You can define spec.template.metadata.annotations
in a YAML file to implement capabilities such as binding security groups and allocating resources for Pods. For more information about the configuration method, see the following table.
Note
- If no security group is specified, a Pod is bound with the
default
security group in the same region by default. Ensure that the network policy of thedefault
security group does not affect the Pod.- To allocate CPU resources through the method specified by annotation, you must specify both
cpu
andmem
annotations and make sure that their values meet the CPU specifications in Resource Specifications. In addition, you can select Intel or AMD CPUs to allocate by specifyingcpu-type
. AMD CPUs are more cost-effective. For more information, see Product Pricing.- To allocate GPU resources through the method specified by annotation, you must specify the
gpu-type
andgpu-count
annotations and ensure that their values meet the GPU specifications in Resource Specifications.
Annotation Key | Annotation Value and Description | Required |
---|---|---|
eks.tke.cloud.tencent.com/security-group-id | Default security group bound with a workload. Specify the security group ID.
|
No. If you do not specify it, the default security group in the same region bound with the workload is associated by default.If you specify it, ensure that the security group ID already exists in the region where the workload resides. |
eks.tke.cloud.tencent.com/cpu | Number of CPU cores required by a Pod. See Resource Specifications. | No. Make sure the entered specification is supported and both the cpu and mem are specified. |
eks.tke.cloud.tencent.com/mem | Memory required by a Pod. See Resource Specifications. The unit must be included in the value, for example, `512Mi`, `0.5Gi` and `1Gi`. | No. Make sure the entered specification is supported and both the cpu and mem are specified. |
eks.tke.cloud.tencent.com/cpu-type | CPU resource types and models required by a Pod. The supported formats include:
|
No. If it’s not specified, the system automatically choose the best-suit specification. See Specifying Resource Specifications. If the matched specifications are supported by both Intel and AMD, Intel CPUs are preferred. |
eks.tke.cloud.tencent.com/gpu-type | Model of the GPU resources required by a Pod. The supported models include:
|
If GPUs are required, this option is required. When specifying it, ensure that the GPU model is supported. Otherwise, an error will be reported. |
eks.tke.cloud.tencent.com/gpu-count | Number of GPU cards required by a Pod. For more information, see Resource Specifications. | No. Make sure that the entered specification is supported. |
eks.tke.cloud.tencent.com/retain-ip | The static IP of a Pod. Enter the value "true" to enable this feature. If a Pod with the static IP enabled is terminated, its IP will be retained 24 hours by default. If the Pod is rebuilt within 24 hours after termination, its IP can still be used. Otherwise, its IP may be occupied by other Pod.Only valid for statefulset and rawpod. |
No |
eks.tke.cloud.tencent.com/retain-ip-hours | Modifies the default retention duration of the Pod’s static IP. Enter a number. Unit: hour. Default value: 24 hours. The IP can be retained up to one year.Only valid for statefulset and rawpod. | No |
eks.tke.cloud.tencent.com/role-name | Associates a Pod with a CAM role. Please specify CAM role name as the value. In this way, the Pod can obtain the permission policies of the associated CAM role to facilitate cloud resource operations such as purchasing resources and reading from or writing to storage. | No. If you specify it, please make sure the specified CAM role exists. |
eks.tke.cloud.tencent.com/custom-metrics-url | Sets a custom monitoring metric pull address for a Pod. The monitoring data opened at this address will be automatically read and reported by the monitoring component. | No. If you specify it, please ensure that the opened data protocol can be recognized by the monitoring system, such as the Prometheus protocol and cloud monitoring data protocol. |
eks.tke.cloud.tencent.com/eip-attributes | Attributes of the EIP associated with Pods of the Workload. When the value is `""`, it indicates that the default EIP configuration is used. You can enter the API parameter json of the EIP in within "" to realize custom configuration. For example, if the value of annotation is '{"InternetMaxBandwidthOut":2}', it means the bandwidth is 2M. Note that it is only applicable to bill-by-IP accounts. | No |
eks.tke.cloud.tencent.com/eip-claim-delete-policy | Whether to release the EIP once the Pod is deleted. `Never`: Do not release. This parameter takes effect only when eks.tke.cloud.tencent.com/eip-attributes is specified. Note that it is only applicable to bill-by-IP accounts. | No |
eks.tke.cloud.tencent.com/eip-id-list | If the Workload is a StatefulSet, you can also specify one or multiple existing EIPs, such as "eip-xx1,eip-xx2". Note that the number of StatefulSet Pods must be less than or equal to the number of EIP IDs specified in this annotation; otherwise, Pods that cannot be allocated with EIPs will be in the "Pending" status. Note: this cannot be used for non-bill-by-IP accounts. | No |
eks.tke.cloud.tencent.com/registry-insecure-skip-verify | Image repository address (separate multiple addresses with “,”, or enter "all"). When you use an image from a HTTPS-based self-signed external image repository to create a workload in an elastic cluster, you may encounter the error “ErrImagePull” and fail to pull the image. You can solve this issue by adding the annotation. For more information, see How do I use an image from a self-signed or HTTP-based external image repository in an elastic cluster? | No |
eks.tke.cloud.tencent.com/registry-http-endpoint | Image repository address (separate multiple addresses with “,”, or enter "all"). When you use an image from a HTTP-based external image repository to create a workload in an elastic cluster, you may encounter the error “ErrImagePull” and fail to pull the image. You can solve this issue by adding the annotation. For more information, see How do I use an image from a self-signed or HTTP-based external image repository in an elastic cluster? | No |
eks.tke.cloud.tencent.com/image-cache-disk-retain-minute | Whether to delay the termination of CBS data disks used for image caching. The unit is “min”. You can set the duration of delayed termination as needed. The default value is “0”, which means the data disks are terminated at the time of Pod termination. If the value is set to “10”, it indicates that the data disks used for image caching are retained for 10 minutes after the Pod is terminated. | No |
The following example shows the complete GPU specifications of the security group bound to a Pod.
apiVersion: apps/v1
kind: StatefulSet
metadata:
generation: 1
labels:
k8s-app: nginx
qcloud-app: nginx
name: nginx
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: nginx
qcloud-app: nginx
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
annotations:
eks.tke.cloud.tencent.com/cpu: "4"
eks.tke.cloud.tencent.com/gpu-count: "1"
eks.tke.cloud.tencent.com/gpu-type: 1/4*T4
eks.tke.cloud.tencent.com/mem: 10Gi
eks.tke.cloud.tencent.com/security-group-id: "sg-dxxxxxx5,sg-zxxxxxxu"
eks.tke.cloud.tencent.com/role-name: "cam-role-name"
eks.tke.cloud.tencent.com/monitor-port: "9123"
eks.tke.cloud.tencent.com/custom-metrics-url: "http://localhost:8080/metrics"
creationTimestamp: null
labels:
k8s-app: nginx
qcloud-app: nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: nginx
resources:
limits:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
requests:
cpu: "1"
memory: 2Gi
nvidia.com/gpu: "1"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: qcloudregistrykey
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
EKS supports the virtual nodes. You can specify annotations in a YAML file to implement capabilities such as custom DNS, as shown below:
Annotation Key | Annotation Value and Description | Required |
---|---|---|
eks.tke.cloud.tencent.com/resolv-conf | Queries the list of IP addresses for the DNS server while resolving the domain name, for example nameserver 8.8.8.8 .
You can use kubectl edit node eklet-subnet-xxxx to add this annotation.
After the modification, the Pods scheduled to this virtual node will adopt this DNS configuration by default. |
No |
The example of a custom DNS configuration for a virtual node is as follows:
apiVersion: v1
kind: Node
metadata:
annotations:
eks.tke.cloud.tencent.com/resolv-conf:|
nameserver 4.4.4.4
nameserver 8.8.8.8
EKS allows you to use existing CLBs to create Services accessed via the public or private network. If you want to provide your idle CLBs for Services to be created or need to use the same CLB in a cluster, you can add annotations.
Annotation Key | Annotation Value and Description | Required |
---|---|---|
service.kubernetes.io/tke-existed-lbid | The Service is created with the existing CLB. Specify the ID of the CLB instance you want to use as the value. | No. If you specify it, ensure that the specified CLB instance ID exists. |
service.kubernetes.io/qcloud-share-existed-lb | By default, multiple Services cannot share the same CLB instance. If you hope that a Service uses the CLB occupied by other Services, please add this annotation and specify the value as "true" . |
No. If you do not specify it, a CLB instance cannot be reused by default. |
The elastic cluster also supports the same expansion protocol as the TKE cluster. For more information, see Service Extension Protocol.
Note:
- Ensure that your EKS and the CVM do not share the same CLB.
- When the existing CLBs are used:
- Only CLBs created through the CLB console can be used. You cannot reuse CLBs automatically created by TKE.
- Ports of Services that share the same existing CLB cannot be the same.
- Cross-cluster Services cannot share the same CLB.
apiVersion: v1
kind: Service
metadata:
annotations:
service.kubernetes.io/tke-existed-lbid: lb-pxxxxxxq
service.kubernetes.io/qcloud-share-existed-lb: true
name: servicename
namespace: default
spec:
externalTrafficPolicy: Cluster
ports:
- name: tcp-80-80
nodePort: 31728
port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: LoadBalancer
Was this page helpful?