You can define template annotation in a YAML file to implement capabilities such as binding security groups and allocating resources for pods. For more information on the configuration method, see the following table.
Note:
- If no security group is specified, a pod is bound to the
defaultsecurity group in the same region by default. Ensure that the network policy of thedefaultsecurity group does not affect the pod.- To allocate GPU resources, you must specify
eks.tke.cloud.tencent.com/gpu-type.- Except
eks.tke.cloud.tencent.com/gpu-type, the other four annotations related to resource allocation in the following table are optional. If you specify them, ensure that they are correct.- To allocate CPU resources, you must specify both
cpuandmemand make sure that their values meet the CPU specifications in Resource Specifications. In addition, you can select Intel or AMD CPUs to allocate by specifyingcpu-type. AMD CPUs are more cost-effective. For more information, see Pricing.- To allocate GPU resources, you must specify the
cpu,mem,gpu-type, andgpu-countannotations and ensure that their values meet the GPU specifications in Resource Specifications.
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| eks.tke.cloud.tencent.com/security-group-id | Default security group bound to a workload. Specify the security group ID.
|
No. If you do not specify it, the default security group in the same region bound to the workload is associated by default. If you specify it, ensure that the security group ID already exists in the region where the workload resides. |
| eks.tke.cloud.tencent.com/cpu | Number of CPU cores required by a pod. For more information, see Resource Specifications. The unit is core by default. | No. If you specify it, ensure that the specifications are supported and specify the cpu and mem parameters. |
| eks.tke.cloud.tencent.com/mem | Memory required by a pod. For more information, see Resource Specifications. The unit must be included in the value, for example, 512 MiB, 0.5 GiB, or 1 GiB. | No. If you specify it, ensure that the specifications are supported and specify the cpu and mem parameters. |
| eks.tke.cloud.tencent.com/cpu-type | Model of the CPU resources required by a pod. Currently, supported models include:
|
No. If you do not specify it, the CPU type is not specified forcibly by default. The system will calculate the most suitable specifications according to Methods for Specifying Resource Specifications. If the calculated specifications are supported by both Intel and AMD, Intel CPUs are preferred. |
| eks.tke.cloud.tencent.com/gpu-type | Model of the GPU resources required by a pod. Currently, supported models include:
|
If GPU resources are required, this option is required. When specifying it, ensure that the GPU model is supported. Otherwise, an error will be reported. |
| eks.tke.cloud.tencent.com/gpu-count | Number of GPUs required by a pod. For more information, please see Resource Specifications. The unit is card by default. | No. If you specify it, ensure that the specifications are supported. |
| eks.tke.cloud.tencent.com/static-ip | Fixed IP address for a pod. You can enable this feature by setting the value to true. If this feature is enabled, the IP address of a StatefulSet or Bare pod will not change when the pod is updated or restarted. |
No. This annotation is valid only for StatefulSet and Pod workloads. |
| eks.tke.cloud.tencent.com/role-name | CAM role associated to a pod. The value is a CAM role name. A pod can obtain the permission policy of the associated CAM role to facilitate cloud resource operations such as purchasing resources and reading from or writing to storage. | No. If you specify it, ensure that the CAM role exists. |
| eks.tke.cloud.tencent.com/monitor_port | Sets an open port for monitoring data for a pod, to facilitate collection by Prometheus and other components. | No. If you do not specify it, the default value is 9100. |
| eks.tke.cloud.tencent.com/custom_metrics_url | Sets the custom monitoring metric pull address for a pod. The monitoring data opened at this address will be automatically read and reported by the monitoring component. | No. If you specify it, please ensure that the opened data protocol can be recognized by the monitoring system, such as the Prometheus protocol and cloud monitoring data protocol. |
The following example shows the complete GPU specifications of the security group bound to a pod.
apiVersion: apps/v1
kind: StatefulSet
metadata:
generation: 1
labels:
k8s-app: nginx
qcloud-app: nginx
name: nginx
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: nginx
qcloud-app: nginx
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
eks.tke.cloud.tencent.com/cpu: "2"
eks.tke.cloud.tencent.com/gpu-count: "1"
eks.tke.cloud.tencent.com/gpu-type: 1/4*V100
eks.tke.cloud.tencent.com/mem: 10Gi
eks.tke.cloud.tencent.com/security-group-id: "sg-dxxxxxx5,sg-zxxxxxxu"
eks.tke.cloud.tencent.com/static-ip: "true"
eks.tke.cloud.tencent.com/role-name: "cam-role-name"
eks.tke.cloud.tencent.com/monitor_port: "9123"
eks.tke.cloud.tencent.com/custom_metrics_url: "http://localhost:8080/metrics"
creationTimestamp: null
labels:
k8s-app: nginx
qcloud-app: nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: nginx
resources:
limits:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
requests:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: qcloudregistrykey
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30Elastic Kubernetes Service (EKS) allows you to use existing CLBs to create services accessed through the public or private network. If you want to provide idle CLBs to created services or use the same CLB in a cluster, you can add annotations.
Note:
- Ensure that your EKS does not share the same CLB with the CVM.
- When existing CLBs are used:
- Only CLBs created through the CLB console can be used. You cannot reuse CLBs automatically created by Tencent Kubernetes Engine (TKE).
- Ports of services that share the same existing CLB cannot be the same.
- Cross-cluster services cannot share the same CLB.
apiVersion: v1
kind: Service
metadata:
annotations:
service.kubernetes.io/tke-existed-lbid: lb-pxxxxxxq
name: servicename
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: tcp-80-80
nodePort: 31728
port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: LoadBalancer
Was this page helpful?