- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Kubernetes API Operation Guide
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Cluster Lifecycle
- TKE-Optimized Series Images
- Creating a Cluster
- Deleting a Cluster
- Cluster Scaling
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- Enabling GPU Scheduling for a Cluster
- CVM Container Cluster Network
- Custom Kubernetes Component Launch Parameters
- Node Management
- Node Pool Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Using a Container Image in a TCR Enterprise Instance to Create a Workload
- Auto Scaling
- Configuration
- Virtual Node Management
- Service Management
- Ingress Management
- Storage Management
- Add-On Management
- Helm Application
- Network Management
- Application Market
- OPS Center
- Remote Terminals
- Elastic Cluster Guide
- Edge Cluster Guide
- Best Practices
- Cluster
- Cluster Migration
- EKS Cluster
- Security
- Service Deployment
- Network
- Using Network Policy for Network Access Control
- Deploying NGINX Ingress on TKE
- Using NodeLocal DNS Cache in a TKE Cluster
- Nginx Ingress High-Concurrency Practices
- Limiting the bandwidth on pods in TKE
- Directly connecting TKE to the CLB of pods based on the ENI
- Use CLB-Pod Direct Connection on TKE
- Obtaining the Real Client Source IP in TKE
- Implementing Custom Domain Name Resolution in TKE
- Using Traefik Ingress in TKE
- Release
- Logs
- Monitoring
- OPS
- Removing and Re-adding Nodes from and to Cluster
- Using Ansible to Batch Operate TKE Nodes
- Using Cluster Audit for Troubleshooting
- Using cert-manager to Issue Free Certificates
- Using the TKE NPDPlus Plug-In to Enhance the Self-Healing Capability of Nodes
- Using kubecm to Manage Multiple Clusters kubeconfig
- Customizing RBAC Authorization in TKE
- DevOps
- Auto Scaling
- Cluster Auto Scaling Practices
- Using tke-autoscaling-placeholder to Implement Auto Scaling in Seconds
- Installing metrics-server on TKE
- Using Custom Metrics for Auto Scaling in TKE
- Utilizing HPA to Auto Scale Businesses on TKE
- Using VPA to Realize Pod Scaling up and Scaling down in TKE
- Adjusting HPA Scaling Sensitivity Based on Different Business Scenarios
- Storage
- Containerization
- Cost Management
- Permission Management
- Overview
- Description of Role Permissions Related to Service Authorization
- TKE Image Registry Resource-level Permission Settings
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Fault Handling
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Cluster APIs
- DescribeClusterKubeconfig
- DescribeClusters
- CreateCluster
- DescribeClusterSecurity
- DeleteCluster
- ModifyClusterEndpointSP
- DescribeClusterEndpointVipStatus
- DescribeClusterEndpointStatus
- DeleteClusterEndpointVip
- DeleteClusterEndpoint
- CreateClusterEndpointVip
- CreateClusterEndpoint
- ModifyClusterAttribute
- AcquireClusterAdminRole
- UpgradeClusterInstances
- UpdateClusterVersion
- GetUpgradeInstanceProgress
- DescribeAvailableClusterVersion
- DescribeClusterCommonNames
- ModifyClusterAuthenticationOptions
- DescribeClusterAuthenticationOptions
- Node APIs
- Network APIs
- Scaling group APIs
- Cloud Native Monitoring APIs
- Node Pool APIs
- DescribeClusterAsGroupOption
- RemoveNodeFromNodePool
- ModifyClusterNodePool
- DescribeClusterNodePools
- DescribeClusterNodePoolDetail
- DeleteClusterNodePool
- CreateClusterNodePoolFromExistingAsg
- CreateClusterNodePool
- AddNodeToNodePool
- ModifyClusterAsGroupOptionAttribute
- SetNodePoolNodeProtection
- ModifyNodePoolInstanceTypes
- Other APIs
- Data Types
- Error Codes
- API Mapping Guide
- FAQs
- User Guide(Old)
- Service Level Agreement
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Kubernetes API Operation Guide
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Cluster Lifecycle
- TKE-Optimized Series Images
- Creating a Cluster
- Deleting a Cluster
- Cluster Scaling
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- Enabling GPU Scheduling for a Cluster
- CVM Container Cluster Network
- Custom Kubernetes Component Launch Parameters
- Node Management
- Node Pool Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Using a Container Image in a TCR Enterprise Instance to Create a Workload
- Auto Scaling
- Configuration
- Virtual Node Management
- Service Management
- Ingress Management
- Storage Management
- Add-On Management
- Helm Application
- Network Management
- Application Market
- OPS Center
- Remote Terminals
- Elastic Cluster Guide
- Edge Cluster Guide
- Best Practices
- Cluster
- Cluster Migration
- EKS Cluster
- Security
- Service Deployment
- Network
- Using Network Policy for Network Access Control
- Deploying NGINX Ingress on TKE
- Using NodeLocal DNS Cache in a TKE Cluster
- Nginx Ingress High-Concurrency Practices
- Limiting the bandwidth on pods in TKE
- Directly connecting TKE to the CLB of pods based on the ENI
- Use CLB-Pod Direct Connection on TKE
- Obtaining the Real Client Source IP in TKE
- Implementing Custom Domain Name Resolution in TKE
- Using Traefik Ingress in TKE
- Release
- Logs
- Monitoring
- OPS
- Removing and Re-adding Nodes from and to Cluster
- Using Ansible to Batch Operate TKE Nodes
- Using Cluster Audit for Troubleshooting
- Using cert-manager to Issue Free Certificates
- Using the TKE NPDPlus Plug-In to Enhance the Self-Healing Capability of Nodes
- Using kubecm to Manage Multiple Clusters kubeconfig
- Customizing RBAC Authorization in TKE
- DevOps
- Auto Scaling
- Cluster Auto Scaling Practices
- Using tke-autoscaling-placeholder to Implement Auto Scaling in Seconds
- Installing metrics-server on TKE
- Using Custom Metrics for Auto Scaling in TKE
- Utilizing HPA to Auto Scale Businesses on TKE
- Using VPA to Realize Pod Scaling up and Scaling down in TKE
- Adjusting HPA Scaling Sensitivity Based on Different Business Scenarios
- Storage
- Containerization
- Cost Management
- Permission Management
- Overview
- Description of Role Permissions Related to Service Authorization
- TKE Image Registry Resource-level Permission Settings
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Fault Handling
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Cluster APIs
- DescribeClusterKubeconfig
- DescribeClusters
- CreateCluster
- DescribeClusterSecurity
- DeleteCluster
- ModifyClusterEndpointSP
- DescribeClusterEndpointVipStatus
- DescribeClusterEndpointStatus
- DeleteClusterEndpointVip
- DeleteClusterEndpoint
- CreateClusterEndpointVip
- CreateClusterEndpoint
- ModifyClusterAttribute
- AcquireClusterAdminRole
- UpgradeClusterInstances
- UpdateClusterVersion
- GetUpgradeInstanceProgress
- DescribeAvailableClusterVersion
- DescribeClusterCommonNames
- ModifyClusterAuthenticationOptions
- DescribeClusterAuthenticationOptions
- Node APIs
- Network APIs
- Scaling group APIs
- Cloud Native Monitoring APIs
- Node Pool APIs
- DescribeClusterAsGroupOption
- RemoveNodeFromNodePool
- ModifyClusterNodePool
- DescribeClusterNodePools
- DescribeClusterNodePoolDetail
- DeleteClusterNodePool
- CreateClusterNodePoolFromExistingAsg
- CreateClusterNodePool
- AddNodeToNodePool
- ModifyClusterAsGroupOptionAttribute
- SetNodePoolNodeProtection
- ModifyNodePoolInstanceTypes
- Other APIs
- Data Types
- Error Codes
- API Mapping Guide
- FAQs
- User Guide(Old)
- Service Level Agreement
- Glossary
Workload Template Annotation Description
You can define template annotation in a YAML file to implement capabilities such as binding security groups and allocating resources for Pods. For more information about the configuration method, please see the following table.
Note:
- If no security group is specified, a Pod is bound with the
defaultsecurity group in the same region by default. Ensure that the network policy of thedefaultsecurity group does not affect the Pod.- To allocate GPU resources, you must enter
eks.tke.cloud.tencent.com/gpu-type.- Except
eks.tke.cloud.tencent.com/gpu-type, the other four annotations related to resource allocation in the following table are optional. If you specify them, ensure that they are correct.- To allocate CPU resources, you must specify both
cpuandmemannotations and make sure that their values meet the CPU specifications in Resource Specifications. In addition, you can select Intel or AMD CPUs to allocate by specifyingcpu-type. AMD CPUs are more cost-effective. For more information, see Product Pricing.- To allocate GPU resources, you must specify the
cpu,mem,gpu-type, andgpu-countannotations and ensure that their values meet the GPU specifications in Resource Specifications.
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| eks.tke.cloud.tencent.com/security-group-id | Default security group bound with a workload. Specify the security group ID.
|
No. If you do not specify it, the default security group in the same region bound with the workload is associated by default.If you specify it, ensure that the security group ID already exists in the region where the workload resides. |
| eks.tke.cloud.tencent.com/cpu | Number of CPU cores required by a Pod. For more information, see Resource Specifications. The unit is core by default. | No. If you specify it, ensure that the specifications are supported and specify the cpu and mem parameters. |
| eks.tke.cloud.tencent.com/mem | Memory required by a Pod. For more information, see Resource Specifications. The unit must be included in the value, for example, 512 MiB, 0.5 GiB, or 1 GiB. | No. If you specify it, ensure that the specifications are supported and specify the cpu and mem parameters. |
| eks.tke.cloud.tencent.com/cpu-type | Model of the CPU resources required by a Pod. Currently, the supported models include:
|
No. If you do not specify it, the CPU type is not forcibly specified by default. The system will match the most suitable specifications according to Specifying Resource Specifications. If the matched specifications are supported by both Intel and AMD, Intel CPUs are preferred. |
| eks.tke.cloud.tencent.com/gpu-type | Model of the GPU resources required by a Pod. Currently, the supported models include:
|
If GPUs are required, this option is required. When specifying it, ensure that the GPU model is supported. Otherwise, an error will be reported. |
| eks.tke.cloud.tencent.com/gpu-count | Number of GPUs required by a Pod. For more information, please see Resource Specifications. The unit is card by default. | No. If you specify it, ensure that the specification is supported. |
| eks.tke.cloud.tencent.com/retain-ip | The static IP of a Pod. Enter the value "true" to enable this feature. If a Pod with the static IP enabled is terminated, its IP will be retained 24 hours by default. If the Pod is rebuilt within 24 hours after termination, its IP can still be used. Otherwise, its IP may be occupied by other Pod. |
No |
| eks.tke.cloud.tencent.com/retain-ip-hours | Modifies the default retention duration of the Pod’s static IP. Enter a number. Unit: hour. Default value: 24 hours. The IP can be retained up to one year. | No |
| eks.tke.cloud.tencent.com/role-name | Associates a Pod with a CAM role. Please specify CAM role name as the value. In this way, the Pod can obtain the permission policies of the associated CAM role to facilitate cloud resource operations such as purchasing resources and reading from or writing to storage. | No. If you specify it, please make sure the specified CAM role exists. |
| eks.tke.cloud.tencent.com/monitor-port | Opens a port for monitoring data for a Pod, so as to facilitate collection by PROM instance and other components. | No. If you do not specify it, the port will default to 9100. |
| eks.tke.cloud.tencent.com/custom-metrics-url | Sets a custom monitoring metric pull address for a Pod. The monitoring data opened at this address will be automatically read and reported by the monitoring component. | No. If you specify it, please ensure that the opened data protocol can be recognized by the monitoring system, such as the Prometheus protocol and cloud monitoring data protocol. |
| eks.tke.cloud.tencent.com/eip-attributes | Indicates that the Pod of the Workload needs to be associated with EIP. When the value is "", it indicates that the default EIP configuration is used. You can enter the API parameter json of the EIP in "" to realize custom configuration. For example, if the value of annotation is '{"InternetMaxBandwidthOut":2}', it means the bandwidth is 2M. | No |
| eks.tke.cloud.tencent.com/eip-claim-delete-policy | After the Pod is deleted, whether the EIP is automatically reclaimed (It is reclaimed by default). “Never” means the EIP is not reclaimed. | No |
| eks.tke.cloud.tencent.com/eip-injection | When the value is "true", it indicates that the IP information of EIP will be exposed in the Pod. Run the `ip addr` command in the Pod to view the EIP address. | No |
Sample
The following example shows the complete GPU specifications of the security group bound to a Pod.
apiVersion: apps/v1
kind: StatefulSet
metadata:
generation: 1
labels:
k8s-app: nginx
qcloud-app: nginx
name: nginx
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: nginx
qcloud-app: nginx
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
eks.tke.cloud.tencent.com/cpu: "4"
eks.tke.cloud.tencent.com/gpu-count: "1"
eks.tke.cloud.tencent.com/gpu-type: 1/4*T4
eks.tke.cloud.tencent.com/mem: 10Gi
eks.tke.cloud.tencent.com/security-group-id: "sg-dxxxxxx5,sg-zxxxxxxu"
eks.tke.cloud.tencent.com/role-name: "cam-role-name"
eks.tke.cloud.tencent.com/monitor-port: "9123"
eks.tke.cloud.tencent.com/custom-metrics-url: "http://localhost:8080/metrics"
creationTimestamp: null
labels:
k8s-app: nginx
qcloud-app: nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: nginx
resources:
limits:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
requests:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: qcloudregistrykey
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
Virtual Node Annotation Description
EKS supports the virtual nodes. You can specify annotations in a YAML file to implement capabilities such as custom DNS, as shown below:
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| eks.tke.cloud.tencent.com/resolv-conf | Queries the list of IP addresses for the DNS server while resolving the domain name, for example nameserver 8.8.8.8.
You can use kubectl edit node eklet-subnet-xxxx to add this annotation.
After the modification, the Pods scheduled to this virtual node will adopt this DNS configuration by default. |
No |
Sample
The example of a custom DNS configuration for a virtual node is as follows:
apiVersion: v1
kind: Node
metadata:
annotations:
eks.tke.cloud.tencent.com/resolv-conf:|
nameserver 4.4.4.4
nameserver 8.8.8.8
Service Annotation Description
EKS allows you to use existing CLBs to create Services accessed via the public or private network. If you want to provide your idle CLBs for Services to be created or need to use the same CLB in a cluster, you can add annotations.
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| service.kubernetes.io/tke-existed-lbid | The Service is created with the existing CLB. Specify the ID of the CLB instance you want to use as the value. | No. If you specify it, ensure that the specified CLB instance ID exists. |
| service.kubernetes.io/qcloud-share-existed-lb | By default, multiple Services cannot share the same CLB instance. If you hope that a Service uses the CLB occupied by other Services, please add this annotation and specify the value as "true". |
No. If you do not specify it, a CLB instance cannot be reused by default. |
The elastic cluster also supports the same expansion protocol as the TKE cluster. For more information, see Service Extension Protocol.
Note:
- Ensure that your EKS does not share the same CLB with the CVM.
- When the existing CLBs are used:
- Only CLBs created through the CLB console can be used. You cannot reuse CLBs automatically created by TKE.
- Ports of Services that share the same existing CLB cannot be the same.
- Cross-cluster Services cannot share the same CLB.
Sample
apiVersion: v1
kind: Service
metadata:
annotations:
service.kubernetes.io/tke-existed-lbid: lb-pxxxxxxq
service.kubernetes.io/qcloud-share-existed-lb: true
name: servicename
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: tcp-80-80
nodePort: 31728
port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: LoadBalancer
Yes
No
Was this page helpful?