diff --git a/umn/source/best_practice/container/how_do_i_select_a_container_runtime.rst b/umn/source/best_practice/container/how_do_i_select_a_container_runtime.rst deleted file mode 100644 index 2fb027f..0000000 --- a/umn/source/best_practice/container/how_do_i_select_a_container_runtime.rst +++ /dev/null @@ -1,104 +0,0 @@ -:original_name: cce_bestpractice_0140.html - -.. _cce_bestpractice_0140: - -How Do I Select a Container Runtime? -==================================== - -containerd vs Docker --------------------- - -Container runtime, one of the most important components of Kubernetes, manages the lifecycle of images and containers. The kubelet interacts with a container runtime through the Container Runtime Interface (CRI). - -CCE supports containerd and Docker as your runtime. **containerd is recommended for its shorter traces, fewer components, and stability.** - -Select Docker for the following scenarios: - -- Docker-in-Docker needs to be used. -- Commands such as **docker build/push/save/load** need to be run on the CCE node. -- Docker APIs need to be called. -- Docker Compose or Docker Swarm needs to be used. - -Common Commands of containerd and Docker ----------------------------------------- - -containerd does not support Docker APIs and Docker CLI, but you can run crictl commands to implement similar functions. - -.. table:: **Table 1** Image-related commands - - +-----+---------------------------------------------------+---------------------------------------------------+-----------------------+ - | No. | Docker Command | containerd Command | Remarks | - +=====+===================================================+===================================================+=======================+ - | 1 | docker images [Option] [Image name[:Tag]] | crictl images [Option] [Image name[:Tag]] | List local images. | - +-----+---------------------------------------------------+---------------------------------------------------+-----------------------+ - | 2 | docker pull [Option] *Image name*\ [:Tag|@DIGEST] | crictl pull [Option] *Image name*\ [:Tag|@DIGEST] | Pull images. | - +-----+---------------------------------------------------+---------------------------------------------------+-----------------------+ - | 3 | docker push | None | Push an image. | - +-----+---------------------------------------------------+---------------------------------------------------+-----------------------+ - | 4 | docker rmi [Option] *Image*... | crictl rmi [Option] *Image ID*... | Delete a local image. | - +-----+---------------------------------------------------+---------------------------------------------------+-----------------------+ - | 5 | docker inspect *Image ID* | crictl inspect *Image ID* | Check a container. | - +-----+---------------------------------------------------+---------------------------------------------------+-----------------------+ - -.. table:: **Table 2** Container-related commands - - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | No. | Docker Command | containerd Command | Remarks | - +=====+========================================================================+========================================================================+============================================+ - | 1 | docker ps [Option] | crictl ps [Option] | List containers. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 2 | docker create [Option] | crictl create [Option] | Create a container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 3 | docker start [Option] *Container ID*... | crictl start [Option] *Container ID*... | Start a container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 4 | docker stop [Option] *Container ID*... | crictl stop [Option] *Container ID*... | Stop a container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 5 | docker rm [Option] *Container ID*... | crictl rm [Option] *Container ID*... | Delete a container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 6 | docker attach [Option] *Container ID* | crictl attach [Option] *Container ID* | Connect to a container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 7 | docker exec [Option] *Container ID* *Startup command* [*Parameter*...] | crictl exec [Option] *Container ID* *Startup command* [*Parameter*...] | Access the container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 8 | docker inspect [Option] *Container name*\ \|\ *ID*... | crictl inspect [Option] *Container ID*... | Query container details. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 9 | docker logs [Option] *Container ID* | crictl logs [Option] *Container ID* | View container logs. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 10 | docker stats [Option] *Container ID*... | crictl stats [Option] *Container ID* | Check the resource usage of the container. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - | 11 | docker update [Option] *Container ID*... | crictl update [Option] *Container ID*... | Update container resource limits. | - +-----+------------------------------------------------------------------------+------------------------------------------------------------------------+--------------------------------------------+ - -.. table:: **Table 3** Pod-related commands - - +-----+----------------+--------------------------------------+-------------------+ - | No. | Docker Command | containerd Command | Remarks | - +=====+================+======================================+===================+ - | 1 | None | crictl pods [Option] | List pods. | - +-----+----------------+--------------------------------------+-------------------+ - | 2 | None | crictl inspectp [Option] *Pod ID*... | View pod details. | - +-----+----------------+--------------------------------------+-------------------+ - | 3 | None | crictl start [Option] *Pod ID*... | Start a pod. | - +-----+----------------+--------------------------------------+-------------------+ - | 4 | None | crictl runp [Option] *Pod ID*... | Run a pod. | - +-----+----------------+--------------------------------------+-------------------+ - | 5 | None | crictl stopp [Option] *Pod ID*... | Stop a pod. | - +-----+----------------+--------------------------------------+-------------------+ - | 6 | None | crictl rmp [Option] *Pod ID*... | Delete a pod. | - +-----+----------------+--------------------------------------+-------------------+ - -.. note:: - - Containers created and started by containerd are immediately deleted by kubelet. containerd does not support suspending, resuming, restarting, renaming, and waiting for containers, nor Docker image build, import, export, comparison, push, search, and labeling. containerd does not support file copy. You can log in to the image repository by modifying the configuration file of containerd. - -Differences in Tracing ----------------------- - -- Docker: - - kubelet --> docker shim (in the kubelet process) --> dockerd --> containerd - -- containerd: - - kubelet --> cri plugin (in the containerd process) --> containerd - -Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it also introduces bugs. Compared with containerd, Docker has one more layer of calling. diff --git a/umn/source/best_practice/container/index.rst b/umn/source/best_practice/container/index.rst index e80fb24..936b016 100644 --- a/umn/source/best_practice/container/index.rst +++ b/umn/source/best_practice/container/index.rst @@ -9,7 +9,6 @@ Container - :ref:`Modifying Kernel Parameters Using a Privileged Container ` - :ref:`Initializing a Container ` - :ref:`Using hostAliases to Configure /etc/hosts in a Pod ` -- :ref:`How Do I Select a Container Runtime? ` - :ref:`Configuring Core Dumps ` .. toctree:: @@ -20,5 +19,4 @@ Container modifying_kernel_parameters_using_a_privileged_container initializing_a_container using_hostaliases_to_configure_etc_hosts_in_a_pod - how_do_i_select_a_container_runtime configuring_core_dumps diff --git a/umn/source/charts/deploying_an_application_from_a_chart.rst b/umn/source/charts/deploying_an_application_from_a_chart.rst index 3897862..2d9716e 100644 --- a/umn/source/charts/deploying_an_application_from_a_chart.rst +++ b/umn/source/charts/deploying_an_application_from_a_chart.rst @@ -94,7 +94,7 @@ Creating a Release #. Log in to the CCE console, click the cluster name, and access the cluster console. In the navigation pane, choose **Charts**. -#. In the list of uploaded charts, click **Install**. +#. On the **My Charts** tab page, click **Install** of the target chart. #. Set workload installation parameters by referring to :ref:`Table 2 `. diff --git a/umn/source/networking/ingresses/using_kubectl_to_create_an_elb_ingress.rst b/umn/source/networking/ingresses/using_kubectl_to_create_an_elb_ingress.rst index b46a5f1..fe30dc0 100644 --- a/umn/source/networking/ingresses/using_kubectl_to_create_an_elb_ingress.rst +++ b/umn/source/networking/ingresses/using_kubectl_to_create_an_elb_ingress.rst @@ -479,10 +479,12 @@ Ingress supports TLS certificate configuration and secures your Services with HT .. note:: - Derfault security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.17 or later. + Default security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.17 or later. **The following uses the automatically created load balancer as an example. The YAML file is configured as follows:** + **For clusters of v1.21 or earlier:** + .. code-block:: apiVersion: networking.k8s.io/v1beta1 @@ -517,6 +519,45 @@ Ingress supports TLS certificate configuration and secures your Services with HT property: ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH + **For clusters of v1.23 or later:** + + .. code-block:: + + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: ingress-test + annotations: + kubernetes.io/elb.class: union + kubernetes.io/elb.port: '443' + kubernetes.io/elb.autocreate: + '{ + "type":"public", + "bandwidth_name":"cce-bandwidth-15511633796**", + "bandwidth_chargemode":"bandwidth", + "bandwidth_size":5, + "bandwidth_sharetype":"PER", + "eip_type":"5_bgp" + }' + kubernetes.io/elb.tls-ciphers-policy: tls-1-2 + spec: + tls: + - secretName: ingress-test-secret + rules: + - host: '' + http: + paths: + - path: '/' + backend: + service: + name: # Replace it with the name of your target Service. + port: + number: 8080 # Replace 8080 with the port number of your target Service. + property: + ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH + pathType: ImplementationSpecific + ingressClassName: cce + .. table:: **Table 4** Key parameters +--------------------------------------+-----------------+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+