- Release Notes and Announcements
- Beginner’s Guide
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Kubernetes API Operation Guide
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Cluster Lifecycle
- TKE-Optimized Series Images
- Creating a Cluster
- Deleting a Cluster
- Cluster Scaling
- Changing the Cluster Operating System
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- Enabling GPU Scheduling for a Cluster
- Custom Kubernetes Component Launch Parameters
- Node Management
- Node Pool Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Using a Container Image in a TCR Enterprise Instance to Create a Workload
- Auto Scaling
- Configuration
- Supernode management
- GPU Share
- Service Management
- Distributed Cloud
- Ingress Management
- Storage Management
- Add-On Management
- Helm Application
- Network Management
- Container Network Overview
- GlobalRouter Mode
- VPC-CNI Mode
- VPC-CNI Mode
- Multiple Pods with Shared ENI Mode
- Pods with Exclusive ENI Mode
- Static IP Address Mode Instructions
- Non-static IP Address Mode Instructions
- Interconnection Between VPC-CNI and Other Cloud Resources/IDC Resources
- Security Group of VPC-CNI Mode
- Instructions on Binding an EIP to a Pod
- VPC-CNI Component
- Limits on the Number of Pods in VPC-CNI Mode
- Application Market
- OPS Center
- Cloud Native Monitoring
- Remote Terminals
- Elastic Cluster Guide
- Container Instance Guide
- Edge Cluster Guide
- TMP
- Best Practices
- Cluster
- Cluster Migration
- EKS Cluster
- Security
- Service Deployment
- Hybrid Cloud
- Network
- Using Network Policy for Network Access Control
- Deploying NGINX Ingress on TKE
- Using NodeLocal DNS Cache in a TKE Cluster
- Nginx Ingress High-Concurrency Practices
- Nginx Ingress Best Practices
- Limiting the bandwidth on pods in TKE
- Directly connecting TKE to the CLB of pods based on the ENI
- Use CLB-Pod Direct Connection on TKE
- Obtaining the Real Client Source IP in TKE
- Implementing Custom Domain Name Resolution in TKE
- Using Traefik Ingress in TKE
- Release
- Logs
- Monitoring
- OPS
- Removing and Re-adding Nodes from and to Cluster
- Using Ansible to Batch Operate TKE Nodes
- Using Cluster Audit for Troubleshooting
- Renewing a TKE Ingress Certificate
- Using cert-manager to Issue Free Certificates
- Using cert-manager to Issue Free Certificate for DNSPod Domain Name
- Using the TKE NPDPlus Plug-In to Enhance the Self-Healing Capability of Nodes
- Using kubecm to Manage Multiple Clusters kubeconfig
- Using Audit and Event Services for Troubleshooting in TKE
- Customizing RBAC Authorization in TKE
- DevOps
- Auto Scaling
- Cluster Auto Scaling Practices
- Using tke-autoscaling-placeholder to Implement Auto Scaling in Seconds
- Installing metrics-server on TKE
- Using Custom Metrics for Auto Scaling in TKE
- Utilizing HPA to Auto Scale Businesses on TKE
- Using VPA to Realize Pod Scaling up and Scaling down in TKE
- Adjusting HPA Scaling Sensitivity Based on Different Business Scenarios
- Storage
- Containerization
- Cost Management
- Permission Management
- Overview
- Description of Role Permissions Related to Service Authorization
- TKE Image Registry Resource-level Permission Settings
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Fault Handling
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Cluster APIs
- DescribeClusterKubeconfig
- DescribeClusters
- CreateCluster
- DescribeClusterSecurity
- DeleteCluster
- ModifyClusterEndpointSP
- DescribeClusterEndpointVipStatus
- DescribeClusterEndpointStatus
- DeleteClusterEndpointVip
- DeleteClusterEndpoint
- CreateClusterEndpointVip
- CreateClusterEndpoint
- ModifyClusterAttribute
- AcquireClusterAdminRole
- UpgradeClusterInstances
- UpdateClusterVersion
- GetUpgradeInstanceProgress
- DescribeAvailableClusterVersion
- DescribeClusterCommonNames
- ModifyClusterAuthenticationOptions
- DescribeClusterAuthenticationOptions
- EnableClusterDeletionProtection
- DisableClusterDeletionProtection
- DescribeClusterStatus
- GetClusterLevelPrice
- DescribeResourceUsage
- DescribeClusterLevelChangeRecords
- DescribeClusterLevelAttribute
- Node APIs
- Network APIs
- Scaling group APIs
- Cloud Native Monitoring APIs
- Node Pool APIs
- DescribeClusterAsGroupOption
- RemoveNodeFromNodePool
- ModifyClusterNodePool
- DescribeClusterNodePools
- DescribeClusterNodePoolDetail
- DeleteClusterNodePool
- CreateClusterNodePoolFromExistingAsg
- CreateClusterNodePool
- AddNodeToNodePool
- ModifyClusterAsGroupOptionAttribute
- SetNodePoolNodeProtection
- ModifyNodePoolInstanceTypes
- Edge Compute Cluster APIs
- Other APIs
- Data Types
- Error Codes
- API Mapping Guide
- FAQs
- Service Agreement
- Contact Us
- Glossary
- User Guide(Old)
- Release Notes and Announcements
- Beginner’s Guide
- Product Introduction
- Purchase Guide
- Quick Start
- User Guide
- High-risk Operations of Container Service
- Deploying Containerized Applications in the Cloud
- Kubernetes API Operation Guide
- Open Source Components
- Cluster Management
- Cluster Overview
- Cluster Hosting Modes Introduction
- Cluster Lifecycle
- TKE-Optimized Series Images
- Creating a Cluster
- Deleting a Cluster
- Cluster Scaling
- Changing the Cluster Operating System
- Connecting to a Cluster
- Upgrading a Cluster
- Enabling IPVS for a Cluster
- Enabling GPU Scheduling for a Cluster
- Custom Kubernetes Component Launch Parameters
- Node Management
- Node Pool Management
- Kubernetes Object Management
- Overview
- Namespace
- Workload
- Deployment Management
- StatefulSet Management
- DaemonSet Management
- Job Management
- CronJob Management
- Setting the Resource Limit of Workload
- Setting the Scheduling Rule for a Workload
- Setting the Health Check for a Workload
- Setting the Run Command and Parameter for a Workload
- Using a Container Image in a TCR Enterprise Instance to Create a Workload
- Auto Scaling
- Configuration
- Supernode management
- GPU Share
- Service Management
- Distributed Cloud
- Ingress Management
- Storage Management
- Add-On Management
- Helm Application
- Network Management
- Container Network Overview
- GlobalRouter Mode
- VPC-CNI Mode
- VPC-CNI Mode
- Multiple Pods with Shared ENI Mode
- Pods with Exclusive ENI Mode
- Static IP Address Mode Instructions
- Non-static IP Address Mode Instructions
- Interconnection Between VPC-CNI and Other Cloud Resources/IDC Resources
- Security Group of VPC-CNI Mode
- Instructions on Binding an EIP to a Pod
- VPC-CNI Component
- Limits on the Number of Pods in VPC-CNI Mode
- Application Market
- OPS Center
- Cloud Native Monitoring
- Remote Terminals
- Elastic Cluster Guide
- Container Instance Guide
- Edge Cluster Guide
- TMP
- Best Practices
- Cluster
- Cluster Migration
- EKS Cluster
- Security
- Service Deployment
- Hybrid Cloud
- Network
- Using Network Policy for Network Access Control
- Deploying NGINX Ingress on TKE
- Using NodeLocal DNS Cache in a TKE Cluster
- Nginx Ingress High-Concurrency Practices
- Nginx Ingress Best Practices
- Limiting the bandwidth on pods in TKE
- Directly connecting TKE to the CLB of pods based on the ENI
- Use CLB-Pod Direct Connection on TKE
- Obtaining the Real Client Source IP in TKE
- Implementing Custom Domain Name Resolution in TKE
- Using Traefik Ingress in TKE
- Release
- Logs
- Monitoring
- OPS
- Removing and Re-adding Nodes from and to Cluster
- Using Ansible to Batch Operate TKE Nodes
- Using Cluster Audit for Troubleshooting
- Renewing a TKE Ingress Certificate
- Using cert-manager to Issue Free Certificates
- Using cert-manager to Issue Free Certificate for DNSPod Domain Name
- Using the TKE NPDPlus Plug-In to Enhance the Self-Healing Capability of Nodes
- Using kubecm to Manage Multiple Clusters kubeconfig
- Using Audit and Event Services for Troubleshooting in TKE
- Customizing RBAC Authorization in TKE
- DevOps
- Auto Scaling
- Cluster Auto Scaling Practices
- Using tke-autoscaling-placeholder to Implement Auto Scaling in Seconds
- Installing metrics-server on TKE
- Using Custom Metrics for Auto Scaling in TKE
- Utilizing HPA to Auto Scale Businesses on TKE
- Using VPA to Realize Pod Scaling up and Scaling down in TKE
- Adjusting HPA Scaling Sensitivity Based on Different Business Scenarios
- Storage
- Containerization
- Cost Management
- Permission Management
- Overview
- Description of Role Permissions Related to Service Authorization
- TKE Image Registry Resource-level Permission Settings
- Controlling TKE cluster-level permissions
- TKE Kubernetes Object-level Permission Control
- Fault Handling
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Cluster APIs
- DescribeClusterKubeconfig
- DescribeClusters
- CreateCluster
- DescribeClusterSecurity
- DeleteCluster
- ModifyClusterEndpointSP
- DescribeClusterEndpointVipStatus
- DescribeClusterEndpointStatus
- DeleteClusterEndpointVip
- DeleteClusterEndpoint
- CreateClusterEndpointVip
- CreateClusterEndpoint
- ModifyClusterAttribute
- AcquireClusterAdminRole
- UpgradeClusterInstances
- UpdateClusterVersion
- GetUpgradeInstanceProgress
- DescribeAvailableClusterVersion
- DescribeClusterCommonNames
- ModifyClusterAuthenticationOptions
- DescribeClusterAuthenticationOptions
- EnableClusterDeletionProtection
- DisableClusterDeletionProtection
- DescribeClusterStatus
- GetClusterLevelPrice
- DescribeResourceUsage
- DescribeClusterLevelChangeRecords
- DescribeClusterLevelAttribute
- Node APIs
- Network APIs
- Scaling group APIs
- Cloud Native Monitoring APIs
- Node Pool APIs
- DescribeClusterAsGroupOption
- RemoveNodeFromNodePool
- ModifyClusterNodePool
- DescribeClusterNodePools
- DescribeClusterNodePoolDetail
- DeleteClusterNodePool
- CreateClusterNodePoolFromExistingAsg
- CreateClusterNodePool
- AddNodeToNodePool
- ModifyClusterAsGroupOptionAttribute
- SetNodePoolNodeProtection
- ModifyNodePoolInstanceTypes
- Edge Compute Cluster APIs
- Other APIs
- Data Types
- Error Codes
- API Mapping Guide
- FAQs
- Service Agreement
- Contact Us
- Glossary
- User Guide(Old)
Workload Pod Template Annotation Description
You can define spec.template.metadata.annotations in a YAML file to implement capabilities such as binding security groups and allocating resources for Pods. For more information about the configuration method, see the following table.
Note
- If no security group is specified, a Pod is bound with the
defaultsecurity group in the same region by default. Ensure that the network policy of thedefaultsecurity group does not affect the Pod.- To allocate CPU resources through the method specified by annotation, you must specify both
cpuandmemannotations and make sure that their values meet the CPU specifications in Resource Specifications. In addition, you can select Intel or AMD CPUs to allocate by specifyingcpu-type. AMD CPUs are more cost-effective. For more information, see Product Pricing.- To allocate GPU resources through the method specified by annotation, you must specify the
gpu-typeandgpu-countannotations and ensure that their values meet the GPU specifications in Resource Specifications.
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| eks.tke.cloud.tencent.com/security-group-id | Default security group bound with a workload. Specify the security group ID.
|
No. If you do not specify it, the default security group in the same region bound with the workload is associated by default.If you specify it, ensure that the security group ID already exists in the region where the workload resides. |
| eks.tke.cloud.tencent.com/cpu | Number of CPU cores required by a Pod. See Resource Specifications. | No. Make sure the entered specification is supported and both the cpu and mem are specified. |
| eks.tke.cloud.tencent.com/mem | Memory required by a Pod. See Resource Specifications. The unit must be included in the value, for example, `512Mi`, `0.5Gi` and `1Gi`. | No. Make sure the entered specification is supported and both the cpu and mem are specified. |
| eks.tke.cloud.tencent.com/cpu-type | CPU resource types and models required by a Pod. The supported formats include:
|
No. If it’s not specified, the system automatically choose the best-suit specification. See Specifying Resource Specifications. If the matched specifications are supported by both Intel and AMD, Intel CPUs are preferred. |
| eks.tke.cloud.tencent.com/gpu-type | Model of the GPU resources required by a Pod. The supported models include:
|
If GPUs are required, this option is required. When specifying it, ensure that the GPU model is supported. Otherwise, an error will be reported. |
| eks.tke.cloud.tencent.com/gpu-count | Number of GPU cards required by a Pod. For more information, see Resource Specifications. | No. Make sure that the entered specification is supported. |
| eks.tke.cloud.tencent.com/retain-ip | The static IP of a Pod. Enter the value "true" to enable this feature. If a Pod with the static IP enabled is terminated, its IP will be retained 24 hours by default. If the Pod is rebuilt within 24 hours after termination, its IP can still be used. Otherwise, its IP may be occupied by other Pod.Only valid for statefulset and rawpod. |
No |
| eks.tke.cloud.tencent.com/retain-ip-hours | Modifies the default retention duration of the Pod’s static IP. Enter a number. Unit: hour. Default value: 24 hours. The IP can be retained up to one year.Only valid for statefulset and rawpod. | No |
| eks.tke.cloud.tencent.com/role-name | Associates a Pod with a CAM role. Please specify CAM role name as the value. In this way, the Pod can obtain the permission policies of the associated CAM role to facilitate cloud resource operations such as purchasing resources and reading from or writing to storage. | No. If you specify it, please make sure the specified CAM role exists. |
| eks.tke.cloud.tencent.com/custom-metrics-url | Sets a custom monitoring metric pull address for a Pod. The monitoring data opened at this address will be automatically read and reported by the monitoring component. | No. If you specify it, please ensure that the opened data protocol can be recognized by the monitoring system, such as the Prometheus protocol and cloud monitoring data protocol. |
| eks.tke.cloud.tencent.com/eip-attributes | Attributes of the EIP associated with Pods of the Workload. When the value is `""`, it indicates that the default EIP configuration is used. You can enter the API parameter json of the EIP in within "" to realize custom configuration. For example, if the value of annotation is '{"InternetMaxBandwidthOut":2}', it means the bandwidth is 2M. Note that it is only applicable to bill-by-IP accounts. | No |
| eks.tke.cloud.tencent.com/eip-claim-delete-policy | Whether to release the EIP once the Pod is deleted. `Never`: Do not release. This parameter takes effect only when eks.tke.cloud.tencent.com/eip-attributes is specified. Note that it is only applicable to bill-by-IP accounts. | No |
| eks.tke.cloud.tencent.com/eip-id-list | If the Workload is a StatefulSet, you can also specify one or multiple existing EIPs, such as "eip-xx1,eip-xx2". Note that the number of StatefulSet Pods must be less than or equal to the number of EIP IDs specified in this annotation; otherwise, Pods that cannot be allocated with EIPs will be in the "Pending" status. Note: this cannot be used for non-bill-by-IP accounts. | No |
| eks.tke.cloud.tencent.com/registry-insecure-skip-verify | Image repository address (separate multiple addresses with “,”, or enter "all"). When you use an image from a HTTPS-based self-signed external image repository to create a workload in an elastic cluster, you may encounter the error “ErrImagePull” and fail to pull the image. You can solve this issue by adding the annotation. For more information, see How do I use an image from a self-signed or HTTP-based external image repository in an elastic cluster? | No |
| eks.tke.cloud.tencent.com/registry-http-endpoint | Image repository address (separate multiple addresses with “,”, or enter "all"). When you use an image from a HTTP-based external image repository to create a workload in an elastic cluster, you may encounter the error “ErrImagePull” and fail to pull the image. You can solve this issue by adding the annotation. For more information, see How do I use an image from a self-signed or HTTP-based external image repository in an elastic cluster? | No |
| eks.tke.cloud.tencent.com/image-cache-disk-retain-minute | Whether to delay the termination of CBS data disks used for image caching. The unit is “min”. You can set the duration of delayed termination as needed. The default value is “0”, which means the data disks are terminated at the time of Pod termination. If the value is set to “10”, it indicates that the data disks used for image caching are retained for 10 minutes after the Pod is terminated. | No |
Example
The following example shows the complete GPU specifications of the security group bound to a Pod.
apiVersion: apps/v1
kind: StatefulSet
metadata:
generation: 1
labels:
k8s-app: nginx
qcloud-app: nginx
name: nginx
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: nginx
qcloud-app: nginx
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
eks.tke.cloud.tencent.com/cpu: "4"
eks.tke.cloud.tencent.com/gpu-count: "1"
eks.tke.cloud.tencent.com/gpu-type: 1/4*T4
eks.tke.cloud.tencent.com/mem: 10Gi
eks.tke.cloud.tencent.com/security-group-id: "sg-dxxxxxx5,sg-zxxxxxxu"
eks.tke.cloud.tencent.com/role-name: "cam-role-name"
eks.tke.cloud.tencent.com/monitor-port: "9123"
eks.tke.cloud.tencent.com/custom-metrics-url: "http://localhost:8080/metrics"
creationTimestamp: null
labels:
k8s-app: nginx
qcloud-app: nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: nginx
resources:
limits:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
requests:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: qcloudregistrykey
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
Virtual Node Annotation Description
EKS supports the virtual nodes. You can specify annotations in a YAML file to implement capabilities such as custom DNS, as shown below:
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| eks.tke.cloud.tencent.com/resolv-conf | Queries the list of IP addresses for the DNS server while resolving the domain name, for example nameserver 8.8.8.8.
You can use kubectl edit node eklet-subnet-xxxx to add this annotation.
After the modification, the Pods scheduled to this virtual node will adopt this DNS configuration by default. |
No |
Example
The example of a custom DNS configuration for a virtual node is as follows:
apiVersion: v1
kind: Node
metadata:
annotations:
eks.tke.cloud.tencent.com/resolv-conf:|
nameserver 4.4.4.4
nameserver 8.8.8.8
Service Annotation Description
EKS allows you to use existing CLBs to create Services accessed via the public or private network. If you want to provide your idle CLBs for Services to be created or need to use the same CLB in a cluster, you can add annotations.
| Annotation Key | Annotation Value and Description | Required |
|---|---|---|
| service.kubernetes.io/tke-existed-lbid | The Service is created with the existing CLB. Specify the ID of the CLB instance you want to use as the value. | No. If you specify it, ensure that the specified CLB instance ID exists. |
| service.kubernetes.io/qcloud-share-existed-lb | By default, multiple Services cannot share the same CLB instance. If you hope that a Service uses the CLB occupied by other Services, please add this annotation and specify the value as "true". |
No. If you do not specify it, a CLB instance cannot be reused by default. |
The elastic cluster also supports the same expansion protocol as the TKE cluster. For more information, see Service Extension Protocol.
Note:
- Ensure that your EKS and the CVM do not share the same CLB.
- When the existing CLBs are used:
- Only CLBs created through the CLB console can be used. You cannot reuse CLBs automatically created by TKE.
- Ports of Services that share the same existing CLB cannot be the same.
- Cross-cluster Services cannot share the same CLB.
Example
apiVersion: v1
kind: Service
metadata:
annotations:
service.kubernetes.io/tke-existed-lbid: lb-pxxxxxxq
service.kubernetes.io/qcloud-share-existed-lb: true
name: servicename
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: tcp-80-80
nodePort: 31728
port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: LoadBalancer
Yes
No
Was this page helpful?