s-app: nginx
    qcloud-app: nginx
  name: nginx
  namespace: default
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: nginx
      qcloud-app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      annotations:
        eks.tke.cloud.tencent.com/cpu: "2"
        eks.tke.cloud.tencent.com/gpu-count: "1"
        eks.tke.cloud.tencent.com/gpu-type: 1/4*V100
        eks.tke.cloud.tencent.com/mem: 10Gi
        eks.tke.cloud.tencent.com/security-group-id: "sg-dxxxxxx5,sg-zxxxxxxu"
        eks.tke.cloud.tencent.com/static-ip: "true"
        eks.tke.cloud.tencent.com/role-name: "cam-role-name"
        eks.tke.cloud.tencent.com/monitor-port: "9123"
        eks.tke.cloud.tencent.com/custom-metrics-url: "http://localhost:8080/metrics"
      creationTimestamp: null
      labels:
        k8s-app: nginx
        qcloud-app: nginx
    spec:
      containers:
      - image: nginx:latest
        imagePullPolicy: Always
        name: nginx
        resources:
          limits:
            cpu: "1"
            memory: 2Gi
            nvidia.com/gpu: "1"
          requests:
            cpu: "1"
            memory: 2Gi
            nvidia.com/gpu: "1"
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: qcloudregistrykey
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30

EKS Annotation Description

Elastic Kubernetes Service (EKS) allows you to use existing CLBs to create services accessed through the public or private network. If you want to provide idle CLBs to created services or use the same CLB in a cluster, you can add annotations.

Note：

Ensure that your EKS does not share the same CLB with the CVM.

When existing CLBs are used:

Only CLBs created through the CLB console can be used. You cannot reuse CLBs automatically created by Tencent Kubernetes Engine (TKE).

Ports of services that share the same existing CLB cannot be the same.

Cross-cluster services cannot share the same CLB.

Sample

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.kubernetes.io/tke-existed-lbid: lb-pxxxxxxq
  name: servicename
  namespace: default
spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: tcp-80-80
    nodePort: 31728
    port: 80
    protocol: TCP
    targetPort: 80
  sessionAffinity: None
  type: LoadBalancer