diff --git a/docs/cce/umn/ALL_META.TXT.json b/docs/cce/umn/ALL_META.TXT.json index e00f7a4d..b9d91c57 100644 --- a/docs/cce/umn/ALL_META.TXT.json +++ b/docs/cce/umn/ALL_META.TXT.json @@ -27,7 +27,7 @@ "node_id":"cce_productdesc_0001.xml", "product_code":"cce", "code":"2", - "des":"Cloud Container Engine (CCE) is a scalable, enterprise-class hosted Kubernetes service. With CCE, you can easily deploy, manage, and scale containerized applications in t", + "des":"Cloud Container Engine (CCE) is a hosted Kubernetes cluster service for enterprises. It offers complete lifecycle management for containerized applications and delivers s", "doc_type":"usermanual2", "kw":"What Is CCE?,Service Overview,User Guide", "search_title":"", @@ -45,7 +45,7 @@ "node_id":"cce_productdesc_0003.xml", "product_code":"cce", "code":"3", - "des":"CCE is a container service built on Docker and Kubernetes. A wealth of features enables you to run container clusters at scale. CCE eases containerization thanks to its r", + "des":"CCE is a container service built on Docker and Kubernetes. A wealth of features enable you to run container clusters at scale. CCE eases containerization thanks to its re", "doc_type":"usermanual2", "kw":"Product Advantages,Service Overview,User Guide", "search_title":"", @@ -99,7 +99,7 @@ "node_id":"cce_productdesc_0021.xml", "product_code":"cce", "code":"6", - "des":"Shopping apps and websites, especially during promotionsLive streaming, where service loads often fluctuateGames, where many players may go online in certain time periods", + "des":"Shopping apps and websites, especially during promotions and flash salesLive streaming, where service loads often fluctuateGames, where many players may go online in cert", "doc_type":"usermanual2", "kw":"Auto Scaling in Seconds,Application Scenarios,User Guide", "search_title":"", @@ -155,7 +155,7 @@ "code":"9", "des":"This section describes the notes and constraints on using CCE.After a cluster is created, the following items cannot be changed:Number of master nodes: For example, a non", "doc_type":"usermanual2", - "kw":"Storage Volumes,Data sharing,Constraints,Service Overview,User Guide", + "kw":"Storage Volumes,Data sharing,Notes and Constraints,Service Overview,User Guide", "search_title":"", "metedata":[ { @@ -163,7 +163,7 @@ "documenttype":"usermanual" } ], - "title":"Constraints", + "title":"Notes and Constraints", "githuburl":"" }, { @@ -241,23 +241,22 @@ "githuburl":"" }, { - "uri":"cce_bulletin_0003.html", - "node_id":"cce_bulletin_0003.xml", + "uri":"cce_bulletin_0033.html", + "node_id":"cce_bulletin_0033.xml", "product_code":"cce", "code":"14", - "des":"This section explains versioning in CCE, and the policies for Kubernetes version support.Version number: The format is x.y.z, where x.y is the major version and z is the ", + "des":"CCE provides highly scalable, high-performance, enterprise-class Kubernetes clusters. This section describes the Kubernetes version policy of CCE clusters.The CCE console", "doc_type":"usermanual2", - "kw":"Kubernetes Version Support Mechanism,Product Bulletin,User Guide", + "kw":"Kubernetes Version Policy,Product Bulletin,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", "opensource":"true", - "documenttype":"usermanual2", - "IsMulti":"Yes" + "documenttype":"usermanual" } ], - "title":"Kubernetes Version Support Mechanism", + "title":"Kubernetes Version Policy", "githuburl":"" }, { @@ -265,7 +264,7 @@ "node_id":"cce_bulletin_0061.xml", "product_code":"cce", "code":"15", - "des":"Dear users,We are pleased to announce that a brand-new CCE console is available. The new console is modern, visually appealing, and concise, providing a more comfortable ", + "des":"Released: Sep 3, 2023Dear users,We are pleased to announce that a brand-new CCE console is available. The new console is modern, visually appealing, and concise, providin", "doc_type":"usermanual2", "kw":"CCE Console Upgrade,Product Bulletin,User Guide", "search_title":"", @@ -388,7 +387,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Introduction", @@ -406,7 +405,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Preparations", @@ -424,7 +423,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Kubernetes Cluster", @@ -442,7 +441,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Deployment (Nginx)", @@ -460,7 +459,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Deploying WordPress and MySQL That Depend on Each Other", @@ -478,7 +477,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Overview", @@ -496,7 +495,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a MySQL Workload", @@ -514,7 +513,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a WordPress Workload", @@ -527,15 +526,15 @@ "code":"29", "des":"During service deployment or running, you may trigger high-risk operations at different levels, causing service faults or interruption. To help you better estimate and av", "doc_type":"usermanual2", - "kw":"High-Risk Operations and Solutions,User Guide", + "kw":"High-Risk Operations,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"High-Risk Operations and Solutions", + "title":"High-Risk Operations", "githuburl":"" }, { @@ -550,7 +549,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Clusters", @@ -568,7 +567,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Cluster Overview", @@ -586,7 +585,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Basic Cluster Information", @@ -604,17 +603,35 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes Version Release Notes", "githuburl":"" }, + { + "uri":"cce_bulletin_0089.html", + "node_id":"cce_bulletin_0089.xml", + "product_code":"cce", + "code":"34", + "des":"CCE allows you to create Kubernetes clusters 1.29. This section describes the changes made in Kubernetes 1.29.New and Enhanced FeaturesAPI Changes and RemovalsEnhanced Ku", + "doc_type":"usermanual2", + "kw":"Kubernetes 1.29 Release Notes,Kubernetes Version Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.29 Release Notes", + "githuburl":"" + }, { "uri":"cce_bulletin_0068.html", "node_id":"cce_bulletin_0068.xml", "product_code":"cce", - "code":"34", + "code":"35", "des":"CCE allows you to create Kubernetes clusters 1.28. This section describes the changes made in Kubernetes 1.28.Important NotesNew and Enhanced FeaturesAPI Changes and Remo", "doc_type":"usermanual2", "kw":"Kubernetes 1.28 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -622,7 +639,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes 1.28 Release Notes", @@ -632,7 +649,7 @@ "uri":"cce_bulletin_0059.html", "node_id":"cce_bulletin_0059.xml", "product_code":"cce", - "code":"35", + "code":"36", "des":"CCE allows you to create clusters of Kubernetes 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.New FeaturesDeprecations an", "doc_type":"usermanual2", "kw":"Kubernetes 1.27 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -640,7 +657,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes 1.27 Release Notes", @@ -650,7 +667,7 @@ "uri":"cce_bulletin_0058.html", "node_id":"cce_bulletin_0058.xml", "product_code":"cce", - "code":"36", + "code":"37", "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the changes made in Kubernetes 1.25 compared wi", "doc_type":"usermanual2", "kw":"Kubernetes 1.25 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -658,7 +675,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes 1.25 Release Notes", @@ -668,7 +685,7 @@ "uri":"cce_bulletin_0027.html", "node_id":"cce_bulletin_0027.xml", "product_code":"cce", - "code":"37", + "code":"38", "des":"This section describes the updates in CCE Kubernetes 1.23.Kubernetes 1.23 Release NotesFlexVolume is deprecated. Use CSI.HorizontalPodAutoscaler v2 is promoted to GA, and", "doc_type":"usermanual2", "kw":"Kubernetes 1.23 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -676,7 +693,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes 1.23 Release Notes", @@ -686,25 +703,25 @@ "uri":"cce_bulletin_0026.html", "node_id":"cce_bulletin_0026.xml", "product_code":"cce", - "code":"38", + "code":"39", "des":"This section describes the updates in CCE Kubernetes 1.21.Kubernetes 1.21 Release NotesCronJob is now in the stable state, and the version number changes to batch/v1.The ", "doc_type":"usermanual2", - "kw":"Kubernetes 1.21 Release Notes,Kubernetes Version Release Notes,User Guide", + "kw":"Kubernetes 1.21 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Kubernetes 1.21 Release Notes", + "title":"Kubernetes 1.21 (EOM) Release Notes", "githuburl":"" }, { "uri":"cce_whsnew_0010.html", "node_id":"cce_whsnew_0010.xml", "product_code":"cce", - "code":"39", + "code":"40", "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.Kubernetes v", "doc_type":"usermanual2", "kw":"Kubernetes 1.19 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", @@ -712,7 +729,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes 1.19 (EOM) Release Notes", @@ -722,7 +739,7 @@ "uri":"cce_whsnew_0007.html", "node_id":"cce_whsnew_0007.xml", "product_code":"cce", - "code":"40", + "code":"41", "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.17.All resource", "doc_type":"usermanual2", "kw":"Kubernetes 1.17 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", @@ -730,7 +747,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Kubernetes 1.17 (EOM) Release Notes", @@ -740,15 +757,15 @@ "uri":"cce_10_0405.html", "node_id":"cce_10_0405.xml", "product_code":"cce", - "code":"41", - "des":"In CCE v1.27 and later versions, all nodes support only the containerd container engine.All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5", + "code":"42", + "des":"dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd.All nodes in the CCE clusters of ve", "doc_type":"usermanual2", "kw":"Patch Version Release Notes,Cluster Overview,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Patch Version Release Notes", @@ -758,7 +775,7 @@ "uri":"cce_10_0298.html", "node_id":"cce_10_0298.xml", "product_code":"cce", - "code":"42", + "code":"43", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Creating a Cluster", @@ -766,7 +783,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Cluster", @@ -776,7 +793,7 @@ "uri":"cce_10_0342.html", "node_id":"cce_10_0342.xml", "product_code":"cce", - "code":"43", + "code":"44", "des":"CCE provides different types of clusters for you to select. The following table lists the differences between them.", "doc_type":"usermanual2", "kw":"Comparison Between Cluster Types,Creating a Cluster,User Guide", @@ -784,7 +801,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Comparison Between Cluster Types", @@ -794,7 +811,7 @@ "uri":"cce_10_0028.html", "node_id":"cce_10_0028.xml", "product_code":"cce", - "code":"44", + "code":"45", "des":"On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this", "doc_type":"usermanual2", "kw":"Creating a CCE Standard/Turbo Cluster,Creating a Cluster,User Guide", @@ -802,7 +819,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a CCE Standard/Turbo Cluster", @@ -812,7 +829,7 @@ "uri":"cce_10_0349.html", "node_id":"cce_10_0349.xml", "product_code":"cce", - "code":"45", + "code":"46", "des":"kube-proxy is a key component of a Kubernetes cluster. It is used for load balancing and forwarding data between a Service and its backend pods.CCE supports the iptables ", "doc_type":"usermanual2", "kw":"kube-proxy,iptables,IP Virtual Server (IPVS),forwarding modes,Comparing iptables and IPVS,Creating a", @@ -820,7 +837,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Comparing iptables and IPVS", @@ -830,7 +847,7 @@ "uri":"cce_10_0140.html", "node_id":"cce_10_0140.xml", "product_code":"cce", - "code":"46", + "code":"47", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Connecting to a Cluster", @@ -838,7 +855,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Connecting to a Cluster", @@ -848,7 +865,7 @@ "uri":"cce_10_0107.html", "node_id":"cce_10_0107.xml", "product_code":"cce", - "code":"47", + "code":"48", "des":"This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses kubeconfig ", "doc_type":"usermanual2", "kw":"kubectl,Intranet access,Two-Way Authentication for Domain Names,Error from server Forbidden,The conn", @@ -856,7 +873,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Connecting to a Cluster Using kubectl", @@ -866,25 +883,25 @@ "uri":"cce_10_0175.html", "node_id":"cce_10_0175.xml", "product_code":"cce", - "code":"48", - "des":"This section describes how to obtain the cluster certificate from the console and use it access Kubernetes clusters.The downloaded certificate contains three files: clien", + "code":"49", + "des":"This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.The downloaded certificate contains three files: cl", "doc_type":"usermanual2", - "kw":"X.509 certificate,Connecting to a Cluster Using an X.509 Certificate,Connecting to a Cluster,User Gu", + "kw":"X.509 certificate,Accessing a Cluster Using an X.509 Certificate,Connecting to a Cluster,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Connecting to a Cluster Using an X.509 Certificate", + "title":"Accessing a Cluster Using an X.509 Certificate", "githuburl":"" }, { "uri":"cce_10_0367.html", "node_id":"cce_10_0367.xml", "product_code":"cce", - "code":"49", + "code":"50", "des":"Subject Alternative Name (SAN) allows multiple values (including IP addresses, domain names, and so on) to be associated with certificates. A SAN is usually used by the c", "doc_type":"usermanual2", "kw":"SAN,X.509 certificate,Accessing a Cluster Using a Custom Domain Name,Connecting to a Cluster,User Gu", @@ -892,1403 +909,35 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Accessing a Cluster Using a Custom Domain Name", "githuburl":"" }, { - "uri":"cce_10_0215.html", - "node_id":"cce_10_0215.xml", - "product_code":"cce", - "code":"50", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Upgrading a Cluster", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Upgrading a Cluster", - "githuburl":"" - }, - { - "uri":"cce_10_0197.html", - "node_id":"cce_10_0197.xml", + "uri":"cce_10_0864.html", + "node_id":"cce_10_0864.xml", "product_code":"cce", "code":"51", - "des":"CCE strictly complies with community consistency authentication. It releases three Kubernetes versions each year and offers a maintenance period of at least 24 months aft", + "des":"You can bind an EIP to an API server of a Kubernetes cluster so that the API server can access the Internet.Binding an EIP to an API server for Internet access can pose a", "doc_type":"usermanual2", - "kw":"cluster upgrade process,Node Priority,In-place upgrade,Upgrade Overview,Upgrading a Cluster,User Gui", + "kw":"Configuring a Cluster's API Server for Internet Access,Connecting to a Cluster,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Upgrade Overview", - "githuburl":"" - }, - { - "uri":"cce_10_0302.html", - "node_id":"cce_10_0302.xml", - "product_code":"cce", - "code":"52", - "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.Before upgra", - "doc_type":"usermanual2", - "kw":"Deprecated APIs,Before You Start,Upgrading a Cluster,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Before You Start", - "githuburl":"" - }, - { - "uri":"cce_10_0560.html", - "node_id":"cce_10_0560.xml", - "product_code":"cce", - "code":"53", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Performing Post-Upgrade Verification", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Performing Post-Upgrade Verification", - "githuburl":"" - }, - { - "uri":"cce_10_0568.html", - "node_id":"cce_10_0568.xml", - "product_code":"cce", - "code":"54", - "des":"After a cluster is upgraded, check whether the cluster is in the Running state.CCE automatically checks your cluster status. Go to the cluster list page and confirm the c", - "doc_type":"usermanual2", - "kw":"Cluster Status Check,Performing Post-Upgrade Verification,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Cluster Status Check", - "githuburl":"" - }, - { - "uri":"cce_10_0569.html", - "node_id":"cce_10_0569.xml", - "product_code":"cce", - "code":"55", - "des":"After a cluster is upgraded, check whether nodes in the cluster are in the Running state.CCE automatically checks your node statuses. Go to the node list page and confirm", - "doc_type":"usermanual2", - "kw":"Node Status Check,Performing Post-Upgrade Verification,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Status Check", - "githuburl":"" - }, - { - "uri":"cce_10_0567.html", - "node_id":"cce_10_0567.xml", - "product_code":"cce", - "code":"56", - "des":"After a cluster is upgraded, check whether there are any nodes that skip the upgrade in the cluster. These nodes may affect the proper running of the cluster.CCE automati", - "doc_type":"usermanual2", - "kw":"Node Skipping Check,Performing Post-Upgrade Verification,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Skipping Check", - "githuburl":"" - }, - { - "uri":"cce_10_0561.html", - "node_id":"cce_10_0561.xml", - "product_code":"cce", - "code":"57", - "des":"After a cluster is upgraded, check whether its services are running properly.Different services have different verification mode. Select a suitable one and verify the ser", - "doc_type":"usermanual2", - "kw":"Service Check,Performing Post-Upgrade Verification,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Service Check", - "githuburl":"" - }, - { - "uri":"cce_10_0565.html", - "node_id":"cce_10_0565.xml", - "product_code":"cce", - "code":"58", - "des":"Check whether nodes can be created in the cluster.If nodes cannot be created in your cluster after the cluster is upgraded, contact technical support.", - "doc_type":"usermanual2", - "kw":"New Node Check,Performing Post-Upgrade Verification,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"New Node Check", - "githuburl":"" - }, - { - "uri":"cce_10_0566.html", - "node_id":"cce_10_0566.xml", - "product_code":"cce", - "code":"59", - "des":"Check whether pods can be created on the existing nodes after the cluster is upgraded.Check whether pods can be created on new nodes after the cluster is upgraded.After c", - "doc_type":"usermanual2", - "kw":"New Pod Check,Performing Post-Upgrade Verification,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"New Pod Check", - "githuburl":"" - }, - { - "uri":"cce_10_0210.html", - "node_id":"cce_10_0210.xml", - "product_code":"cce", - "code":"60", - "des":"This section describes how to migrate services from a cluster of an earlier version to a cluster of a later version in CCE.This operation is applicable when a cross-versi", - "doc_type":"usermanual2", - "kw":"Migrating Services Across Clusters of Different Versions,Upgrading a Cluster,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Migrating Services Across Clusters of Different Versions", - "githuburl":"" - }, - { - "uri":"cce_10_0550.html", - "node_id":"cce_10_0550.xml", - "product_code":"cce", - "code":"61", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Troubleshooting for Pre-upgrade Check Exceptions", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Troubleshooting for Pre-upgrade Check Exceptions", - "githuburl":"" - }, - { - "uri":"cce_10_0549.html", - "node_id":"cce_10_0549.xml", - "product_code":"cce", - "code":"62", - "des":"The system automatically checks a cluster before its upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot continue. To avoid risks, ", - "doc_type":"usermanual2", - "kw":"Pre-upgrade Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Pre-upgrade Check", - "githuburl":"" - }, - { - "uri":"cce_10_0431.html", - "node_id":"cce_10_0431.xml", - "product_code":"cce", - "code":"63", - "des":"Check the following items:Check whether the node is available.Check whether the node OS supports the upgrade.Check whether the node is marked with unexpected node pool la", - "doc_type":"usermanual2", - "kw":"Node Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Restrictions", - "githuburl":"" - }, - { - "uri":"cce_10_0432.html", - "node_id":"cce_10_0432.xml", - "product_code":"cce", - "code":"64", - "des":"Check whether the target cluster is under upgrade management.CCE may temporarily restrict the cluster upgrade due to the following reasons:The cluster is identified as th", - "doc_type":"usermanual2", - "kw":"Upgrade Management,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Upgrade Management", - "githuburl":"" - }, - { - "uri":"cce_10_0433.html", - "node_id":"cce_10_0433.xml", - "product_code":"cce", - "code":"65", - "des":"Check the following items:Check whether the add-on status is normal.Check whether the add-on support the target version.Scenario 1: The add-on malfunctions.Log in to the ", - "doc_type":"usermanual2", - "kw":"Add-ons,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Add-ons", - "githuburl":"" - }, - { - "uri":"cce_10_0434.html", - "node_id":"cce_10_0434.xml", - "product_code":"cce", - "code":"66", - "des":"Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavai", - "doc_type":"usermanual2", - "kw":"Helm Charts,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Helm Charts", - "githuburl":"" - }, - { - "uri":"cce_10_0435.html", - "node_id":"cce_10_0435.xml", - "product_code":"cce", - "code":"67", - "des":"Check whether CCE can connect to your master nodes.Contact technical support.", - "doc_type":"usermanual2", - "kw":"SSH Connectivity of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"SSH Connectivity of Master Nodes", - "githuburl":"" - }, - { - "uri":"cce_10_0436.html", - "node_id":"cce_10_0436.xml", - "product_code":"cce", - "code":"68", - "des":"Check the node pool status.Check whether the node pool OS or container runtime is supported after the upgrade.Scenario: The node pool malfunctions.Log in to the CCE conso", - "doc_type":"usermanual2", - "kw":"Node Pools,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Pools", - "githuburl":"" - }, - { - "uri":"cce_10_0437.html", - "node_id":"cce_10_0437.xml", - "product_code":"cce", - "code":"69", - "des":"Check whether the Protocol & Port of the worker node security groups are set to ICMP: All and whether the security group with the source IP address set to the master node", - "doc_type":"usermanual2", - "kw":"Security Groups,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Security Groups", - "githuburl":"" - }, - { - "uri":"cce_10_0439.html", - "node_id":"cce_10_0439.xml", - "product_code":"cce", - "code":"70", - "des":"Check whether the node needs to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before perfor", - "doc_type":"usermanual2", - "kw":"To-Be-Migrated Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"To-Be-Migrated Nodes", - "githuburl":"" - }, - { - "uri":"cce_10_0440.html", - "node_id":"cce_10_0440.xml", - "product_code":"cce", - "code":"71", - "des":"Check whether there are discarded resources in the clusters.Scenario: The Service in the clusters of v1.25 or later has discarded annotation: tolerate-unready-endpoints.E", - "doc_type":"usermanual2", - "kw":"Discarded Kubernetes Resources,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Discarded Kubernetes Resources", - "githuburl":"" - }, - { - "uri":"cce_10_0441.html", - "node_id":"cce_10_0441.xml", - "product_code":"cce", - "code":"72", - "des":"Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.", - "doc_type":"usermanual2", - "kw":"Compatibility Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Compatibility Risks", - "githuburl":"" - }, - { - "uri":"cce_10_0442.html", - "node_id":"cce_10_0442.xml", - "product_code":"cce", - "code":"73", - "des":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.cce-agent doe", - "doc_type":"usermanual2", - "kw":"CCE Agent Versions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"CCE Agent Versions", - "githuburl":"" - }, - { - "uri":"cce_10_0443.html", - "node_id":"cce_10_0443.xml", - "product_code":"cce", - "code":"74", - "des":"Check whether the CPU usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pod", - "doc_type":"usermanual2", - "kw":"Node CPU Usage,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node CPU Usage", - "githuburl":"" - }, - { - "uri":"cce_10_0444.html", - "node_id":"cce_10_0444.xml", - "product_code":"cce", - "code":"75", - "des":"Check the following items:Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.Check whether the cluster key CRD network-attachment-definiti", - "doc_type":"usermanual2", - "kw":"CRDs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"CRDs", - "githuburl":"" - }, - { - "uri":"cce_10_0445.html", - "node_id":"cce_10_0445.xml", - "product_code":"cce", - "code":"76", - "des":"Check the following items:Check whether the key data disks on the node meet the upgrade requirements.Check whether the /tmp directory has 500 MB available space.During th", - "doc_type":"usermanual2", - "kw":"Node Disks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Disks", - "githuburl":"" - }, - { - "uri":"cce_10_0446.html", - "node_id":"cce_10_0446.xml", - "product_code":"cce", - "code":"77", - "des":"Check the following items:Check whether the DNS configuration of the current node can resolve the OBS address.Check whether the current node can access the OBS address of", - "doc_type":"usermanual2", - "kw":"Node DNS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node DNS", - "githuburl":"" - }, - { - "uri":"cce_10_0447.html", - "node_id":"cce_10_0447.xml", - "product_code":"cce", - "code":"78", - "des":"Check whether the owner and owner group of the files in the /var/paas directory used by the CCE are both paas.Scenario 1: The error message \"xx file permission has been c", - "doc_type":"usermanual2", - "kw":"Node Key Directory File Permissions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Key Directory File Permissions", - "githuburl":"" - }, - { - "uri":"cce_10_0448.html", - "node_id":"cce_10_0448.xml", - "product_code":"cce", - "code":"79", - "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node is unavailable. Restore the nod", - "doc_type":"usermanual2", - "kw":"Kubelet,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Kubelet", - "githuburl":"" - }, - { - "uri":"cce_10_0449.html", - "node_id":"cce_10_0449.xml", - "product_code":"cce", - "code":"80", - "des":"Check whether the memory usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule ", - "doc_type":"usermanual2", - "kw":"Node Memory,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Memory", - "githuburl":"" - }, - { - "uri":"cce_10_0450.html", - "node_id":"cce_10_0450.xml", - "product_code":"cce", - "code":"81", - "des":"Check whether the clock synchronization server ntpd or chronyd of the node is running properly.Scenario 1: ntpd is running abnormally.Log in to the node and run the syste", - "doc_type":"usermanual2", - "kw":"Node Clock Synchronization Server,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Clock Synchronization Server", - "githuburl":"" - }, - { - "uri":"cce_10_0451.html", - "node_id":"cce_10_0451.xml", - "product_code":"cce", - "code":"82", - "des":"Check whether the OS kernel version of the node is supported by CCE.Case 1: The node image is not a standard CCE image.CCE nodes run depending on the initial standard ker", - "doc_type":"usermanual2", - "kw":"Node OS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node OS", - "githuburl":"" - }, - { - "uri":"cce_10_0452.html", - "node_id":"cce_10_0452.xml", - "product_code":"cce", - "code":"83", - "des":"Check whether the number of CPUs on the master node is greater than 2.If the number of CPUs on the master node is 2, contact technical support to expand the number to 4 o", - "doc_type":"usermanual2", - "kw":"Node CPUs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node CPUs", - "githuburl":"" - }, - { - "uri":"cce_10_0453.html", - "node_id":"cce_10_0453.xml", - "product_code":"cce", - "code":"84", - "des":"Check whether the Python commands are available on a node.If the command output is not 0, the check fails.Install Python before the upgrade.", - "doc_type":"usermanual2", - "kw":"Node Python Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Python Commands", - "githuburl":"" - }, - { - "uri":"cce_10_0455.html", - "node_id":"cce_10_0455.xml", - "product_code":"cce", - "code":"85", - "des":"Check whether the nodes in the cluster are ready.Scenario 1: The nodes are in the unavailable status.Log in to the CCE console and click the cluster name to access the cl", - "doc_type":"usermanual2", - "kw":"Node Readiness,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Readiness", - "githuburl":"" - }, - { - "uri":"cce_10_0456.html", - "node_id":"cce_10_0456.xml", - "product_code":"cce", - "code":"86", - "des":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the co", - "doc_type":"usermanual2", - "kw":"Node journald,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node journald", - "githuburl":"" - }, - { - "uri":"cce_10_0457.html", - "node_id":"cce_10_0457.xml", - "product_code":"cce", - "code":"87", - "des":"Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.Scenario: The Docker used by the node is the", - "doc_type":"usermanual2", - "kw":"containerd.sock,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"containerd.sock", - "githuburl":"" - }, - { - "uri":"cce_10_0458.html", - "node_id":"cce_10_0458.xml", - "product_code":"cce", - "code":"88", - "des":"Before the upgrade, check whether an internal error occurs.If this check fails, contact technical support.", - "doc_type":"usermanual2", - "kw":"Internal Errors,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Internal Errors", - "githuburl":"" - }, - { - "uri":"cce_10_0459.html", - "node_id":"cce_10_0459.xml", - "product_code":"cce", - "code":"89", - "des":"Check whether inaccessible mount points exist on the node.Scenario: There are inaccessible mount points on the node.If NFS (such as obsfs or SFS) is used by the node and ", - "doc_type":"usermanual2", - "kw":"Node Mount Points,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Mount Points", - "githuburl":"" - }, - { - "uri":"cce_10_0460.html", - "node_id":"cce_10_0460.xml", - "product_code":"cce", - "code":"90", - "des":"Check whether the taint needed for cluster upgrade exists on the node.Scenario 1: The node is skipped during the cluster upgrade.If the version of the node is different f", - "doc_type":"usermanual2", - "kw":"Kubernetes Node Taints,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Kubernetes Node Taints", - "githuburl":"" - }, - { - "uri":"cce_10_0478.html", - "node_id":"cce_10_0478.xml", - "product_code":"cce", - "code":"91", - "des":"Check whether there are any compatibility restrictions on the current Everest add-on.There are compatibility restrictions on the current Everest add-on and it cannot be u", - "doc_type":"usermanual2", - "kw":"Everest Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Everest Restrictions", - "githuburl":"" - }, - { - "uri":"cce_10_0479.html", - "node_id":"cce_10_0479.xml", - "product_code":"cce", - "code":"92", - "des":"Check whether the current cce-controller-hpa add-on has compatibility restrictions.The current cce-controller-hpa add-on has compatibility restrictions. An add-on that ca", - "doc_type":"usermanual2", - "kw":"cce-hpa-controller Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"cce-hpa-controller Restrictions", - "githuburl":"" - }, - { - "uri":"cce_10_0480.html", - "node_id":"cce_10_0480.xml", - "product_code":"cce", - "code":"93", - "des":"Check whether the current cluster version and the target version support enhanced CPU policy.Scenario: Only the current cluster version supports the enhanced CPU policy f", - "doc_type":"usermanual2", - "kw":"Enhanced CPU Policies,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Enhanced CPU Policies", - "githuburl":"" - }, - { - "uri":"cce_10_0484.html", - "node_id":"cce_10_0484.xml", - "product_code":"cce", - "code":"94", - "des":"Check whether the container runtime and network components on the worker nodes are healthy.If a worker node component malfunctions, log in to the node to check the status", - "doc_type":"usermanual2", - "kw":"Health of Worker Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Health of Worker Node Components", - "githuburl":"" - }, - { - "uri":"cce_10_0485.html", - "node_id":"cce_10_0485.xml", - "product_code":"cce", - "code":"95", - "des":"Check whether the Kubernetes, container runtime, and network components of the master nodes are healthy.If a master node component malfunctions, contact technical support", - "doc_type":"usermanual2", - "kw":"Health of Master Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Health of Master Node Components", - "githuburl":"" - }, - { - "uri":"cce_10_0486.html", - "node_id":"cce_10_0486.xml", - "product_code":"cce", - "code":"96", - "des":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reduce Kubernetes resources that are ne", - "doc_type":"usermanual2", - "kw":"Memory Resource Limit of Kubernetes Components,Troubleshooting for Pre-upgrade Check Exceptions,User", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Memory Resource Limit of Kubernetes Components", - "githuburl":"" - }, - { - "uri":"cce_10_0487.html", - "node_id":"cce_10_0487.xml", - "product_code":"cce", - "code":"97", - "des":"The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.Due to the limited time range of audi", - "doc_type":"usermanual2", - "kw":"Discarded Kubernetes APIs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Discarded Kubernetes APIs", - "githuburl":"" - }, - { - "uri":"cce_10_0488.html", - "node_id":"cce_10_0488.xml", - "product_code":"cce", - "code":"98", - "des":"If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.CCE Turbo clusters support IPv6 since v1.23. This feature is available ", - "doc_type":"usermanual2", - "kw":"IPv6 Capabilities of a CCE Turbo Cluster,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"IPv6 Capabilities of a CCE Turbo Cluster", - "githuburl":"" - }, - { - "uri":"cce_10_0489.html", - "node_id":"cce_10_0489.xml", - "product_code":"cce", - "code":"99", - "des":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager.", - "doc_type":"usermanual2", - "kw":"Node NetworkManager,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node NetworkManager", - "githuburl":"" - }, - { - "uri":"cce_10_0490.html", - "node_id":"cce_10_0490.xml", - "product_code":"cce", - "code":"100", - "des":"Check the ID file format.", - "doc_type":"usermanual2", - "kw":"Node ID File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node ID File", - "githuburl":"" - }, - { - "uri":"cce_10_0491.html", - "node_id":"cce_10_0491.xml", - "product_code":"cce", - "code":"101", - "des":"When you upgrade a cluster to v1.19 or later, the system checks whether the following configuration files have been modified on the backend:/opt/cloud/cce/kubernetes/kube", - "doc_type":"usermanual2", - "kw":"Node Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Configuration Consistency", - "githuburl":"" - }, - { - "uri":"cce_10_0492.html", - "node_id":"cce_10_0492.xml", - "product_code":"cce", - "code":"102", - "des":"Check whether the configuration files of key components exist on the node.The following table lists the files to be checked.Contact technical support to restore the confi", - "doc_type":"usermanual2", - "kw":"Node Configuration File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Configuration File", - "githuburl":"" - }, - { - "uri":"cce_10_0493.html", - "node_id":"cce_10_0493.xml", - "product_code":"cce", - "code":"103", - "des":"Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affec", - "doc_type":"usermanual2", - "kw":"CoreDNS Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"CoreDNS Configuration Consistency", - "githuburl":"" - }, - { - "uri":"cce_10_0494.html", - "node_id":"cce_10_0494.xml", - "product_code":"cce", - "code":"104", - "des":"Whether the sudo commands and sudo-related files of the node are workingScenario 1: The sudo command fails to be executed.During the in-place cluster upgrade, the sudo co", - "doc_type":"usermanual2", - "kw":"sudo Commands of a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"sudo Commands of a Node", - "githuburl":"" - }, - { - "uri":"cce_10_0495.html", - "node_id":"cce_10_0495.xml", - "product_code":"cce", - "code":"105", - "des":"Whether some key commands that the node upgrade depends on are workingScenario 1: Executing the package manager command failed.Executing the rpm or dpkg command failed. I", - "doc_type":"usermanual2", - "kw":"Key Commands of Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Key Commands of Nodes", - "githuburl":"" - }, - { - "uri":"cce_10_0496.html", - "node_id":"cce_10_0496.xml", - "product_code":"cce", - "code":"106", - "des":"Check whether the docker/containerd.sock file is directly mounted to the pods on a node. During an upgrade, Docker or containerd restarts and the sock file on the host ch", - "doc_type":"usermanual2", - "kw":"Mounting of a Sock File on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Mounting of a Sock File on a Node", - "githuburl":"" - }, - { - "uri":"cce_10_0497.html", - "node_id":"cce_10_0497.xml", - "product_code":"cce", - "code":"107", - "des":"Check whether the certificate used by an HTTPS load balancer has been modified on ELB.The certificate referenced by an HTTPS ingress created on CCE is modified on the ELB", - "doc_type":"usermanual2", - "kw":"HTTPS Load Balancer Certificate Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Gu", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"HTTPS Load Balancer Certificate Consistency", - "githuburl":"" - }, - { - "uri":"cce_10_0498.html", - "node_id":"cce_10_0498.xml", - "product_code":"cce", - "code":"108", - "des":"Check whether the default mount directory and soft link on the node have been manually mounted or modified.Non-shared diskBy default, /var/lib/docker, containerd, or /mnt", - "doc_type":"usermanual2", - "kw":"Node Mounting,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Mounting", - "githuburl":"" - }, - { - "uri":"cce_10_0499.html", - "node_id":"cce_10_0499.xml", - "product_code":"cce", - "code":"109", - "des":"Check whether user paas is allowed to log in to a node.Run the following command to check whether user paas is allowed to log in to a node:If the permissions assigned to ", - "doc_type":"usermanual2", - "kw":"Login Permissions of User paas on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Login Permissions of User paas on a Node", - "githuburl":"" - }, - { - "uri":"cce_10_0500.html", - "node_id":"cce_10_0500.xml", - "product_code":"cce", - "code":"110", - "des":"Check whether the load balancer associated with a Service is allocated with a private IPv4 address.Solution 1: Delete the Service that is associated with a load balancer ", - "doc_type":"usermanual2", - "kw":"Private IPv4 Addresses of Load Balancers,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Private IPv4 Addresses of Load Balancers", - "githuburl":"" - }, - { - "uri":"cce_10_0501.html", - "node_id":"cce_10_0501.xml", - "product_code":"cce", - "code":"111", - "des":"Check whether the source version of the cluster is earlier than v1.11 and the target version is later than v1.23.If the source version of the cluster is earlier than v1.1", - "doc_type":"usermanual2", - "kw":"Historical Upgrade Records,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Historical Upgrade Records", - "githuburl":"" - }, - { - "uri":"cce_10_0502.html", - "node_id":"cce_10_0502.xml", - "product_code":"cce", - "code":"112", - "des":"Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.If the CIDR block of the cluster management plane is d", - "doc_type":"usermanual2", - "kw":"CIDR Block of the Cluster Management Plane,Troubleshooting for Pre-upgrade Check Exceptions,User Gui", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"CIDR Block of the Cluster Management Plane", - "githuburl":"" - }, - { - "uri":"cce_10_0503.html", - "node_id":"cce_10_0503.xml", - "product_code":"cce", - "code":"113", - "des":"The GPU add-on is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.The GPU add-on driver needs to be configured by ", - "doc_type":"usermanual2", - "kw":"GPU Add-on,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"GPU Add-on", - "githuburl":"" - }, - { - "uri":"cce_10_0504.html", - "node_id":"cce_10_0504.xml", - "product_code":"cce", - "code":"114", - "des":"Check whether the default system parameter settings on your nodes are modified.If the MTU value of the bond0 network on your BMS node is not the default value 1500, this ", - "doc_type":"usermanual2", - "kw":"Nodes' System Parameter Settings,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Nodes' System Parameter Settings", - "githuburl":"" - }, - { - "uri":"cce_10_0505.html", - "node_id":"cce_10_0505.xml", - "product_code":"cce", - "code":"115", - "des":"Check whether there are residual package version data in the current cluster.A message is displayed indicating that there are residual 10.12.1.109 CRD resources in your c", - "doc_type":"usermanual2", - "kw":"Residual Package Versions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Residual Package Versions", - "githuburl":"" - }, - { - "uri":"cce_10_0506.html", - "node_id":"cce_10_0506.xml", - "product_code":"cce", - "code":"116", - "des":"Check whether the commands required for the upgrade are available on the node.The cluster upgrade failure is typically caused by the lack of key node commands that are re", - "doc_type":"usermanual2", - "kw":"Node Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Commands", - "githuburl":"" - }, - { - "uri":"cce_10_0507.html", - "node_id":"cce_10_0507.xml", - "product_code":"cce", - "code":"117", - "des":"Check whether swap has been enabled on cluster nodes.By default, swap is disabled on CCE nodes. Check the necessity of enabling swap manually and determine the impact of ", - "doc_type":"usermanual2", - "kw":"Node Swap,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Swap", - "githuburl":"" - }, - { - "uri":"cce_10_0510.html", - "node_id":"cce_10_0510.xml", - "product_code":"cce", - "code":"118", - "des":"Check whether the service container running on the node may restart when the containerd component is upgraded on the node that uses containerd in the current cluster.Ensu", - "doc_type":"usermanual2", - "kw":"Check containerd pod restart risk,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Check containerd pod restart risk", - "githuburl":"" - }, - { - "uri":"cce_10_0511.html", - "node_id":"cce_10_0511.xml", - "product_code":"cce", - "code":"119", - "des":"Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.", - "doc_type":"usermanual2", - "kw":"Key GPU Add-on Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Key GPU Add-on Parameters", - "githuburl":"" - }, - { - "uri":"cce_10_0512.html", - "node_id":"cce_10_0512.xml", - "product_code":"cce", - "code":"120", - "des":"Check whether GPU or NPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.Upgrade the cluster when the impact on services", - "doc_type":"usermanual2", - "kw":"GPU or NPU Pod Rebuild Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"GPU or NPU Pod Rebuild Risks", - "githuburl":"" - }, - { - "uri":"cce_10_0513.html", - "node_id":"cce_10_0513.xml", - "product_code":"cce", - "code":"121", - "des":"Check whether the access control of the ELB listener has been configured for the Service in the current cluster using annotations and whether the configurations are corre", - "doc_type":"usermanual2", - "kw":"ELB Listener Access Control,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"ELB Listener Access Control", - "githuburl":"" - }, - { - "uri":"cce_10_0514.html", - "node_id":"cce_10_0514.xml", - "product_code":"cce", - "code":"122", - "des":"Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.Flavor inconsistency is typically due to a modification made o", - "doc_type":"usermanual2", - "kw":"Master Node Flavor,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Master Node Flavor", - "githuburl":"" - }, - { - "uri":"cce_10_0515.html", - "node_id":"cce_10_0515.xml", - "product_code":"cce", - "code":"123", - "des":"Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.If the number of IP addresses in the selected cluster subnet is insuffic", - "doc_type":"usermanual2", - "kw":"Subnet Quota of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Subnet Quota of Master Nodes", - "githuburl":"" - }, - { - "uri":"cce_10_0516.html", - "node_id":"cce_10_0516.xml", - "product_code":"cce", - "code":"124", - "des":"Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.If the runtime on your node is", - "doc_type":"usermanual2", - "kw":"Node Runtime,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Runtime", - "githuburl":"" - }, - { - "uri":"cce_10_0517.html", - "node_id":"cce_10_0517.xml", - "product_code":"cce", - "code":"125", - "des":"Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.If the runtime on your node po", - "doc_type":"usermanual2", - "kw":"Node Pool Runtime,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Pool Runtime", - "githuburl":"" - }, - { - "uri":"cce_10_0518.html", - "node_id":"cce_10_0518.xml", - "product_code":"cce", - "code":"126", - "des":"Check the number of images on your node. If the number is greater than 1000, Docker startup may be slow.Contact O&M personnel to check whether this issue affects the upgr", - "doc_type":"usermanual2", - "kw":"Number of Node Images,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Number of Node Images", + "title":"Configuring a Cluster's API Server for Internet Access", "githuburl":"" }, { "uri":"cce_10_0031.html", "node_id":"cce_10_0031.xml", "product_code":"cce", - "code":"127", + "code":"52", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Cluster", @@ -2296,7 +945,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Managing a Cluster", @@ -2306,69 +955,87 @@ "uri":"cce_10_0213.html", "node_id":"cce_10_0213.xml", "product_code":"cce", - "code":"128", - "des":"CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.This function is supported only in clusters of v1.15 a", + "code":"53", + "des":"CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.kube-apiserverkube-controller-managerkube-scheduler", "doc_type":"usermanual2", - "kw":"cluster parameters,kube-apiserver,kube-controller-manager,Cluster Configuration Management,Managing ", + "kw":"cluster parameters,kube-apiserver,kube-controller-manager,Modifying Cluster Configurations,Managing ", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Cluster Configuration Management", + "title":"Modifying Cluster Configurations", "githuburl":"" }, { "uri":"cce_10_0602.html", "node_id":"cce_10_0602.xml", "product_code":"cce", - "code":"129", - "des":"If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.The cluster version must ", + "code":"54", + "des":"After overload control is enabled, the number of simultaneous requests is dynamically regulated according to the resource pressure on the master nodes. This ensures that ", "doc_type":"usermanual2", - "kw":"Cluster Overload Control,Managing a Cluster,User Guide", + "kw":"overload control,Enabling Overload Control for a Cluster,Managing a Cluster,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Cluster Overload Control", + "title":"Enabling Overload Control for a Cluster", "githuburl":"" }, { "uri":"cce_10_0403.html", "node_id":"cce_10_0403.xml", "product_code":"cce", - "code":"130", - "des":"CCE allows you to change the number of nodes managed in a cluster.This function is supported for clusters of v1.15 and later versions.Starting from v1.15.11, the number o", + "code":"55", + "des":"CCE allows you to change the number of nodes managed in a cluster.A cluster that has only one master node supports fewer than 1000 worker nodes.The number of master nodes", "doc_type":"usermanual2", "kw":"Changing Cluster Scale,Managing a Cluster,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Changing Cluster Scale", "githuburl":"" }, + { + "uri":"cce_10_0426.html", + "node_id":"cce_10_0426.xml", + "product_code":"cce", + "code":"56", + "des":"When creating a cluster, you can customize a node security group to centrally manage network security policies. For a created cluster, you can change its default node sec", + "doc_type":"usermanual2", + "kw":"Changing the Default Security Group of a Node,Managing a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Changing the Default Security Group of a Node", + "githuburl":"" + }, { "uri":"cce_10_0212.html", "node_id":"cce_10_0212.xml", "product_code":"cce", - "code":"131", - "des":"Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workloads, and Services. Related services cannot be ", + "code":"57", + "des":"Deleting a cluster will delete the workloads and Services in the cluster, and the deleted data cannot be recovered. Before performing this operation, ensure that related ", "doc_type":"usermanual2", "kw":"Deleting a Cluster,Managing a Cluster,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Deleting a Cluster", @@ -2378,25 +1045,1411 @@ "uri":"cce_10_0214.html", "node_id":"cce_10_0214.xml", "product_code":"cce", - "code":"132", - "des":"If you do not need to use a cluster temporarily, hibernate the cluster.After a cluster is hibernated, resources such as workloads cannot be created or managed in the clus", + "code":"58", + "des":"If a pay-per-use cluster is not needed temporarily, hibernate it to reduce costs.After a cluster is hibernated, resources such as workloads cannot be created or managed i", "doc_type":"usermanual2", - "kw":"Hibernating and Waking Up a Cluster,Managing a Cluster,User Guide", + "kw":"Hibernating or Waking Up a Cluster,Managing a Cluster,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Hibernating and Waking Up a Cluster", + "title":"Hibernating or Waking Up a Cluster", + "githuburl":"" + }, + { + "uri":"cce_10_0215.html", + "node_id":"cce_10_0215.xml", + "product_code":"cce", + "code":"59", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Upgrading a Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Upgrading a Cluster", + "githuburl":"" + }, + { + "uri":"cce_10_0197.html", + "node_id":"cce_10_0197.xml", + "product_code":"cce", + "code":"60", + "des":"CCE strictly complies with community consistency authentication. It releases three Kubernetes versions each year and offers a maintenance period of at least 24 months aft", + "doc_type":"usermanual2", + "kw":"cluster upgrade process,Node Priority,In-place upgrade,Process and Method of Upgrading a Cluster,Upg", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Process and Method of Upgrading a Cluster", + "githuburl":"" + }, + { + "uri":"cce_10_0302.html", + "node_id":"cce_10_0302.xml", + "product_code":"cce", + "code":"61", + "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Process and Method of Upgradi", + "doc_type":"usermanual2", + "kw":"Deprecated APIs,Before You Start,Upgrading a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Before You Start", + "githuburl":"" + }, + { + "uri":"cce_10_0560.html", + "node_id":"cce_10_0560.xml", + "product_code":"cce", + "code":"62", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Performing Post-Upgrade Verification", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Performing Post-Upgrade Verification", + "githuburl":"" + }, + { + "uri":"cce_10_0568.html", + "node_id":"cce_10_0568.xml", + "product_code":"cce", + "code":"63", + "des":"After a cluster is upgraded, check whether the cluster is in the Running state.CCE automatically checks your cluster status. Go to the cluster list page and confirm the c", + "doc_type":"usermanual2", + "kw":"Cluster Status Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Cluster Status Check", + "githuburl":"" + }, + { + "uri":"cce_10_0569.html", + "node_id":"cce_10_0569.xml", + "product_code":"cce", + "code":"64", + "des":"After a cluster is upgraded, check whether nodes in the cluster are in the Running state.CCE automatically checks your node statuses. Go to the node list page and confirm", + "doc_type":"usermanual2", + "kw":"Node Status Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Status Check", + "githuburl":"" + }, + { + "uri":"cce_10_0567.html", + "node_id":"cce_10_0567.xml", + "product_code":"cce", + "code":"65", + "des":"After a cluster is upgraded, check whether there are any nodes that skip the upgrade in the cluster. These nodes may affect the proper running of the cluster.CCE automati", + "doc_type":"usermanual2", + "kw":"Node Skipping Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Skipping Check", + "githuburl":"" + }, + { + "uri":"cce_10_0561.html", + "node_id":"cce_10_0561.xml", + "product_code":"cce", + "code":"66", + "des":"After a cluster is upgraded, check whether its services are running properly.Different services have different verification mode. Select a suitable one and verify the ser", + "doc_type":"usermanual2", + "kw":"Service Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Service Check", + "githuburl":"" + }, + { + "uri":"cce_10_0565.html", + "node_id":"cce_10_0565.xml", + "product_code":"cce", + "code":"67", + "des":"Check whether nodes can be created in the cluster.If nodes cannot be created in your cluster after the cluster is upgraded, contact technical support.", + "doc_type":"usermanual2", + "kw":"New Node Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"New Node Check", + "githuburl":"" + }, + { + "uri":"cce_10_0566.html", + "node_id":"cce_10_0566.xml", + "product_code":"cce", + "code":"68", + "des":"Check whether pods can be created on the existing nodes after the cluster is upgraded.Check whether pods can be created on new nodes after the cluster is upgraded.After c", + "doc_type":"usermanual2", + "kw":"New Pod Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"New Pod Check", + "githuburl":"" + }, + { + "uri":"cce_10_0210.html", + "node_id":"cce_10_0210.xml", + "product_code":"cce", + "code":"69", + "des":"This section describes how to migrate services from a cluster of an earlier version to a cluster of a later version in CCE.This operation is applicable when a cross-versi", + "doc_type":"usermanual2", + "kw":"Migrating Services Across Clusters of Different Versions,Upgrading a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Migrating Services Across Clusters of Different Versions", + "githuburl":"" + }, + { + "uri":"cce_10_0550.html", + "node_id":"cce_10_0550.xml", + "product_code":"cce", + "code":"70", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Troubleshooting for Pre-upgrade Check Exceptions", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Troubleshooting for Pre-upgrade Check Exceptions", + "githuburl":"" + }, + { + "uri":"cce_10_0549.html", + "node_id":"cce_10_0549.xml", + "product_code":"cce", + "code":"71", + "des":"The system automatically checks a cluster before its upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot continue. To avoid risks, ", + "doc_type":"usermanual2", + "kw":"Pre-upgrade Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Pre-upgrade Check", + "githuburl":"" + }, + { + "uri":"cce_10_0431.html", + "node_id":"cce_10_0431.xml", + "product_code":"cce", + "code":"72", + "des":"Check the following items:Check whether the node is available.Check whether the node OS supports the upgrade.Check whether the node is marked with unexpected node pool la", + "doc_type":"usermanual2", + "kw":"Node Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Restrictions", + "githuburl":"" + }, + { + "uri":"cce_10_0432.html", + "node_id":"cce_10_0432.xml", + "product_code":"cce", + "code":"73", + "des":"Check whether the target cluster is under upgrade management.CCE may temporarily restrict the cluster upgrade due to the following reasons:The cluster is identified as th", + "doc_type":"usermanual2", + "kw":"Upgrade Management,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Upgrade Management", + "githuburl":"" + }, + { + "uri":"cce_10_0433.html", + "node_id":"cce_10_0433.xml", + "product_code":"cce", + "code":"74", + "des":"Check the following items:Check whether the add-on status is normal.Check whether the add-on support the target version.Scenario 1: The add-on malfunctions.Log in to the ", + "doc_type":"usermanual2", + "kw":"Add-ons,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Add-ons", + "githuburl":"" + }, + { + "uri":"cce_10_0434.html", + "node_id":"cce_10_0434.xml", + "product_code":"cce", + "code":"75", + "des":"Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavai", + "doc_type":"usermanual2", + "kw":"Helm Charts,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Helm Charts", + "githuburl":"" + }, + { + "uri":"cce_10_0435.html", + "node_id":"cce_10_0435.xml", + "product_code":"cce", + "code":"76", + "des":"Check whether CCE can connect to your master nodes.Contact technical support.", + "doc_type":"usermanual2", + "kw":"SSH Connectivity of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"SSH Connectivity of Master Nodes", + "githuburl":"" + }, + { + "uri":"cce_10_0436.html", + "node_id":"cce_10_0436.xml", + "product_code":"cce", + "code":"77", + "des":"Check the node pool status.Check whether the node pool OS or container runtime is supported after the upgrade.Scenario: The node pool malfunctions.Log in to the CCE conso", + "doc_type":"usermanual2", + "kw":"Node Pools,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Pools", + "githuburl":"" + }, + { + "uri":"cce_10_0437.html", + "node_id":"cce_10_0437.xml", + "product_code":"cce", + "code":"78", + "des":"Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node ", + "doc_type":"usermanual2", + "kw":"Security Groups,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Security Groups", + "githuburl":"" + }, + { + "uri":"cce_10_0439.html", + "node_id":"cce_10_0439.xml", + "product_code":"cce", + "code":"79", + "des":"Check whether nodes need to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before performing", + "doc_type":"usermanual2", + "kw":"Residual Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Residual Nodes", + "githuburl":"" + }, + { + "uri":"cce_10_0440.html", + "node_id":"cce_10_0440.xml", + "product_code":"cce", + "code":"80", + "des":"Check whether there are discarded resources in the clusters.Scenario: The Service in the clusters of v1.25 or later has discarded annotation: tolerate-unready-endpoints.E", + "doc_type":"usermanual2", + "kw":"Discarded Kubernetes Resources,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Discarded Kubernetes Resources", + "githuburl":"" + }, + { + "uri":"cce_10_0441.html", + "node_id":"cce_10_0441.xml", + "product_code":"cce", + "code":"81", + "des":"Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.", + "doc_type":"usermanual2", + "kw":"Compatibility Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Compatibility Risks", + "githuburl":"" + }, + { + "uri":"cce_10_0442.html", + "node_id":"cce_10_0442.xml", + "product_code":"cce", + "code":"82", + "des":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.cce-agent doe", + "doc_type":"usermanual2", + "kw":"CCE Agent Versions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"CCE Agent Versions", + "githuburl":"" + }, + { + "uri":"cce_10_0443.html", + "node_id":"cce_10_0443.xml", + "product_code":"cce", + "code":"83", + "des":"Check whether the CPU usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pod", + "doc_type":"usermanual2", + "kw":"Node CPU Usage,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node CPU Usage", + "githuburl":"" + }, + { + "uri":"cce_10_0444.html", + "node_id":"cce_10_0444.xml", + "product_code":"cce", + "code":"84", + "des":"Check the following items:Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.Check whether the cluster key CRD network-attachment-definiti", + "doc_type":"usermanual2", + "kw":"CRDs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"CRDs", + "githuburl":"" + }, + { + "uri":"cce_10_0445.html", + "node_id":"cce_10_0445.xml", + "product_code":"cce", + "code":"85", + "des":"Check the following items:Check whether the key data disks on the node meet the upgrade requirements.Check whether the /tmp directory has 500 MB available space.During th", + "doc_type":"usermanual2", + "kw":"Node Disks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Disks", + "githuburl":"" + }, + { + "uri":"cce_10_0446.html", + "node_id":"cce_10_0446.xml", + "product_code":"cce", + "code":"86", + "des":"Check the following items:Check whether the DNS configuration of the current node can resolve the OBS address.Check whether the current node can access the OBS address of", + "doc_type":"usermanual2", + "kw":"Node DNS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node DNS", + "githuburl":"" + }, + { + "uri":"cce_10_0447.html", + "node_id":"cce_10_0447.xml", + "product_code":"cce", + "code":"87", + "des":"Check whether the owner and owner group of the files in the /var/paas directory used by the CCE are both paas.Scenario 1: The error message \"xx file permission has been c", + "doc_type":"usermanual2", + "kw":"Node Key Directory File Permissions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Key Directory File Permissions", + "githuburl":"" + }, + { + "uri":"cce_10_0448.html", + "node_id":"cce_10_0448.xml", + "product_code":"cce", + "code":"88", + "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node is unavailable. Restore the nod", + "doc_type":"usermanual2", + "kw":"kubelet,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"kubelet", + "githuburl":"" + }, + { + "uri":"cce_10_0449.html", + "node_id":"cce_10_0449.xml", + "product_code":"cce", + "code":"89", + "des":"Check whether the memory usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule ", + "doc_type":"usermanual2", + "kw":"Node Memory,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Memory", + "githuburl":"" + }, + { + "uri":"cce_10_0450.html", + "node_id":"cce_10_0450.xml", + "product_code":"cce", + "code":"90", + "des":"Check whether the clock synchronization server ntpd or chronyd of the node is running properly.Scenario 1: ntpd is running abnormally.Log in to the node and run the syste", + "doc_type":"usermanual2", + "kw":"Node Clock Synchronization Server,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Clock Synchronization Server", + "githuburl":"" + }, + { + "uri":"cce_10_0451.html", + "node_id":"cce_10_0451.xml", + "product_code":"cce", + "code":"91", + "des":"Check whether the OS kernel version of the node is supported by CCE.Case 1: The node image is not a standard CCE image.CCE nodes run depending on the initial standard ker", + "doc_type":"usermanual2", + "kw":"Node OS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node OS", + "githuburl":"" + }, + { + "uri":"cce_10_0452.html", + "node_id":"cce_10_0452.xml", + "product_code":"cce", + "code":"92", + "des":"Check whether the number of CPUs on the master node is greater than 2.If the number of CPUs on the master node is 2, contact technical support to expand the number to 4 o", + "doc_type":"usermanual2", + "kw":"Node CPUs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node CPUs", + "githuburl":"" + }, + { + "uri":"cce_10_0453.html", + "node_id":"cce_10_0453.xml", + "product_code":"cce", + "code":"93", + "des":"Check whether the Python commands are available on a node.If the command output is not 0, the check fails.Install Python before the upgrade.", + "doc_type":"usermanual2", + "kw":"Node Python Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Python Commands", + "githuburl":"" + }, + { + "uri":"cce_10_0455.html", + "node_id":"cce_10_0455.xml", + "product_code":"cce", + "code":"94", + "des":"Check whether the nodes in the cluster are ready.Scenario 1: The nodes are in the unavailable status.Log in to the CCE console and click the cluster name to access the cl", + "doc_type":"usermanual2", + "kw":"Node Readiness,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Readiness", + "githuburl":"" + }, + { + "uri":"cce_10_0456.html", + "node_id":"cce_10_0456.xml", + "product_code":"cce", + "code":"95", + "des":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the co", + "doc_type":"usermanual2", + "kw":"Node journald,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node journald", + "githuburl":"" + }, + { + "uri":"cce_10_0457.html", + "node_id":"cce_10_0457.xml", + "product_code":"cce", + "code":"96", + "des":"Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.Scenario: The Docker used by the node is the", + "doc_type":"usermanual2", + "kw":"containerd.sock,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"containerd.sock", + "githuburl":"" + }, + { + "uri":"cce_10_0458.html", + "node_id":"cce_10_0458.xml", + "product_code":"cce", + "code":"97", + "des":"Before the upgrade, check whether an internal error occurs.If this check fails, contact technical support.", + "doc_type":"usermanual2", + "kw":"Internal Errors,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Internal Errors", + "githuburl":"" + }, + { + "uri":"cce_10_0459.html", + "node_id":"cce_10_0459.xml", + "product_code":"cce", + "code":"98", + "des":"Check whether inaccessible mount points exist on the node.Scenario: There are inaccessible mount points on the node.If NFS (such as obsfs or SFS) is used by the node and ", + "doc_type":"usermanual2", + "kw":"Node Mount Points,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Mount Points", + "githuburl":"" + }, + { + "uri":"cce_10_0460.html", + "node_id":"cce_10_0460.xml", + "product_code":"cce", + "code":"99", + "des":"Check whether the taint needed for cluster upgrade exists on the node.Scenario 1: The node is skipped during the cluster upgrade.If the version of the node is different f", + "doc_type":"usermanual2", + "kw":"Kubernetes Node Taints,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes Node Taints", + "githuburl":"" + }, + { + "uri":"cce_10_0478.html", + "node_id":"cce_10_0478.xml", + "product_code":"cce", + "code":"100", + "des":"Check whether there are any compatibility restrictions on the current Everest add-on.There are compatibility restrictions on the current Everest add-on and it cannot be u", + "doc_type":"usermanual2", + "kw":"Everest Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Everest Restrictions", + "githuburl":"" + }, + { + "uri":"cce_10_0479.html", + "node_id":"cce_10_0479.xml", + "product_code":"cce", + "code":"101", + "des":"Check whether the current cce-controller-hpa add-on has compatibility restrictions.The current cce-controller-hpa add-on has compatibility restrictions. An add-on that ca", + "doc_type":"usermanual2", + "kw":"cce-hpa-controller Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"cce-hpa-controller Restrictions", + "githuburl":"" + }, + { + "uri":"cce_10_0480.html", + "node_id":"cce_10_0480.xml", + "product_code":"cce", + "code":"102", + "des":"Check whether the current cluster version and the target version support enhanced CPU policy.Scenario: Only the current cluster version supports the enhanced CPU policy f", + "doc_type":"usermanual2", + "kw":"Enhanced CPU Policies,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Enhanced CPU Policies", + "githuburl":"" + }, + { + "uri":"cce_10_0484.html", + "node_id":"cce_10_0484.xml", + "product_code":"cce", + "code":"103", + "des":"Check whether the container runtime and network components on the worker nodes are healthy.If a worker node component malfunctions, log in to the node to check the status", + "doc_type":"usermanual2", + "kw":"Health of Worker Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Health of Worker Node Components", + "githuburl":"" + }, + { + "uri":"cce_10_0485.html", + "node_id":"cce_10_0485.xml", + "product_code":"cce", + "code":"104", + "des":"Check whether the Kubernetes, container runtime, and network components of the master nodes are healthy.If a master node component malfunctions, contact technical support", + "doc_type":"usermanual2", + "kw":"Health of Master Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Health of Master Node Components", + "githuburl":"" + }, + { + "uri":"cce_10_0486.html", + "node_id":"cce_10_0486.xml", + "product_code":"cce", + "code":"105", + "des":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reduce Kubernetes resources that are ne", + "doc_type":"usermanual2", + "kw":"Memory Resource Limit of Kubernetes Components,Troubleshooting for Pre-upgrade Check Exceptions,User", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Memory Resource Limit of Kubernetes Components", + "githuburl":"" + }, + { + "uri":"cce_10_0487.html", + "node_id":"cce_10_0487.xml", + "product_code":"cce", + "code":"106", + "des":"The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.Due to the limited time range of audi", + "doc_type":"usermanual2", + "kw":"Discarded Kubernetes APIs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Discarded Kubernetes APIs", + "githuburl":"" + }, + { + "uri":"cce_10_0488.html", + "node_id":"cce_10_0488.xml", + "product_code":"cce", + "code":"107", + "des":"If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.CCE Turbo clusters support IPv6 since v1.23. This feature is available ", + "doc_type":"usermanual2", + "kw":"IPv6 Support in CCE Turbo Clusters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"IPv6 Support in CCE Turbo Clusters", + "githuburl":"" + }, + { + "uri":"cce_10_0489.html", + "node_id":"cce_10_0489.xml", + "product_code":"cce", + "code":"108", + "des":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager.", + "doc_type":"usermanual2", + "kw":"NetworkManager,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"NetworkManager", + "githuburl":"" + }, + { + "uri":"cce_10_0490.html", + "node_id":"cce_10_0490.xml", + "product_code":"cce", + "code":"109", + "des":"Check the ID file format.", + "doc_type":"usermanual2", + "kw":"Node ID File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node ID File", + "githuburl":"" + }, + { + "uri":"cce_10_0491.html", + "node_id":"cce_10_0491.xml", + "product_code":"cce", + "code":"110", + "des":"When you upgrade a cluster to v1.19 or later, the system checks whether the following configuration files have been modified on the backend:/opt/cloud/cce/kubernetes/kube", + "doc_type":"usermanual2", + "kw":"Node Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Configuration Consistency", + "githuburl":"" + }, + { + "uri":"cce_10_0492.html", + "node_id":"cce_10_0492.xml", + "product_code":"cce", + "code":"111", + "des":"Check whether the configuration files of key components exist on the node.The following table lists the files to be checked.Contact technical support to restore the confi", + "doc_type":"usermanual2", + "kw":"Node Configuration File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Configuration File", + "githuburl":"" + }, + { + "uri":"cce_10_0493.html", + "node_id":"cce_10_0493.xml", + "product_code":"cce", + "code":"112", + "des":"Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affec", + "doc_type":"usermanual2", + "kw":"CoreDNS Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"CoreDNS Configuration Consistency", + "githuburl":"" + }, + { + "uri":"cce_10_0494.html", + "node_id":"cce_10_0494.xml", + "product_code":"cce", + "code":"113", + "des":"Check whether the sudo commands and sudo-related files of the node are working.Scenario 1: The sudo command fails to be executed.During the in-place cluster upgrade, the ", + "doc_type":"usermanual2", + "kw":"sudo,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"sudo", + "githuburl":"" + }, + { + "uri":"cce_10_0495.html", + "node_id":"cce_10_0495.xml", + "product_code":"cce", + "code":"114", + "des":"Whether some key commands that the node upgrade depends on are workingScenario 1: Executing the package manager command failed.Executing the rpm or dpkg command failed. I", + "doc_type":"usermanual2", + "kw":"Key Node Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Key Node Commands", + "githuburl":"" + }, + { + "uri":"cce_10_0496.html", + "node_id":"cce_10_0496.xml", + "product_code":"cce", + "code":"115", + "des":"Check whether the docker/containerd.sock file is directly mounted to the pods on a node. During an upgrade, Docker or containerd restarts and the sock file on the host ch", + "doc_type":"usermanual2", + "kw":"Mounting of a Sock File on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Mounting of a Sock File on a Node", + "githuburl":"" + }, + { + "uri":"cce_10_0497.html", + "node_id":"cce_10_0497.xml", + "product_code":"cce", + "code":"116", + "des":"Check whether the certificate used by an HTTPS load balancer has been modified on ELB.The certificate referenced by an HTTPS ingress created on CCE is modified on the ELB", + "doc_type":"usermanual2", + "kw":"HTTPS Load Balancer Certificate Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Gu", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"HTTPS Load Balancer Certificate Consistency", + "githuburl":"" + }, + { + "uri":"cce_10_0498.html", + "node_id":"cce_10_0498.xml", + "product_code":"cce", + "code":"117", + "des":"Check whether the default mount directory and soft link on the node have been manually mounted or modified.Non-shared diskBy default, /var/lib/docker, containerd, or /mnt", + "doc_type":"usermanual2", + "kw":"Node Mounting,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Mounting", + "githuburl":"" + }, + { + "uri":"cce_10_0499.html", + "node_id":"cce_10_0499.xml", + "product_code":"cce", + "code":"118", + "des":"Check whether user paas is allowed to log in to a node.Run the following command to check whether user paas is allowed to log in to a node:If the permissions assigned to ", + "doc_type":"usermanual2", + "kw":"Login Permissions of User paas on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Login Permissions of User paas on a Node", + "githuburl":"" + }, + { + "uri":"cce_10_0500.html", + "node_id":"cce_10_0500.xml", + "product_code":"cce", + "code":"119", + "des":"Check whether the load balancer associated with a Service is allocated with a private IPv4 address.Solution 1: Delete the Service that is associated with a load balancer ", + "doc_type":"usermanual2", + "kw":"Private IPv4 Addresses of Load Balancers,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Private IPv4 Addresses of Load Balancers", + "githuburl":"" + }, + { + "uri":"cce_10_0501.html", + "node_id":"cce_10_0501.xml", + "product_code":"cce", + "code":"120", + "des":"Check whether the source version of the cluster is earlier than v1.11 and the target version is later than v1.23.If the source version of the cluster is earlier than v1.1", + "doc_type":"usermanual2", + "kw":"Historical Upgrade Records,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Historical Upgrade Records", + "githuburl":"" + }, + { + "uri":"cce_10_0502.html", + "node_id":"cce_10_0502.xml", + "product_code":"cce", + "code":"121", + "des":"Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.If the CIDR block of the cluster management plane is d", + "doc_type":"usermanual2", + "kw":"CIDR Block of the Cluster Management Plane,Troubleshooting for Pre-upgrade Check Exceptions,User Gui", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"CIDR Block of the Cluster Management Plane", + "githuburl":"" + }, + { + "uri":"cce_10_0503.html", + "node_id":"cce_10_0503.xml", + "product_code":"cce", + "code":"122", + "des":"The GPU add-on is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.The GPU add-on driver needs to be configured by ", + "doc_type":"usermanual2", + "kw":"GPU Add-on,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"GPU Add-on", + "githuburl":"" + }, + { + "uri":"cce_10_0504.html", + "node_id":"cce_10_0504.xml", + "product_code":"cce", + "code":"123", + "des":"Check whether the default system parameter settings on your nodes are modified.If the MTU value of the bond0 network on your BMS node is not the default value 1500, this ", + "doc_type":"usermanual2", + "kw":"Nodes' System Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Nodes' System Parameters", + "githuburl":"" + }, + { + "uri":"cce_10_0505.html", + "node_id":"cce_10_0505.xml", + "product_code":"cce", + "code":"124", + "des":"Check whether there are residual package version data in the current cluster.A message is displayed indicating that there are residual 10.12.1.109 CRD resources in your c", + "doc_type":"usermanual2", + "kw":"Residual Package Version Data,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Residual Package Version Data", + "githuburl":"" + }, + { + "uri":"cce_10_0506.html", + "node_id":"cce_10_0506.xml", + "product_code":"cce", + "code":"125", + "des":"Check whether the commands required for the upgrade are available on the node.The cluster upgrade failure is typically caused by the lack of key node commands that are re", + "doc_type":"usermanual2", + "kw":"Node Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Commands", + "githuburl":"" + }, + { + "uri":"cce_10_0507.html", + "node_id":"cce_10_0507.xml", + "product_code":"cce", + "code":"126", + "des":"Check whether swap has been enabled on cluster nodes.By default, swap is disabled on CCE nodes. Check the necessity of enabling swap manually and determine the impact of ", + "doc_type":"usermanual2", + "kw":"Node Swap,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Swap", + "githuburl":"" + }, + { + "uri":"cce_10_0510.html", + "node_id":"cce_10_0510.xml", + "product_code":"cce", + "code":"127", + "des":"Check whether the service pods running on a containerd node are restarted when containerd is upgraded.Upgrade the cluster when the impact on services is controllable (for", + "doc_type":"usermanual2", + "kw":"containerd Pod Restart Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"containerd Pod Restart Risks", + "githuburl":"" + }, + { + "uri":"cce_10_0511.html", + "node_id":"cce_10_0511.xml", + "product_code":"cce", + "code":"128", + "des":"Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.", + "doc_type":"usermanual2", + "kw":"Key GPU Add-on Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Key GPU Add-on Parameters", + "githuburl":"" + }, + { + "uri":"cce_10_0512.html", + "node_id":"cce_10_0512.xml", + "product_code":"cce", + "code":"129", + "des":"Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.Upgrade the cluster when the impact on services is con", + "doc_type":"usermanual2", + "kw":"GPU Pod Rebuild Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"GPU Pod Rebuild Risks", + "githuburl":"" + }, + { + "uri":"cce_10_0513.html", + "node_id":"cce_10_0513.xml", + "product_code":"cce", + "code":"130", + "des":"Check whether the access control of the ELB listener has been configured for the Service in the current cluster using annotations and whether the configurations are corre", + "doc_type":"usermanual2", + "kw":"ELB Listener Access Control,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"ELB Listener Access Control", + "githuburl":"" + }, + { + "uri":"cce_10_0514.html", + "node_id":"cce_10_0514.xml", + "product_code":"cce", + "code":"131", + "des":"Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.Flavor inconsistency is typically due to a modification made o", + "doc_type":"usermanual2", + "kw":"Master Node Flavor,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Master Node Flavor", + "githuburl":"" + }, + { + "uri":"cce_10_0515.html", + "node_id":"cce_10_0515.xml", + "product_code":"cce", + "code":"132", + "des":"Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.If the number of IP addresses in the selected cluster subnet is insuffic", + "doc_type":"usermanual2", + "kw":"Subnet Quota of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Subnet Quota of Master Nodes", + "githuburl":"" + }, + { + "uri":"cce_10_0516.html", + "node_id":"cce_10_0516.xml", + "product_code":"cce", + "code":"133", + "des":"Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.If the runtime on your node is", + "doc_type":"usermanual2", + "kw":"Node Runtime,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Runtime", + "githuburl":"" + }, + { + "uri":"cce_10_0517.html", + "node_id":"cce_10_0517.xml", + "product_code":"cce", + "code":"134", + "des":"Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.If the runtime on your node po", + "doc_type":"usermanual2", + "kw":"Node Pool Runtime,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Node Pool Runtime", + "githuburl":"" + }, + { + "uri":"cce_10_0518.html", + "node_id":"cce_10_0518.xml", + "product_code":"cce", + "code":"135", + "des":"Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions ", + "doc_type":"usermanual2", + "kw":"Number of Node Images,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Number of Node Images", "githuburl":"" }, { "uri":"cce_10_0183.html", "node_id":"cce_10_0183.xml", "product_code":"cce", - "code":"133", + "code":"136", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Nodes", @@ -2404,7 +2457,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Nodes", @@ -2414,7 +2467,7 @@ "uri":"cce_10_0180.html", "node_id":"cce_10_0180.xml", "product_code":"cce", - "code":"134", + "code":"137", "des":"A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (P", "doc_type":"usermanual2", "kw":"paas,user group,Node Overview,Nodes,User Guide", @@ -2422,7 +2475,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Node Overview", @@ -2432,51 +2485,51 @@ "uri":"cce_10_0462.html", "node_id":"cce_10_0462.xml", "product_code":"cce", - "code":"135", + "code":"138", "des":"Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime throu", "doc_type":"usermanual2", - "kw":"Container Engine,Nodes,User Guide", + "kw":"Container Engines,Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Container Engine", + "title":"Container Engines", "githuburl":"" }, { "uri":"cce_10_0476.html", "node_id":"cce_10_0476.xml", "product_code":"cce", - "code":"136", + "code":"139", "des":"This section describes the mappings between released cluster versions and OS versions.", "doc_type":"usermanual2", - "kw":"Node OS,Nodes,User Guide", + "kw":"Node OSs,Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Node OS", + "title":"Node OSs", "githuburl":"" }, { "uri":"cce_10_0363.html", "node_id":"cce_10_0363.xml", "product_code":"cce", - "code":"137", - "des":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The node has at least 2 vCPUs and 4 GiB of memory.To ", + "code":"140", + "des":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The DNS configuration of a subnet where a node is loc", "doc_type":"usermanual2", "kw":"Creating a Node,Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Node", @@ -2486,15 +2539,15 @@ "uri":"cce_10_0198.html", "node_id":"cce_10_0198.xml", "product_code":"cce", - "code":"138", - "des":"In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs) to your cluster for management.While an ECS is being accepted into a cluster, the operating s", + "code":"141", + "des":"In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs) to your cluster for management.When accepting an ECS, you can reset the ECS OS to a standard ", "doc_type":"usermanual2", "kw":"Accepting Nodes for Management,Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Accepting Nodes for Management", @@ -2504,7 +2557,7 @@ "uri":"cce_10_0185.html", "node_id":"cce_10_0185.xml", "product_code":"cce", - "code":"139", + "code":"142", "des":"If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).Only login to a running ECS is allowed.Only the user linux can l", "doc_type":"usermanual2", "kw":"Logging In to a Node,Nodes,User Guide", @@ -2512,7 +2565,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Logging In to a Node", @@ -2522,7 +2575,7 @@ "uri":"cce_10_0672.html", "node_id":"cce_10_0672.xml", "product_code":"cce", - "code":"140", + "code":"143", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"node labels", @@ -2530,7 +2583,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Management Nodes", @@ -2540,7 +2593,7 @@ "uri":"cce_10_0004.html", "node_id":"cce_10_0004.xml", "product_code":"cce", - "code":"141", + "code":"144", "des":"You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.", "doc_type":"usermanual2", "kw":"node labels,Inherent Label of a Node,Managing Node Labels,Management Nodes,User Guide", @@ -2548,7 +2601,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Managing Node Labels", @@ -2558,7 +2611,7 @@ "uri":"cce_10_0352.html", "node_id":"cce_10_0352.xml", "product_code":"cce", - "code":"142", + "code":"145", "des":"Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.On the CCE console, you can also batch manage nodes' taints.Enter the k", "doc_type":"usermanual2", "kw":"NoSchedule,PreferNoSchedule,NoExecute,System Taints,Managing Node Taints,Management Nodes,User Guide", @@ -2566,7 +2619,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Managing Node Taints", @@ -2576,7 +2629,7 @@ "uri":"cce_10_0003.html", "node_id":"cce_10_0003.xml", "product_code":"cce", - "code":"143", + "code":"146", "des":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", "doc_type":"usermanual2", "kw":"reset a node,Resetting a Node,Management Nodes,User Guide", @@ -2584,7 +2637,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Resetting a Node", @@ -2594,7 +2647,7 @@ "uri":"cce_10_0338.html", "node_id":"cce_10_0338.xml", "product_code":"cce", - "code":"144", + "code":"147", "des":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", "doc_type":"usermanual2", "kw":"Removing a Node,Management Nodes,User Guide", @@ -2602,7 +2655,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Removing a Node", @@ -2612,7 +2665,7 @@ "uri":"cce_10_0184.html", "node_id":"cce_10_0184.xml", "product_code":"cce", - "code":"145", + "code":"148", "des":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifyi", "doc_type":"usermanual2", "kw":"synchronize the ECS,Synchronizing the Data of Cloud Servers,Management Nodes,User Guide", @@ -2620,7 +2673,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Synchronizing the Data of Cloud Servers", @@ -2630,15 +2683,15 @@ "uri":"cce_10_0605.html", "node_id":"cce_10_0605.xml", "product_code":"cce", - "code":"146", - "des":"After you enable nodal drainage on the console, CCE configures the node to be non-schedulable and securely evicts all pods that comply with Nodal Drainage Rules on the no", + "code":"149", + "des":"After you enable nodal drainage on the console, CCE configures the node to be non-schedulable and securely evicts all pods that comply with Rules for Draining Nodes on th", "doc_type":"usermanual2", "kw":"nodal drainage,nodal drainage,Draining a Node,Management Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Draining a Node", @@ -2648,15 +2701,15 @@ "uri":"cce_10_0186.html", "node_id":"cce_10_0186.xml", "product_code":"cce", - "code":"147", - "des":"When a node in a CCE cluster is deleted, services running on the node will also be deleted. Exercise caution when performing this operation.VM nodes that are being used b", + "code":"150", + "des":"You can delete a pay-per-use node that is not needed from the node list.Deleting or unsubscribing from a node in a CCE cluster will release the node and services running ", "doc_type":"usermanual2", "kw":"Deleting a Node,Management Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Deleting a Node", @@ -2666,15 +2719,15 @@ "uri":"cce_10_0036.html", "node_id":"cce_10_0036.xml", "product_code":"cce", - "code":"148", - "des":"After a node in the cluster is stopped, services on the node are also stopped. Before stopping a node, ensure that discontinuity of the services on the node will not resu", + "code":"151", + "des":"When a node in the cluster is stopped, all services on that node will also be stopped, and the node will no longer be available for scheduling. Check if your services wil", "doc_type":"usermanual2", "kw":"Stopping a Node,Management Nodes,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Stopping a Node", @@ -2684,7 +2737,7 @@ "uri":"cce_10_0276.html", "node_id":"cce_10_0276.xml", "product_code":"cce", - "code":"149", + "code":"152", "des":"In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.The o", "doc_type":"usermanual2", "kw":"Performing Rolling Upgrade for Nodes,Management Nodes,User Guide", @@ -2692,7 +2745,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Performing Rolling Upgrade for Nodes", @@ -2702,7 +2755,7 @@ "uri":"cce_10_0704.html", "node_id":"cce_10_0704.xml", "product_code":"cce", - "code":"150", + "code":"153", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node O&M", @@ -2710,7 +2763,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Node O&M", @@ -2720,7 +2773,7 @@ "uri":"cce_10_0178.html", "node_id":"cce_10_0178.xml", "product_code":"cce", - "code":"151", + "code":"154", "des":"Some node resources are used to run mandatory Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node res", "doc_type":"usermanual2", "kw":"total number of node resources,Node Resource Reservation Policy,Node O&M,User Guide", @@ -2728,7 +2781,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Node Resource Reservation Policy", @@ -2738,15 +2791,15 @@ "uri":"cce_10_0341.html", "node_id":"cce_10_0341.xml", "product_code":"cce", - "code":"152", + "code":"155", "des":"This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.When creating a node, configure data disks for t", "doc_type":"usermanual2", - "kw":"data disk space allocation,Container engine and container image space,basesize,basesize,Container St", + "kw":"data disk space allocation,Container engine and container image space,container engine and container", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Data Disk Space Allocation", @@ -2756,25 +2809,43 @@ "uri":"cce_10_0348.html", "node_id":"cce_10_0348.xml", "product_code":"cce", - "code":"153", - "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:For a cluster using the container tunnel network model, the value depends", + "code":"156", + "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:When creating a cluster using a VPC network, you need to configure the nu", "doc_type":"usermanual2", - "kw":"Maximum Number of Pods on a Node,alpha.cce/fixPoolMask,maximum number of pods,Maximum Number of Pods", + "kw":"Maximum Number of Pods on a Node,maximum number of pods,Maximum Number of Pods That Can Be Created o", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Maximum Number of Pods That Can Be Created on a Node", "githuburl":"" }, + { + "uri":"cce_10_0883.html", + "node_id":"cce_10_0883.xml", + "product_code":"cce", + "code":"157", + "des":"To maintain the stability of nodes, CCE stores Kubernetes and container runtime components on separate data disks. Kubernetes uses the /mnt/paas/kubernetes directory, and", + "doc_type":"usermanual2", + "kw":"Differences Between CCE Node mountPath Configurations and Community Native Configurations,Node O&M,U", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Differences Between CCE Node mountPath Configurations and Community Native Configurations", + "githuburl":"" + }, { "uri":"cce_10_0601.html", "node_id":"cce_10_0601.xml", "product_code":"cce", - "code":"154", + "code":"158", "des":"Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Do", "doc_type":"usermanual2", "kw":"Migrating Nodes from Docker to containerd,Node O&M,User Guide", @@ -2782,7 +2853,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Migrating Nodes from Docker to containerd", @@ -2792,25 +2863,25 @@ "uri":"cce_10_0659.html", "node_id":"cce_10_0659.xml", "product_code":"cce", - "code":"155", + "code":"159", "des":"The node fault detection function depends on the NPD add-on. The add-on instances run on nodes and monitor nodes. This section describes how to enable node fault detectio", "doc_type":"usermanual2", - "kw":"Node Fault Detection,Check Items,Node Fault Detection Policy,Node O&M,User Guide", + "kw":"Node Fault Detection,Check Items,Configuring Node Fault Detection Policies,Node O&M,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Node Fault Detection Policy", + "title":"Configuring Node Fault Detection Policies", "githuburl":"" }, { "uri":"cce_10_0035.html", "node_id":"cce_10_0035.xml", "product_code":"cce", - "code":"156", + "code":"160", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node Pools", @@ -2818,7 +2889,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Node Pools", @@ -2828,7 +2899,7 @@ "uri":"cce_10_0081.html", "node_id":"cce_10_0081.xml", "product_code":"cce", - "code":"157", + "code":"161", "des":"CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configuration in a clus", "doc_type":"usermanual2", "kw":"DefaultPool,DefaultPool,Deploying a Workload in a Specified Node Pool,Node Pool Overview,Node Pools,", @@ -2836,7 +2907,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Node Pool Overview", @@ -2846,25 +2917,43 @@ "uri":"cce_10_0012.html", "node_id":"cce_10_0012.xml", "product_code":"cce", - "code":"158", - "des":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.The Autoscaler a", + "code":"162", + "des":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.Basic SettingsCo", "doc_type":"usermanual2", "kw":"Creating a Node Pool,Node Pools,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Node Pool", "githuburl":"" }, + { + "uri":"cce_10_0658.html", + "node_id":"cce_10_0658.xml", + "product_code":"cce", + "code":"163", + "des":"You can specify a specification in a node pool for scaling.The default node pool does not support scaling. Use Creating a Node to add a node.Number of Scaling Targets: Th", + "doc_type":"usermanual2", + "kw":"Scaling a Node Pool,Node Pools,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Scaling a Node Pool", + "githuburl":"" + }, { "uri":"cce_10_0222.html", "node_id":"cce_10_0222.xml", "product_code":"cce", - "code":"159", + "code":"164", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Node Pool", @@ -2872,7 +2961,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Managing a Node Pool", @@ -2882,15 +2971,15 @@ "uri":"cce_10_0653.html", "node_id":"cce_10_0653.xml", "product_code":"cce", - "code":"160", - "des":"The modification of resource tags of a node pool takes effect only on new nodes. To synchronize the modification onto existing nodes, manually reset the existing nodes.Ch", + "code":"165", + "des":"Changes to the container engine, OS, or pre-/post-installation script in a node pool take effect only on new nodes. To synchronize the modification onto existing nodes, m", "doc_type":"usermanual2", "kw":"Updating a Node Pool,Managing a Node Pool,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Updating a Node Pool", @@ -2900,7 +2989,7 @@ "uri":"cce_10_0727.html", "node_id":"cce_10_0727.xml", "product_code":"cce", - "code":"161", + "code":"166", "des":"Auto Scaling (AS) enables elastic scaling of nodes in a node pool based on scaling policies. Without this function, you have to manually adjust the number of nodes in a n", "doc_type":"usermanual2", "kw":"Updating an AS Configuration,Managing a Node Pool,User Guide", @@ -2908,7 +2997,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Updating an AS Configuration", @@ -2918,25 +3007,43 @@ "uri":"cce_10_0652.html", "node_id":"cce_10_0652.xml", "product_code":"cce", - "code":"162", - "des":"The default node pool DefaultPool does not support the following management operations.CCE allows you to highly customize Kubernetes parameter settings on core components", + "code":"167", + "des":"The default node pool does not support the following management operations.CCE allows you to highly customize Kubernetes parameter settings on core components in a cluste", "doc_type":"usermanual2", - "kw":"Configuring a Node Pool,Managing a Node Pool,User Guide", + "kw":"Modifying Node Pool Configurations,Managing a Node Pool,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Configuring a Node Pool", + "title":"Modifying Node Pool Configurations", + "githuburl":"" + }, + { + "uri":"cce_10_0886.html", + "node_id":"cce_10_0886.xml", + "product_code":"cce", + "code":"168", + "des":"If you want to add a newly created ECS to a node pool in a cluster, or remove a node from a node pool and add it to the node pool again, accept the node.When an ECS is ac", + "doc_type":"usermanual2", + "kw":"Accepting Nodes in a Node Pool,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Accepting Nodes in a Node Pool", "githuburl":"" }, { "uri":"cce_10_0655.html", "node_id":"cce_10_0655.xml", "product_code":"cce", - "code":"163", + "code":"169", "des":"You can copy the configuration of an existing node pool on the CCE console to create new node pools.", "doc_type":"usermanual2", "kw":"Copying a Node Pool,Managing a Node Pool,User Guide", @@ -2944,7 +3051,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Copying a Node Pool", @@ -2954,7 +3061,7 @@ "uri":"cce_10_0654.html", "node_id":"cce_10_0654.xml", "product_code":"cce", - "code":"164", + "code":"170", "des":"After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configuration", "doc_type":"usermanual2", "kw":"Synchronizing Node Pools,Managing a Node Pool,User Guide", @@ -2962,7 +3069,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Synchronizing Node Pools", @@ -2972,15 +3079,15 @@ "uri":"cce_10_0660.html", "node_id":"cce_10_0660.xml", "product_code":"cce", - "code":"165", - "des":"When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.This section describes how to upgrade an OS by", + "code":"171", + "des":"After CCE releases a new OS image, if existing nodes cannot be automatically upgraded, you can manually upgrade them in batches.This section describes how to upgrade an O", "doc_type":"usermanual2", "kw":"Upgrading an OS,Managing a Node Pool,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Upgrading an OS", @@ -2990,7 +3097,7 @@ "uri":"cce_10_0656.html", "node_id":"cce_10_0656.xml", "product_code":"cce", - "code":"166", + "code":"172", "des":"Nodes in a node pool can be migrated to the default node pool. Nodes in the default node pool or a custom node pool cannot be migrated to other custom node pools.The migr", "doc_type":"usermanual2", "kw":"Migrating a Node,Managing a Node Pool,User Guide", @@ -2998,7 +3105,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Migrating a Node", @@ -3008,7 +3115,7 @@ "uri":"cce_10_0657.html", "node_id":"cce_10_0657.xml", "product_code":"cce", - "code":"167", + "code":"173", "des":"Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.Deleting a node pool will de", "doc_type":"usermanual2", "kw":"Deleting a Node Pool,Managing a Node Pool,User Guide", @@ -3016,7 +3123,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Deleting a Node Pool", @@ -3026,7 +3133,7 @@ "uri":"cce_10_0046.html", "node_id":"cce_10_0046.xml", "product_code":"cce", - "code":"168", + "code":"174", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Deployments,StatefulSets,DaemonSets,jobs,cron jobs", @@ -3034,7 +3141,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Workloads", @@ -3044,7 +3151,7 @@ "uri":"cce_10_0006.html", "node_id":"cce_10_0006.xml", "product_code":"cce", - "code":"169", + "code":"175", "des":"A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is ", "doc_type":"usermanual2", "kw":"Deployments,StatefulSets,DaemonSets,jobs,cron jobs,Overview,Workloads,User Guide", @@ -3052,7 +3159,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Overview", @@ -3062,7 +3169,7 @@ "uri":"cce_10_0673.html", "node_id":"cce_10_0673.xml", "product_code":"cce", - "code":"170", + "code":"176", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Creating a Workload", @@ -3070,7 +3177,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Workload", @@ -3080,7 +3187,7 @@ "uri":"cce_10_0047.html", "node_id":"cce_10_0047.xml", "product_code":"cce", - "code":"171", + "code":"177", "des":"Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.Before c", "doc_type":"usermanual2", "kw":"create a workload using kubectl,Creating a Deployment,Creating a Workload,User Guide", @@ -3088,7 +3195,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Deployment", @@ -3098,7 +3205,7 @@ "uri":"cce_10_0048.html", "node_id":"cce_10_0048.xml", "product_code":"cce", - "code":"172", + "code":"178", "des":"StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.A conta", "doc_type":"usermanual2", "kw":"Using kubectl,Creating a StatefulSet,Creating a Workload,User Guide", @@ -3106,7 +3213,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a StatefulSet", @@ -3116,7 +3223,7 @@ "uri":"cce_10_0216.html", "node_id":"cce_10_0216.xml", "product_code":"cce", - "code":"173", + "code":"179", "des":"CCE provides deployment and management capabilities for multiple types of containers and supports features of container workloads, including creation, configuration, moni", "doc_type":"usermanual2", "kw":"create a workload using kubectl,Creating a DaemonSet,Creating a Workload,User Guide", @@ -3124,7 +3231,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a DaemonSet", @@ -3134,7 +3241,7 @@ "uri":"cce_10_0150.html", "node_id":"cce_10_0150.xml", "product_code":"cce", - "code":"174", + "code":"180", "des":"Jobs are short-lived and run for a certain time to completion. They can be executed immediately after being deployed. It is completed after it exits normally (exit 0).A j", "doc_type":"usermanual2", "kw":"Creating a Job,Creating a Workload,User Guide", @@ -3142,7 +3249,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Job", @@ -3152,7 +3259,7 @@ "uri":"cce_10_0151.html", "node_id":"cce_10_0151.xml", "product_code":"cce", - "code":"175", + "code":"181", "des":"A cron job runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.A cron job runs periodically at the specified tim", "doc_type":"usermanual2", "kw":"time synchronization,Creating a Cron Job,Creating a Workload,User Guide", @@ -3160,7 +3267,7 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Creating a Cron Job", @@ -3170,33 +3277,51 @@ "uri":"cce_10_0130.html", "node_id":"cce_10_0130.xml", "product_code":"cce", - "code":"176", + "code":"182", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Configuring a Container", + "kw":"Configuring a Workload", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Configuring a Container", + "title":"Configuring a Workload", + "githuburl":"" + }, + { + "uri":"cce_10_0463.html", + "node_id":"cce_10_0463.xml", + "product_code":"cce", + "code":"183", + "des":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", + "doc_type":"usermanual2", + "kw":"Secure Runtime and Common Runtime,Configuring a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Secure Runtime and Common Runtime", "githuburl":"" }, { "uri":"cce_10_0354.html", "node_id":"cce_10_0354.xml", "product_code":"cce", - "code":"177", + "code":"184", "des":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", "doc_type":"usermanual2", - "kw":"Configuring Time Zone Synchronization,Configuring a Container,User Guide", + "kw":"Configuring Time Zone Synchronization,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Configuring Time Zone Synchronization", @@ -3206,15 +3331,15 @@ "uri":"cce_10_0353.html", "node_id":"cce_10_0353.xml", "product_code":"cce", - "code":"178", + "code":"185", "des":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", "doc_type":"usermanual2", - "kw":"Configuring an Image Pull Policy,Configuring a Container,User Guide", + "kw":"Configuring an Image Pull Policy,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Configuring an Image Pull Policy", @@ -3224,15 +3349,15 @@ "uri":"cce_10_0009.html", "node_id":"cce_10_0009.xml", "product_code":"cce", - "code":"179", + "code":"186", "des":"CCE allows you to create workloads using images pulled from third-party image repositories.Generally, a third-party image repository can be accessed only after authentica", "doc_type":"usermanual2", - "kw":"Using Third-Party Images,Configuring a Container,User Guide", + "kw":"Using Third-Party Images,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Using Third-Party Images", @@ -3242,15 +3367,15 @@ "uri":"cce_10_0163.html", "node_id":"cce_10_0163.xml", "product_code":"cce", - "code":"180", + "code":"187", "des":"CCE allows you to set resource requirements and limits, such as CPU and RAM, for added containers during workload creation. Kubernetes also allows using YAML to set requi", "doc_type":"usermanual2", - "kw":"ephemeral storage,Configuring Container Specifications,Configuring a Container,User Guide", + "kw":"ephemeral storage,Configuring Container Specifications,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Configuring Container Specifications", @@ -3260,15 +3385,15 @@ "uri":"cce_10_0105.html", "node_id":"cce_10_0105.xml", "product_code":"cce", - "code":"181", + "code":"188", "des":"CCE provides callback functions for the lifecycle management of containerized applications. For example, if you want a container to perform a certain operation before sto", "doc_type":"usermanual2", - "kw":"Startup Command,Post-Start,Pre-Stop,Configuring Container Lifecycle Parameters,Configuring a Contain", + "kw":"Startup Command,Post-Start,Pre-Stop,Configuring Container Lifecycle Parameters,Configuring a Workloa", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Configuring Container Lifecycle Parameters", @@ -3278,15 +3403,15 @@ "uri":"cce_10_0112.html", "node_id":"cce_10_0112.xml", "product_code":"cce", - "code":"182", + "code":"189", "des":"Health check regularly checks the health status of containers during container running. If the health check function is not configured, a pod cannot detect application ex", "doc_type":"usermanual2", - "kw":"Health check,HTTP request,TCP port,CLI,Configuring Container Health Check,Configuring a Container,Us", + "kw":"Health check,HTTP request,TCP port,CLI,Configuring Container Health Check,Configuring a Workload,Use", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Configuring Container Health Check", @@ -3296,15 +3421,15 @@ "uri":"cce_10_0113.html", "node_id":"cce_10_0113.xml", "product_code":"cce", - "code":"183", + "code":"190", "des":"An environment variable is a variable whose value can affect the way a running container will behave. You can modify environment variables even after workloads are deploy", "doc_type":"usermanual2", - "kw":"Configuring Environment Variables,Configuring a Container,User Guide", + "kw":"Configuring Environment Variables,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Configuring Environment Variables", @@ -3314,33 +3439,33 @@ "uri":"cce_10_0397.html", "node_id":"cce_10_0397.xml", "product_code":"cce", - "code":"184", + "code":"191", "des":"In actual applications, upgrade is a common operation. A Deployment, StatefulSet, or DaemonSet can easily support application upgrade.You can set different upgrade polici", "doc_type":"usermanual2", - "kw":"Workload Upgrade Policies,Configuring a Container,User Guide", + "kw":"Configuring Workload Upgrade Policies,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Workload Upgrade Policies", + "title":"Configuring Workload Upgrade Policies", "githuburl":"" }, { "uri":"cce_10_0232.html", "node_id":"cce_10_0232.xml", "product_code":"cce", - "code":"185", + "code":"192", "des":"Kubernetes supports node affinity and pod affinity/anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can de", "doc_type":"usermanual2", - "kw":"Scheduling Policies (Affinity/Anti-affinity),Configuring a Container,User Guide", + "kw":"Scheduling Policies (Affinity/Anti-affinity),Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Scheduling Policies (Affinity/Anti-affinity)", @@ -3350,79 +3475,79 @@ "uri":"cce_10_0728.html", "node_id":"cce_10_0728.xml", "product_code":"cce", - "code":"186", + "code":"193", "des":"Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is co", "doc_type":"usermanual2", - "kw":"Taints and Tolerations,Configuring a Container,User Guide", + "kw":"Configuring Tolerance Policies,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Taints and Tolerations", + "title":"Configuring Tolerance Policies", "githuburl":"" }, { "uri":"cce_10_0386.html", "node_id":"cce_10_0386.xml", "product_code":"cce", - "code":"187", + "code":"194", "des":"CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.When you create a workl", "doc_type":"usermanual2", - "kw":"Labels and Annotations,Configuring a Container,User Guide", + "kw":"Configuring Labels and Annotations,Configuring a Workload,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Labels and Annotations", + "title":"Configuring Labels and Annotations", "githuburl":"" }, { "uri":"cce_10_00356.html", "node_id":"cce_10_00356.xml", "product_code":"cce", - "code":"188", + "code":"195", "des":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.The example output is as follows:NAME ", "doc_type":"usermanual2", - "kw":"Accessing a Container,Workloads,User Guide", + "kw":"Logging In to a Container,Workloads,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Accessing a Container", + "title":"Logging In to a Container", "githuburl":"" }, { "uri":"cce_10_0007.html", "node_id":"cce_10_0007.xml", "product_code":"cce", - "code":"189", + "code":"196", "des":"After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMonitor", "doc_type":"usermanual2", - "kw":"Managing Workloads and Jobs,Workloads,User Guide", + "kw":"Managing Workloads,Workloads,User Guide", "search_title":"", "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], - "title":"Managing Workloads and Jobs", + "title":"Managing Workloads", "githuburl":"" }, { "uri":"cce_10_0833.html", "node_id":"cce_10_0833.xml", "product_code":"cce", - "code":"190", + "code":"197", "des":"Custom Resource Definition (CRD) is an extension of Kubernetes APIs. When default Kubernetes resources cannot meet service requirements, you can use CRDs to define new re", "doc_type":"usermanual2", "kw":"Managing Custom Resources,Workloads,User Guide", @@ -3430,3023 +3555,17 @@ "metedata":[ { "prodname":"cce", - "documenttype":"usermanual2" + "documenttype":"usermanual" } ], "title":"Managing Custom Resources", "githuburl":"" }, - { - "uri":"cce_10_0463.html", - "node_id":"cce_10_0463.xml", - "product_code":"cce", - "code":"191", - "des":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", - "doc_type":"usermanual2", - "kw":"Kata Runtime and Common Runtime,Workloads,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Kata Runtime and Common Runtime", - "githuburl":"" - }, - { - "uri":"cce_10_0674.html", - "node_id":"cce_10_0674.xml", - "product_code":"cce", - "code":"192", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0702.html", - "node_id":"cce_10_0702.xml", - "product_code":"cce", - "code":"193", - "des":"CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describe", - "doc_type":"usermanual2", - "kw":"Overview,Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Overview", - "githuburl":"" - }, - { - "uri":"cce_10_0551.html", - "node_id":"cce_10_0551.xml", - "product_code":"cce", - "code":"194", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"CPU Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"CPU Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0351.html", - "node_id":"cce_10_0351.xml", - "product_code":"cce", - "code":"195", - "des":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether t", - "doc_type":"usermanual2", - "kw":"CPU Policy,CPU Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"CPU Policy", - "githuburl":"" - }, - { - "uri":"cce_10_0552.html", - "node_id":"cce_10_0552.xml", - "product_code":"cce", - "code":"196", - "des":"Kubernetes provides two CPU policies: none and static.none: The CPU policy is disabled by default, indicating the existing scheduling behavior.static: The static CPU core", - "doc_type":"usermanual2", - "kw":"Enhanced CPU Policy,CPU Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Enhanced CPU Policy", - "githuburl":"" - }, - { - "uri":"cce_10_0720.html", - "node_id":"cce_10_0720.xml", - "product_code":"cce", - "code":"197", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"GPU Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"GPU Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0345.html", - "node_id":"cce_10_0345.xml", - "product_code":"cce", - "code":"198", - "des":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The gpu-device-plugin (previously gpu-beta add-on) has been installed. Du", - "doc_type":"usermanual2", - "kw":"Default GPU Scheduling in Kubernetes,GPU Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Default GPU Scheduling in Kubernetes", - "githuburl":"" - }, - { - "uri":"cce_10_0423.html", - "node_id":"cce_10_0423.xml", - "product_code":"cce", - "code":"199", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Volcano Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Volcano Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0721.html", - "node_id":"cce_10_0721.xml", - "product_code":"cce", - "code":"200", - "des":"Volcano is a Kubernetes-based batch processing platform that supports machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provi", - "doc_type":"usermanual2", - "kw":"Overview,Volcano Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Overview", - "githuburl":"" - }, - { - "uri":"cce_10_0722.html", - "node_id":"cce_10_0722.xml", - "product_code":"cce", - "code":"201", - "des":"Volcano is a Kubernetes-based batch processing platform with high-performance general computing capabilities like task scheduling engine, heterogeneous chip management, a", - "doc_type":"usermanual2", - "kw":"Scheduling Workloads,Volcano Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Scheduling Workloads", - "githuburl":"" - }, - { - "uri":"cce_10_0768.html", - "node_id":"cce_10_0768.xml", - "product_code":"cce", - "code":"202", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Resource Usage-based Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Resource Usage-based Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0773.html", - "node_id":"cce_10_0773.xml", - "product_code":"cce", - "code":"203", - "des":"Bin packing is an optimization algorithm that aims to properly allocate resources to each job and get the jobs done using the minimum amount of resources. After bin packi", - "doc_type":"usermanual2", - "kw":"Bin Packing,Resource Usage-based Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Bin Packing", - "githuburl":"" - }, - { - "uri":"cce_10_0766.html", - "node_id":"cce_10_0766.xml", - "product_code":"cce", - "code":"204", - "des":"Scheduling in a cluster is the process of binding pending pods to nodes, and is performed by a component called kube-scheduler or Volcano Scheduler. The scheduler uses a ", - "doc_type":"usermanual2", - "kw":"Descheduling,Resource Usage-based Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Descheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0767.html", - "node_id":"cce_10_0767.xml", - "product_code":"cce", - "code":"205", - "des":"In scenarios such as node pool replacement and rolling node upgrade, an old resource pool needs to be replaced with a new one. To prevent the node pool replacement from a", - "doc_type":"usermanual2", - "kw":"Node Pool Affinity,Resource Usage-based Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Node Pool Affinity", - "githuburl":"" - }, - { - "uri":"cce_10_0774.html", - "node_id":"cce_10_0774.xml", - "product_code":"cce", - "code":"206", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Priority-based Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Priority-based Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0775.html", - "node_id":"cce_10_0775.xml", - "product_code":"cce", - "code":"207", - "des":"A pod priority indicates the importance of a pod relative to other pods. Volcano supports pod PriorityClasses in Kubernetes. After PriorityClasses are configured, the sch", - "doc_type":"usermanual2", - "kw":"Priority-based Scheduling,Priority-based Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Priority-based Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0776.html", - "node_id":"cce_10_0776.xml", - "product_code":"cce", - "code":"208", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"AI Performance-based Scheduling", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"AI Performance-based Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0777.html", - "node_id":"cce_10_0777.xml", - "product_code":"cce", - "code":"209", - "des":"Dominant Resource Fairness (DRF) is a scheduling algorithm based on the dominant resource of a container group. DRF scheduling can be used to enhance the service throughp", - "doc_type":"usermanual2", - "kw":"DRF,AI Performance-based Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"DRF", - "githuburl":"" - }, - { - "uri":"cce_10_0778.html", - "node_id":"cce_10_0778.xml", - "product_code":"cce", - "code":"210", - "des":"Gang scheduling is a scheduling algorithm that schedules correlated processes or threads to run simultaneously on different processors. It meets the scheduling requiremen", - "doc_type":"usermanual2", - "kw":"Gang,AI Performance-based Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Gang", - "githuburl":"" - }, - { - "uri":"cce_10_0425.html", - "node_id":"cce_10_0425.xml", - "product_code":"cce", - "code":"211", - "des":"When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduli", - "doc_type":"usermanual2", - "kw":"NUMA Affinity Scheduling,Volcano Scheduling,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"NUMA Affinity Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0709.html", - "node_id":"cce_10_0709.xml", - "product_code":"cce", - "code":"212", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Cloud Native Hybrid Deployment", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Cloud Native Hybrid Deployment", - "githuburl":"" - }, - { - "uri":"cce_10_0384.html", - "node_id":"cce_10_0384.xml", - "product_code":"cce", - "code":"213", - "des":"Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly an", - "doc_type":"usermanual2", - "kw":"Dynamic Resource Oversubscription,Cloud Native Hybrid Deployment,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Dynamic Resource Oversubscription", - "githuburl":"" - }, - { - "uri":"cce_10_0020.html", - "node_id":"cce_10_0020.xml", - "product_code":"cce", - "code":"214", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Network", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Network", - "githuburl":"" - }, - { - "uri":"cce_10_0010.html", - "node_id":"cce_10_0010.xml", - "product_code":"cce", - "code":"215", - "des":"You can learn about a cluster network from the following two aspects:What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are ru", - "doc_type":"usermanual2", - "kw":"Overview,Network,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Overview", - "githuburl":"" - }, - { - "uri":"cce_10_0280.html", - "node_id":"cce_10_0280.xml", - "product_code":"cce", - "code":"216", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Container Network Models", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Container Network Models", - "githuburl":"" - }, - { - "uri":"cce_10_0281.html", - "node_id":"cce_10_0281.xml", - "product_code":"cce", - "code":"217", - "des":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Tun", - "doc_type":"usermanual2", - "kw":"Overview,Container Network Models,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Overview", - "githuburl":"" - }, - { - "uri":"cce_10_0282.html", - "node_id":"cce_10_0282.xml", - "product_code":"cce", - "code":"218", - "des":"The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet pac", - "doc_type":"usermanual2", - "kw":"Container Tunnel Network,Container Network Models,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Container Tunnel Network", - "githuburl":"" - }, - { - "uri":"cce_10_0283.html", - "node_id":"cce_10_0283.xml", - "product_code":"cce", - "code":"219", - "des":"The VPC network uses VPC routing to integrate with the underlying network. This network model is suitable for performance-intensive scenarios. The maximum number of nodes", - "doc_type":"usermanual2", - "kw":"VPC Network,Container Network Models,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"VPC Network", - "githuburl":"" - }, - { - "uri":"cce_10_0284.html", - "node_id":"cce_10_0284.xml", - "product_code":"cce", - "code":"220", - "des":"Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are all", - "doc_type":"usermanual2", - "kw":"Cloud Native 2.0 Network,Container Network Models,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Cloud Native 2.0 Network", - "githuburl":"" - }, - { - "uri":"cce_10_0247.html", - "node_id":"cce_10_0247.xml", - "product_code":"cce", - "code":"221", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"Service", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Service", - "githuburl":"" - }, - { - "uri":"cce_10_0249.html", - "node_id":"cce_10_0249.xml", - "product_code":"cce", - "code":"222", - "des":"After a pod is created, the following problems may occur if you directly access the pod:The pod can be deleted and recreated at any time by a controller such as a Deploym", - "doc_type":"usermanual2", - "kw":"Overview,Service,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual2" - } - ], - "title":"Overview", - "githuburl":"" - }, - { - "uri":"cce_10_0011.html", - "node_id":"cce_10_0011.xml", - "product_code":"cce", - "code":"223", - "des":"ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.The cluster-internal domain name format is -

2024-05-30

+

2024-08-30

+ +

Update:

+ + + +

2024-08-15

+ +

Add:

+ + + +

2024-08-07

+ +

Add:

+ +

Update:

+ + + +

2024-06-26

+ + + + +

2024-05-30

diff --git a/docs/cce/umn/cce_10_0003.html b/docs/cce/umn/cce_10_0003.html index a39d3d97..cf00e839 100644 --- a/docs/cce/umn/cce_10_0003.html +++ b/docs/cce/umn/cce_10_0003.html @@ -4,40 +4,38 @@

Scenario

You can reset a node to modify the node configuration, such as the node OS and login mode.

Resetting a node will reinstall the node OS and the Kubernetes software on the node. If a node is unavailable because you modify the node configuration, you can reset the node to rectify the fault.

-

Constraints

  • For CCE standard clusters and CCE Turbo clusters to support node resetting, the version must be v1.13 or later.
+

Notes and Constraints

  • For CCE standard clusters and CCE Turbo clusters to support node resetting, the version must be v1.13 or later.
-

Precautions

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • After a node is reset, the node OS will be reinstalled. Before resetting a node, drain the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.
  • After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.
  • After a worker node with an extra data disk attached is reset, the attachment will be cleared. In this case, attach the disk again and data will be retained.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • While the node is being deleted, the backend will set the node to the unschedulable state.
  • Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.
  • Resetting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the reset node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
+

Precautions

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • After a node is reset, the node OS will be reinstalled. Before resetting a node, drain the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.
  • After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.
  • After a worker node with an extra data disk attached is reset on the ECS console, the attachment will be cleared. In this case, attach the disk again and data will be retained.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • While the node is being deleted, the backend will set the node to the unschedulable state.
  • Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.
  • Resetting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the reset node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
-

Procedure

You can batch reset nodes using private images.

-
  1. Log in to the CCE console and click the cluster name to access the cluster console.
  2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
  3. In the node list, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
  4. In the displayed dialog box, click Next.

    • For nodes in the DefaultPool node pool, the parameter setting page is displayed. Set the parameters by referring to 5.
    • For a node you create in a node pool, resetting the node does not support parameter configuration. You can directly use the configuration image of the node pool to reset the node.
    -

  5. Specify node parameters.

    Compute Settings -
    Table 1 Configuration parameters

    Parameter

    +

    Resetting Nodes in the Default Pool

    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
    3. In the node list of the default pool, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
    4. In the displayed dialog box, click Next.
    5. Specify node parameters.

      Compute Settings +
      - - - - - - - - - @@ -48,20 +46,20 @@

      Storage Settings

      Configure storage resources on a node for the containers running on it. -
      Table 1 Configuration parameters

      Parameter

      Description

      +

      Description

      Specifications

      +

      Specifications

      Specifications cannot be modified when you reset a node.

      +

      Specifications cannot be modified when you reset a node.

      Container Engine

      +

      Container Engine

      The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

      +

      The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

      OS

      +

      OS

      Select an OS type. Different types of nodes support different OSs.
      • Public image: Select a public image for the node.
      • Private image: Select a private image for the node.
      +
      Select an OS type. Different types of nodes support different OSs.
      • Public image: Select a public image for the node.
      • Private image: Select a private image for the node.
      NOTE:

      Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.

      Login Mode

      +

      Login Mode

      • Key Pair

        Select the key pair used to log in to the node. You can select a shared key.

        +
      • Key Pair

        Select the key pair used to log in to the node. You can select a shared key.

        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
      Table 2 Configuration parameters

      Parameter

      +
      - - - - - @@ -71,48 +69,48 @@
      Advanced Settings -
      Table 2 Storage configuration parameters

      Parameter

      Description

      +

      Description

      System Disk

      +

      System Disk

      Directly use the system disk of the cloud server.

      +

      Directly use the system disk of the cloud server.

      Data Disk

      +

      Data Disk

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      +

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.

      For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory.

      + + + - - -
      Table 3 Advanced configuration parameters

      Parameter

      +
      - - - - - - - - - - - - - @@ -121,7 +119,46 @@

    6. Click Next: Confirm.
    7. Click Submit.
      8. -

      + +

      Resetting Nodes in a Node Pool

      Parameter configurations are not supported when resetting a node you created in a node pool. The image configured for the node pool is used to reset the node.

      +
      +
      1. Log in to the CCE console and click the cluster name to access the cluster console.
      2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
      3. In the node list of the target node pool, select a node to be reset and choose More > Reset Node in the Operation column.
      4. In the displayed dialog box, click Yes.
      +
      +

      Resetting Nodes in a Batch

      Resetting nodes in a batch varies depending on application scenarios.

      + +
      Table 3 Advanced configuration parameters

      Parameter

      Description

      +

      Description

      Resource Tag

      +

      Resource Tag

      You can add resource tags to classify resources.

      -

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      -

      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.

      +

      You can add resource tags to classify resources. A maximum of eight resource tags can be added.

      +

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      +

      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.

      Kubernetes Label

      +

      Kubernetes Label

      Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

      -

      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      +

      Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

      +

      Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      Taint

      +

      Taint

      This parameter is left blank by default. You can add taints to configure node anti-affinity. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
      +
      This field is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
      • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
      NOTICE:
      • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
      • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.

      Max. Pods

      +

      Max. Pods

      Maximum number of pods that can run on the node, including the default system pods.

      +

      Maximum number of pods that can run on the node, including the default system pods.

      This limit prevents the node from being overloaded with pods.

      Pre-installation Command

      +

      Pre-installation Command

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded.

      +

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

      Post-installation Command

      +

      Post-installation Command

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded.

      +

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      The script will be executed after Kubernetes software is installed, which does not affect the installation.
      + + + + + + + + + + + + + + + + + +

      Scenario

      +

      Supported or Not

      +

      Description

      +

      Resetting nodes in the default pool in a batch

      +

      Supported in some scenarios

      +

      This operation can be performed only if the flavors, AZs, and disk configurations of all nodes are the same.

      +

      Resetting nodes in a node pool in a batch

      +

      Supported in some scenarios

      +

      This operation can be performed only if the disk configurations of all nodes are the same.

      +

      Resetting nodes in different node pools in a batch

      +

      Not supported

      +

      Only the nodes in the same node pool can be reset in a batch.

      +
      +
      +

      diff --git a/docs/cce/umn/cce_10_0004.html b/docs/cce/umn/cce_10_0004.html index 4a2ed4e0..5ddb441b 100644 --- a/docs/cce/umn/cce_10_0004.html +++ b/docs/cce/umn/cce_10_0004.html @@ -33,6 +33,12 @@

      false indicates that the node is not a bare metal node.

      node.kubernetes.io/container-engine

      +

      Container engine

      +

      Example: docker or containerd

      +

      node.kubernetes.io/instance-type

      Node specifications

      @@ -74,11 +80,6 @@

      Node OS kernel version

      node.kubernetes.io/container-engine

      -

      Container engine used by the node.

      -

      accelerator

      GPU node labels.

      @@ -93,7 +94,7 @@
      -

      Adding or Deleting a Node Label

      1. Log in to the CCE console and click the cluster name to access the cluster console.
      2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab, select the target node and click Labels and Taints in the upper left corner.
      3. In the displayed dialog box, click Add batch operations under Batch Operation, and then choose Add/Update or Delete.

        Enter the key and value of the label to be added or deleted, and click OK.

        +

        Adding or Deleting a Node Label

        1. Log in to the CCE console and click the cluster name to access the cluster console.
        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab, select the target node and click Labels and Taints in the upper left corner.
        3. In the displayed dialog box, click Add operation under Batch Operation, and then choose Add/Update or Delete.

          Enter the key and value of the label to be added or deleted, and click OK.

          For example, the key is deploy_qa and the value is true, indicating that the node is used to deploy the QA (test) environment.

        4. After the label is added, check the added label in node data.
        diff --git a/docs/cce/umn/cce_10_0006.html b/docs/cce/umn/cce_10_0006.html index b3d3578e..d55f867c 100644 --- a/docs/cce/umn/cce_10_0006.html +++ b/docs/cce/umn/cce_10_0006.html @@ -25,8 +25,8 @@

        DaemonSets are closely related to nodes. If a node becomes faulty, the DaemonSet will not create the same pods on other nodes.

        Figure 3 DaemonSet
      -

      Overview of Job and CronJob

      Jobs and cron jobs allow you to run short lived, one-off tasks in batch. They ensure the task pods run to completion.

      -
      • A job is a resource object used by Kubernetes to control batch tasks. Jobs are different from long-term servo tasks (such as Deployments and StatefulSets). The former is started and terminated at specific times, while the latter runs unceasingly unless being terminated. The pods managed by a job will be automatically removed after successfully completing tasks based on user configurations.
      • A cron job runs a job periodically on a specified schedule. A cron job object is similar to a line of a crontab file in Linux.
      +

      Overview of Job and CronJob

      Jobs and CronJobs allow you to run short lived, one-off tasks in batch. They ensure the task pods run to completion.

      +
      • A job is a resource object used by Kubernetes to control batch tasks. Jobs are different from long-term servo tasks (such as Deployments and StatefulSets). The former is started and terminated at specific times, while the latter runs unceasingly unless being terminated. The pods managed by a job will be automatically removed after successfully completing tasks based on user configurations.
      • A CronJob runs a job periodically on a specified schedule. A CronJob object is similar to a line of a crontab file in Linux.

      This run-to-completion feature of jobs is especially suitable for one-off tasks, such as continuous integration (CI).

      Workload Lifecycle

      diff --git a/docs/cce/umn/cce_10_0007.html b/docs/cce/umn/cce_10_0007.html index 22595b6d..15e58c92 100644 --- a/docs/cce/umn/cce_10_0007.html +++ b/docs/cce/umn/cce_10_0007.html @@ -1,6 +1,6 @@ -

      Managing Workloads and Jobs

      +

      Managing Workloads

      Scenario

      After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.
      @@ -25,8 +25,8 @@ - @@ -76,7 +76,7 @@

      Viewing Logs

      You can view logs of Deployments, StatefulSets, DaemonSets, and jobs. This section uses a Deployment as an example to describe how to view logs.

      Before viewing logs, ensure that the time of the browser is the same as that on the backend server.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and click the View Log of the target workload.

        In the displayed View Log window, you can view logs.

        +
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. Click the Deployments tab and click View Log of the target workload.

          In the displayed View Log window, you can view logs.

          The displayed logs are standard output logs of containers and do not have persistence and advanced O&M capabilities. To use more comprehensive log capabilities, see Logs. If the function of collecting standard output is enabled for the workload (enabled by default), you can go to AOM to view more workload logs. For details, see Collecting Container Logs Using ICAgent.

        @@ -88,11 +88,11 @@

    8. Upgrade the workload based on service requirements. The method for setting parameter is the same as that for creating a workload.
    9. After the update is complete, click Upgrade Workload, manually confirm the YAML file, and submit the upgrade.
      10. -

      Editing a YAML file

      You can modify and download YAML files of Deployments, StatefulSets, DaemonSets, CronJobs, and containers on the CCE console. YAML files of jobs can only be viewed, copied, and downloaded. This section uses a Deployment as an example to describe how to edit the YAML file.

      +

      Editing a YAML file

      You can modify and download YAML files of Deployments, StatefulSets, DaemonSets, CronJobs, and pods on the CCE console. YAML files of jobs can only be viewed, copied, and downloaded. This section uses a Deployment as an example to describe how to edit the YAML file.

      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Edit YAML in the Operation column of the target workload. In the dialog box that is displayed, modify the YAML file.
      3. Click OK.
      4. (Optional) In the Edit YAML window, click Download to download the YAML file.

      Rolling Back a Workload (Available Only for Deployments)

      CCE records the release history of all Deployments. You can roll back a Deployment to a specified version.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab, choose More > Roll Back in the Operation column of the target workload.
      3. Switch to the Change History tab page, click Roll Back to This Version of the target version, manually confirm the YAML file, and click OK.
      +
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Roll Back in the Operation column of the target workload.
      3. Switch to the Change History tab page, click Roll Back to This Version of the target version, manually confirm the YAML file, and click OK.

      Redeploying a Workload

      After you redeploy a workload, all pods in the workload will be restarted. This section uses Deployments as an example to illustrate how to redeploy a workload.

      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Redeploy in the Operation column of the target workload.
      3. In the dialog box that is displayed, click Yes to redeploy the workload.
      @@ -109,13 +109,13 @@

      -

      Deleting a Workload/Job

      You can delete a workload or job that is no longer needed. Deleted workloads or jobs cannot be recovered. Exercise caution when you perform this operation. This section uses a Deployment as an example to describe how to delete a workload.

      +

      Deleting a Workload/Job

      You can delete a workload or job that is no longer needed. Deleted workloads or jobs cannot be recovered. This section uses a Deployment as an example to describe how to delete a workload.

      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. In the same row as the workload you will delete, choose Operation > More > Delete.

        Read the system prompts carefully. A workload cannot be recovered after it is deleted. Exercise caution when performing this operation.

      3. Click Yes.

        • If the node where the pod is located is unavailable or shut down and the workload cannot be deleted, you can forcibly delete the pod from the pod list on the workload details page.
        • Ensure that the storage volumes to be deleted are not used by other workloads. If these volumes are imported or have snapshots, you can only unbind them.

      -

      Events

      This section uses Deployments as an example to illustrate how to view events of a workload. To view the event of a job or cron jon, click View Event in the Operation column of the target workload.

      +

      Events

      This section uses a Deployment as an example to describe how to view events of a workload. To view the event of a job or CronJob, click View Event in the Operation column of the target workload.

      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. On the Deployments tab page, click the target workload. In the Pods tab page, click the View Events to view the event name, event type, number of occurrences, Kubernetes event, first occurrence time, and last occurrence time.

        Event data will be retained for one hour and then automatically deleted.

      diff --git a/docs/cce/umn/cce_10_0009.html b/docs/cce/umn/cce_10_0009.html index 99b00079..6caddac7 100644 --- a/docs/cce/umn/cce_10_0009.html +++ b/docs/cce/umn/cce_10_0009.html @@ -10,7 +10,7 @@

      Enter the username and password used to access the third-party image repository.

    10. When creating a workload, enter a private image path in the format of domainname/namespace/imagename:tag in Image Name and select the key created in 1.
    11. Set other parameters and click Create Workload.
      12. -

      Using kubectl

      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.

        kubectl create secret docker-registry myregistrykey  -n default --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
        +

        Using kubectl

        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.

          kubectl create secret docker-registry myregistrykey  -n default --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

          In the preceding command, myregistrykey indicates the key name, default indicates the namespace where the key is located, and other parameters are as follows:

          • DOCKER_REGISTRY_SERVER: address of a third-party image repository, for example, www.3rdregistry.com or 10.10.10.10:443
          • DOCKER_USER: account used for logging in to a third-party image repository
          • DOCKER_PASSWORD: password used for logging in to a third-party image repository
          • DOCKER_EMAIL: email of a third-party image repository

        3. Use a third-party image to create a workload.

          A kubernetes.io/dockerconfigjson secret is used for authentication when you obtain a private image. The following is an example of using the myregistrykey for authentication.
          apiVersion: v1
@@ -30,7 +30,7 @@ spec:
          -
          Parent topic: Configuring a Container
          +
          Parent topic: Configuring a Workload
          diff --git a/docs/cce/umn/cce_10_0010.html b/docs/cce/umn/cce_10_0010.html index dbbe0ae1..8fe2b3c3 100644 --- a/docs/cce/umn/cce_10_0010.html +++ b/docs/cce/umn/cce_10_0010.html @@ -4,11 +4,11 @@

          You can learn about a cluster network from the following two aspects:

          • What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are running on the nodes. Nodes and containers need to communicate with each other. For details about the cluster network types and their functions, see Cluster Network Structure.
          • How is pod access implemented in a cluster? Accessing a pod or container is a process of accessing services of a user. Kubernetes provides Service and Ingress to address pod access issues. This section summarizes common network access scenarios. You can select the proper scenario based on site requirements. For details about the network access scenarios, see Access Scenarios.

          Cluster Network Structure

          All nodes in the cluster are located in a VPC and use the VPC network. The container network is managed by dedicated network add-ons.

          -

          +

          • Node Network

            A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.

            -
          • Container Network

            A container network assigns IP addresses to containers in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.

            +
          • Container Network

            A container network assigns IP addresses to pods in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.

            Currently, CCE supports the following container network models:

            -
            • Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.
            • VPC network: The VPC network uses VPC routing to integrate with the underlying network. This network model applies to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. This networking model is free from tunnel encapsulation overhead and outperforms the container tunnel network model. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
            • Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.
            +
            • Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.
            • VPC network: The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. Each node is assigned a CIDR block of a fixed size. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
            • Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.

            The performance, networking scale, and application scenarios of a container network vary according to the container network model. For details about the functions and features of different container network models, see Overview.

          • Service Network

            Service is also a Kubernetes object. Each Service has a static IP address. When creating a cluster on CCE, you can specify the Service CIDR block. The Service CIDR block cannot overlap with the node or container CIDR block. The Service CIDR block can be used only within a cluster.

          @@ -27,7 +27,7 @@
          • Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.
          • Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.
            • Access through the public network: An EIP should be bound to the node or load balancer.
            • Access through the private network: The workload can be accessed through the internal IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.
          • The workload can access the external network as follows:
            • Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block.
            • Accessing a public network: Assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see Accessing the Internet from a Container.
          -
          Figure 3 Network access diagram
          +
          Figure 3 Network access diagram
          diff --git a/docs/cce/umn/cce_10_0011.html b/docs/cce/umn/cce_10_0011.html index 54cfdbfd..89d12a2e 100644 --- a/docs/cce/umn/cce_10_0011.html +++ b/docs/cce/umn/cce_10_0011.html @@ -4,14 +4,14 @@

          Scenario

          ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.

          The cluster-internal domain name format is <Service name>.<Namespace of the workload>.svc.cluster.local:<Port>, for example, nginx.default.svc.cluster.local:80.

          Figure 1 shows the mapping relationships between access channels, container ports, and access ports.

          -
          Figure 1 Intra-cluster access (ClusterIP)
          +
          Figure 1 Intra-cluster access (ClusterIP)
          -

          Creating a ClusterIP Service

          1. Log in to the CCE console and click the cluster name to access the cluster console.
          2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
          3. Configure intra-cluster access parameters.

            • Service Name: Specify a Service name, which can be the same as the workload name.
            • Service Type: Select ClusterIP.
            • Namespace: Namespace to which the workload belongs.
            • Selector: Add a label and click Confirm. A Service selects a pod based on the added label. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
            • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
            • Port Settings
              • Protocol: protocol used by the Service.
              • Service Port: port used by the Service. The port number ranges from 1 to 65535.
              • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
              +

              Creating a ClusterIP Service

              1. Log in to the CCE console and click the cluster name to access the cluster console.
              2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
              3. Configure intra-cluster access parameters.

                • Service Name: Specify a Service name, which can be the same as the workload name.
                • Service Type: Select ClusterIP.
                • Namespace: namespace that the workload belongs to.
                • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                • Ports
                  • Protocol: protocol used by the Service.
                  • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                  • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.

              4. Click OK.
              -

              Setting the Access Type Using kubectl

              You can run kubectl commands to set the access type (Service). This section uses an Nginx workload as an example to describe how to implement intra-cluster access using kubectl.

              -
              1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
              2. Create and edit the nginx-deployment.yaml and nginx-clusterip-svc.yaml files.

                The file names are user-defined. nginx-deployment.yaml and nginx-clusterip-svc.yaml are merely example file names.

                +

                Setting the Access Type Using kubectl

                You can configure Service access using kubectl. This section uses an Nginx workload as an example to describe how to implement intra-cluster access using kubectl.

                +
                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                2. Create and edit the nginx-deployment.yaml and nginx-clusterip-svc.yaml files.

                  The file names are user-defined. nginx-deployment.yaml and nginx-clusterip-svc.yaml are merely example file names.

                  vi nginx-deployment.yaml
                  apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -64,7 +64,7 @@ spec:
 NAME              TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
 kubernetes        ClusterIP   10.247.0.1     <none>        443/TCP    4d6h
 nginx-clusterip   ClusterIP   10.247.74.52   <none>        8080/TCP   14m
                  -

                3. Access a Service.

                  A Service can be accessed from containers or nodes in a cluster.

                  +

                4. Access the Service.

                  A Service can be accessed from containers or nodes in a cluster.

                  Create a pod, access the pod, and run the curl command to access IP address:Port or the domain name of the Service, as shown in the following figure.

                  The domain name suffix can be omitted. In the same namespace, you can directly use nginx-clusterip:8080 for access. In other namespaces, you can use nginx-clusterip.default:8080 for access.

                  # kubectl run -i --tty --image nginx:alpine test --rm /bin/sh
diff --git a/docs/cce/umn/cce_10_0012.html b/docs/cce/umn/cce_10_0012.html
index 59f8bd58..164f3039 100644
--- a/docs/cce/umn/cce_10_0012.html
+++ b/docs/cce/umn/cce_10_0012.html
@@ -3,24 +3,22 @@
 
                  Creating a Node Pool
                  
 
                  Scenario
                  This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.
                  
 
                  
-
                  Constraints
                  • The Autoscaler add-on needs to be installed for node auto scaling. For details about the add-on installation and parameter configuration, see CCE Cluster Autoscaler.
                  
-
                  
-
                  Procedure
                  1. Log in to the CCE console.
                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                  3. In the upper right corner of the page, click Create Node Pool.
                    Basic Settings
                    
+
                    Procedure
                    1. Log in to the CCE console.
                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                    3. In the upper right corner of the page, click Create Node Pool.
                      Basic Settings
                      
 
-
      Table 1 Workload/Job management

      Operation

      Edit YAML

      You can modify and download YAML files of Deployments, StatefulSets, DaemonSets, CronJobs, and containers on the CCE console. YAML files of jobs can only be viewed, copied, and downloaded.

      -
      NOTE:

      If an existing CronJob is modified, the new configuration takes effect for the new pods, and the existing pod continues to run without any change.

      +

      You can modify and download YAML files of Deployments, StatefulSets, DaemonSets, CronJobs, and pods on the CCE console. YAML files of jobs can only be viewed, copied, and downloaded.

      +
      NOTE:

      If an existing CronJob is modified, the new configuration takes effect for the new pods, and the existing pods continue to run without any change.
      Table 1 Basic settings

      Parameter

      +
      - - - - - @@ -28,49 +26,44 @@

      Configurations

      You can configure the flavor and OS of a cloud server, on which your containerized applications run. -
      Table 1 Basic settings

      Parameter

      Description

      +

      Description

      Node Pool Name

      +

      Node Pool Name

      Name of a node pool. By default, the name is in the format of Cluster name-nodepool-Random number. If you do not want to use the default name format, you can customize the name.

      +

      Name of a node pool. By default, the name is in the format of Cluster name-nodepool-Random number. If you do not want to use the default name format, you can customize the name.

      Expected Initial Nodes

      +

      Expected Initial Nodes

      Number of nodes to be created in this node pool. A maximum of 50 nodes that can be created at a time.

      +

      Number of nodes to be created in this node pool. A maximum of 50 nodes that can be created at a time.
      Table 2 Node configuration parameters

      Parameter

      +
      - - - - - - - - - - - - - - @@ -81,35 +74,35 @@

      Storage Settings

      Configure storage resources on a node for the containers running on it. Select a disk type and configure its size based on service requirements. -
      Table 2 Node configuration parameters

      Parameter

      Description

      +

      Description

      AZ

      +

      Node Type

      AZ where the node is located. Nodes in a cluster can be created in different AZs for higher reliability. The value cannot be changed after the node is created.

      -

      Select Random to deploy your node in a random AZ based on the selected node flavor.

      -

      An AZ is a physical region where resources use independent power supply and networks. AZs are physically isolated but interconnected through an internal network. To enhance workload availability, create nodes in different AZs.

      -

      Node Type

      -

      Select a node type based on service requirements. Then, you can select a proper flavor from the node flavor list.

      +

      Select a node type based on service requirements. Then, you can select a proper flavor from the node flavor list.

      CCE standard clusters support the following node types:
      • ECS (VM): A virtualized ECS is used as a cluster node.
      CCE Turbo clusters support the following node types:
      • ECS (VM): A virtualized ECS is used as a cluster node. A CCE Turbo cluster supports only the cloud servers that allow multiple ENIs. Select a server type displayed on the CCE console.

      Specifications

      +

      Specifications

      Select a node flavor based on service requirements. The available node flavors vary depending on regions or AZs. For details, see the CCE console.

      +
      Select a node flavor based on service requirements. The available node flavors vary depending on regions or AZs. For details, see the CCE console.
      NOTE:
      • If a node pool is configured with multiple node flavors, only the flavors (which can be located in different AZs) of the same node type are supported. For example, a node pool consisting of general computing-plus nodes supports only general computing-plus node flavors, but not the flavors of general computing nodes.
      • A maximum of 10 node flavors can be added to a node pool (the flavors in different AZs are counted separately). When adding a node flavor, you can choose multiple AZs, but you need to specify them.
      • Nodes in a newly created node pool are created using the default flavor. If the resources for the default flavor are insufficient, node creation will fail.
      • After a node pool is created, the flavors of existing nodes cannot be deleted.
      +
      +

      Container Engine

      +

      Container Engine

      The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

      +

      The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

      OS

      +

      OS

      Select an OS type. Different types of nodes support different OSs.
      • Public image: Select a public image for the node.
      • Private image: Select a private image for the node.
      +
      Select an OS type. Different types of nodes support different OSs.
      • Public image: Select a public image for the node.
      • Private image: Select a private image for the node.
      NOTE:

      Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.

      Login Mode

      +

      Login Mode

      • Key Pair

        Select the key pair used to log in to the node. You can select a shared key.

        +
      • Key Pair

        Select the key pair used to log in to the node. You can select a shared key.

        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
      Table 3 Configuration parameters

      Parameter

      +
      - - - - - @@ -119,31 +112,31 @@

      Network Settings

      Configure networking resources to allow node and containerized application access. -
      Table 3 Storage configuration parameters

      Parameter

      Description

      +

      Description

      System Disk

      +

      System Disk

      System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.

      -
      Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
      • Encryption is not selected by default.
      • After setting System Disk Encryption to Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
      +

      System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.

      +
      Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
      • Not encrypted is selected by default.
      • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
      • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.

      Data Disk

      +

      Data Disk

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      +

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      • First data disk: used for container runtime and kubelet components. The value ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
      • Other data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
      NOTE:
      • If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
      • Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.

      Advanced Settings

      -

      Click Expand and configure the following parameters:

      -
      • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
      • Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
        • Encryption is not selected by default.
        • After selecting Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
        +

        Expand the area and configure the following parameters:

        +
        • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
        • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. BMS nodes do not support data disk encryption that is available only in certain regions. For details, see the console.
          • Not encrypted is selected by default.
          • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
          • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.

        Adding data disks

        -

        A maximum of four data disks can be added. By default, raw disks are created without any processing. You can also click Expand and select any of the following options:

        -
        • Default: By default, a raw disk is created without any processing.
        • Mount Disk: The data disk is attached to a specified directory.
        • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
        • Use as ephemeral volume: applicable when there is a high performance requirement on EmptyDir.
        +

        A maximum of 16 data disks can be attached to an ECS and 10 to a BMS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:

        +
        • Default: By default, a raw disk is created without any processing.
        • Mount Disk: The data disk is attached to a specified directory.
        • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
        • Use as ephemeral volume: applicable when there is a high performance requirement on emptyDir.
        NOTE:
        • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
        • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
        -
        Local Persistent Volumes and Local EVs support the following write modes:
        • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
        • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
        +
        Local PVs and local EVs can be written in the following modes:
        • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
        • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
      Table 4 Configuration parameters

      Parameter

      +
      - - - - - - - - -
      Table 4 Configuration parameters

      Parameter

      Description

      +

      Description

      Virtual Private Cloud

      +

      Virtual Private Cloud

      The VPC to which the cluster belongs by default, which cannot be changed.

      +

      The VPC to which the cluster belongs by default, which cannot be changed.

      Node Subnet

      +

      Node Subnet

      The node subnet selected during cluster creation is used by default. You can choose another subnet instead.

      -
      • Multiple subnets: You can select multiple subnets in the same VPC for your node pool. Newly added nodes for a scale-out will preferentially consume the IP addresses of the subnets in the top order.
      • Single subnet: Only one subnet is configured for your node pool. If the IP addresses of a single subnet are insufficient, configure multiple subnets. Otherwise, a node pool scale-out may fail.
      +

      The node subnet selected during cluster creation is used by default. You can choose another subnet instead.

      +
      • Multiple subnets: You can select multiple subnets in the same VPC for nodes. Newly added nodes will preferentially use the IP addresses from the top-ranking subnet.
      • Single subnet: Only one subnet is configured for your node pool. If the IP addresses of a single subnet are insufficient, configure multiple subnets. Otherwise, a node pool scale-out may fail.

      Node IP Address

      +

      Node IP Address

      Random allocation is supported.

      +

      Random allocation is supported.

      Associate Security Group

      +

      Associate Security Group

      Security group used by the nodes created in the node pool. A maximum of five security groups can be selected.

      +

      Security group used by the nodes created in the node pool. A maximum of five security groups can be selected.

      When a cluster is created, a node security group named {Cluster name}-cce-node-{Random ID} is created and used by default.

      Traffic needs to pass through certain ports in the node security group to ensure node communications. Ensure that you have enabled these ports if you select another security group.

      NOTE:

      After a node pool is created, its associated security group cannot be modified.

      @@ -156,68 +149,89 @@

      Advanced Settings

      Configure advanced node capabilities such as labels, taints, and startup command. -
      @@ -188,7 +188,7 @@ spec: 
      Hello

      Using kubectl

      -
      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Create a file named nginx-configmap.yaml and edit it.

        vi nginx-configmap.yaml

        +
        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create a file named nginx-configmap.yaml and edit it.

          vi nginx-configmap.yaml

          As shown in the following example, after the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the /etc/config directory of the container.

          apiVersion: apps/v1
 kind: Deployment
@@ -216,7 +216,7 @@ spec:
       configMap:
         name: cce-configmap                 # Name of the referenced ConfigMap.

        3. Create a workload.

          kubectl apply -f nginx-configmap.yaml

          -

        4. After the workload runs properly, the SPECIAL_LEVEL and SPECIAL_TYPE files are generated in the /etc/config directory. The contents of the files are Hello and CCE, respectively.

          1. Run the following command to view the created pod:
            kubectl get pod | grep nginx-configmap
            +

          2. After the workload runs properly, the SPECIAL_LEVEL and SPECIAL_TYPE files will be generated in the /etc/config directory. The contents of the files are Hello and CCE, respectively.

            1. Run the following command to view the created pod:
              kubectl get pod | grep nginx-configmap
              Expected output:
              nginx-configmap-***   1/1     Running   0              2m18s
            2. Run the following command to view the SPECIAL_LEVEL or SPECIAL_TYPE file in the pod:
              kubectl exec nginx-configmap-*** -- cat /etc/config/SPECIAL_LEVEL
              diff --git a/docs/cce/umn/cce_10_0016.html b/docs/cce/umn/cce_10_0016.html index bb7466e2..ef23fe95 100644 --- a/docs/cce/umn/cce_10_0016.html +++ b/docs/cce/umn/cce_10_0016.html @@ -22,12 +22,12 @@ data:
              • Added from secret: Select a secret and import all keys in the secret as environment variables.
              • Added from secret key: Import the value of a key in a secret as the value of an environment variable.
                • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the secret by default.
                • Variable Value/Reference: Select a secret and the key to be imported. The corresponding value is imported as a workload environment variable.

                For example, after you import the value of username in secret mysecret as the value of workload environment variable username, an environment variable named username exists in the container.

              -

            3. Set other workload parameters and click Create Workload.

              After the workload runs properly, log in to the container and run the following statement to check whether the secret has been set as an environment variable of the workload:

              +

            4. Configure other workload parameters and click Create Workload.

              After the workload runs properly, log in to the container and run the following statement to check whether the secret has been set as an environment variable of the workload:

              printenv username

              If the output is the same as the content in the secret, the secret has been set as an environment variable of the workload.

            Using kubectl

            -
            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
            2. Create a file named nginx-secret.yaml and edit it.

              vi nginx-secret.yaml

              +
              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
              2. Create a file named nginx-secret.yaml and edit it.

                vi nginx-secret.yaml

                Content of the YAML file:

                • Added from secret: To add all data in a secret to environment variables, use the envFrom parameter. The keys in the secret will become names of environment variables in a workload.
                  apiVersion: apps/v1
 kind: Deployment
@@ -93,7 +93,7 @@ spec:
 
 
                  Configuring the Data Volume of a Workload
                  You can mount a secret as a volume to the specified container path. Contents in a secret are user-defined. Before that, create a secret. For details, see Creating a Secret.
                  
 
                  Using the CCE console
                  
-
                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                  2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab. Click Create Workload in the upper right corner.
                    When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select Secret from the drop-down list.
                    
+
                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                    2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab. Click Create Workload in the upper right corner.
                      When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select Secret from the drop-down list.
                      
 
                    3. Select parameters for mounting a secret volume, as shown in Table 1.
      Table 5 Advanced configuration parameters

      Parameter

      +
      - - - - - - - - - + + + + + + - - - - - - - - + + +
      Table 5 Advanced configuration parameters

      Parameter

      Description

      +

      Description

      Resource Tag

      +

      Resource Tag

      You can add resource tags to classify resources.

      -

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      +

      You can add resource tags to classify resources.

      +

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.

      Kubernetes Label

      +

      Kubernetes Label

      A Kubernetes label is a key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add. A maximum of 20 labels can be added.

      -

      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      +

      A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.

      +

      Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      Taint

      +

      Taint

      This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
      +
      This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
      • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.

      For details, see Managing Node Taints.

      NOTE:

      For a cluster of v1.19 or earlier, the workload may have been scheduled to a node before the taint is added. To avoid such a situation, select a cluster of v1.19 or later.

      Max. Pods

      +

      Synchronization for Existing Nodes

      Maximum number of pods that can run on the node, including the default system pods.

      +

      After the options are selected, changes to resource tags and Kubernetes labels/taints in a node pool will be synchronized to existing nodes in the node pool.

      +

      New Node Scheduling

      +

      Default scheduling policy for the nodes newly added to a node pool. If you select Unschedulable, newly created nodes in the node pool will be labeled as unschedulable. In this way, you can perform some operations on the nodes before pods are scheduled to these nodes.

      +

      Scheduled Scheduling: After scheduled scheduling is enabled, new nodes will be automatically scheduled after the custom time expires.

      +
      • Disabled: By default, scheduled scheduling is not enabled for new nodes. To manually enable this function, go to the node list. For details, see Configuring a Node Scheduling Policy in One-Click Mode.
      • Custom: the default timeout for unschedulable nodes. The value ranges from 0 to 99 in the unit of minutes.
      +
      NOTE:
      • If auto scaling of node pools is also required, ensure the scheduled scheduling is less than 15 minutes. If a node added through Autoscaler cannot be scheduled for more than 15 minutes, Autoscaler determines that the scale-out failed and triggers another scale-out. Additionally, if the node cannot be scheduled for more than 20 minutes, the node will be scaled in by Autoscaler.
      • After this function is enabled, nodes will be tainted with node.cloudprovider.kubernetes.io/uninitialized during a node pool creation or update.
      +
      +

      Max. Pods

      +

      Maximum number of pods that can run on the node, including the default system pods.

      This limit prevents the node from being overloaded with pods.

      This number is also decided by other factors. For details, see Maximum Number of Pods That Can Be Created on a Node.

      ECS Group

      +

      ECS Group

      An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.

      +

      An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.

      Anti-affinity: ECSs in an ECS group are deployed on different physical hosts to improve service reliability.

      Select an existing ECS group, or click Add ECS Group to create one. After the ECS group is created, click the refresh icon.

      Pre-installation Command

      +

      Pre-installation Command

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded.

      +

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

      Post-installation Command

      +

      Post-installation Command

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded.

      +

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      The script will be executed after Kubernetes software is installed, which does not affect the installation.

      NOTE:

      Do not run the reboot command in the post-installation script to restart the system immediately. To restart the system, run the shutdown -r 1 command to restart with a delay of one minute.

      Agency

      +

      Agency

      An agency is created by the account administrator on the IAM console. By creating an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.

      +

      An agency is created by the account administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.

      If no agency is available, click Create Agency on the right to create one.

      User-defined node name prefix and suffix

      +

      Custom name prefix and suffix of a node in a node pool. After the configuration, the nodes in the node pool will be named with the configured prefix and suffix. For example, if the prefix is prefix- and the suffix is -suffix, the nodes in the node pool will be named in the format of "prefix-Node pool name with five-digit random characters-suffix".

      +
      NOTICE:
      • A prefix and suffix can be customized only when a node pool is created, and they cannot be modified after the node pool is created.
      • A prefix can end with a special character, and a suffix can start with a special character.
      • A node name consists of a maximum of 56 characters in the format of "Prefix-Node pool name with five-digit random characters-Suffix".
      • A node name does not support the combination of a period (.) and special characters (such as .., .-, or -.).
      • This function is available only in clusters of v1.28.1, v1.27.3, v1.25.6, v1.23.11, v1.21.12, or later.
      +
      +
      diff --git a/docs/cce/umn/cce_10_0014.html b/docs/cce/umn/cce_10_0014.html index 4604a94b..4e004f0e 100644 --- a/docs/cce/umn/cce_10_0014.html +++ b/docs/cce/umn/cce_10_0014.html @@ -8,16 +8,22 @@
    12. Using Annotations to Balance Load
      13. -
    13. Configuring an HTTP or HTTPS Service
      +
    14. Configuring HTTP/HTTPS for a LoadBalancer Service
      15. -
    15. Configuring Timeout for a Service
      +
    16. Configuring SNI for a LoadBalancer Service
      17. -
    17. Configuring Health Check on Multiple Service Ports
      +
    18. Configuring HTTP/2 for a LoadBalancer Service
      +
      19. +
    19. Configuring Timeout for a LoadBalancer Service
      +
      20. +
    20. Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service
      +
      21. +
    21. Configuring Health Check on Multiple Ports of a LoadBalancer Service
      +
      22. +
    22. Configuring Passthrough Networking for a LoadBalancer Service
    23. Setting the Pod Ready Status Through the ELB Health Check
      24. -
    24. Enabling Passthrough Networking for LoadBalancer Services
      -
    25. Enabling ICMP Security Group Rules
      26. diff --git a/docs/cce/umn/cce_10_0015.html b/docs/cce/umn/cce_10_0015.html index b2ade808..61939768 100644 --- a/docs/cce/umn/cce_10_0015.html +++ b/docs/cce/umn/cce_10_0015.html @@ -24,7 +24,7 @@ data: 
      Hello

      Using kubectl

      -
      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Create a file named nginx-configmap.yaml and edit it.

        vi nginx-configmap.yaml

        +
        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create a file named nginx-configmap.yaml and edit it.

          vi nginx-configmap.yaml

          Content of the YAML file:

          • Added from ConfigMap: To add all data in a ConfigMap to environment variables, use the envFrom parameter. The keys in the ConfigMap will become names of environment variables in the workload.
            apiVersion: apps/v1
 kind: Deployment
@@ -99,13 +99,13 @@ CCE
            -c echo $SPECIAL_LEVEL $SPECIAL_TYPE > /usr/share/nginx/html/index.html
          -

        3. Set other workload parameters and click Create Workload.

          After the workload runs properly, log in to the container and run the following statement to check whether the ConfigMap has been set as an environment variable of the workload:

          +

        4. Configure other workload parameters and click Create Workload.

          After the workload runs properly, log in to the container and run the following statement to check whether the ConfigMap has been set as an environment variable of the workload:

          cat /usr/share/nginx/html/index.html

          The example output is as follows:

          Hello CCE

        Using kubectl

        -
        1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create a file named nginx-configmap.yaml and edit it.

          vi nginx-configmap.yaml

          +
          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
          2. Create a file named nginx-configmap.yaml and edit it.

            vi nginx-configmap.yaml

            As shown in the following example, the cce-configmap ConfigMap is imported to the workload. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, that is, the key names in the cce-configmap ConfigMap.
            apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -162,7 +162,7 @@ spec:

      Mount Path

      Enter a mount point. After the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the mount path of the container.

      -
      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, which leads to a container startup failure or workload creation failure.
      NOTICE:

      If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

      +
      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, which leads to a container startup failure or workload creation failure.
      NOTICE:

      If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
      @@ -110,7 +110,7 @@ spec: @@ -135,7 +135,7 @@ spec:

      The expected output is the same as the content in the secret.

      Using kubectl

      -
      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Create a file named nginx-secret.yaml and edit it.

        vi nginx-secret.yaml

        +
        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create a file named nginx-secret.yaml and edit it.

          vi nginx-secret.yaml

          In the following example, the username and password in the mysecret secret are saved in the /etc/foo directory as files.
          apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/docs/cce/umn/cce_10_0018.html b/docs/cce/umn/cce_10_0018.html
index 40d068a3..1c7b087d 100644
--- a/docs/cce/umn/cce_10_0018.html
+++ b/docs/cce/umn/cce_10_0018.html
@@ -4,9 +4,9 @@
 
          CCE works with AOM to collect workload logs. When a node is created, ICAgent (a DaemonSet named icagent in the kube-system namespace of a cluster) of AOM is installed by default. ICAgent collects workload logs and reports them to AOM. You can view workload logs on the CCE or AOM console.
          
 
          Constraints
          ICAgent only collects text logs in .log, .trace, and .out formats.
          
 
          
-
          Using ICAgent to Collect Logs
          1. When creating a workload, set logging for the container.
          2. Click  to add a log policy.
            The following uses Nginx as an example. Log policies vary depending on workloads.
            Figure 1 Adding a log policy
            
+
            Using ICAgent to Collect Logs
            1. When creating a workload, set logging for the container.
            2. Click  to add a log policy.
              The following uses Nginx as an example. Log policies vary depending on workloads.
              Figure 1 Adding a log policy
              
 
              
-
            3. Set Volume Type to hostPath or EmptyDir.
              
+
            4. Set Volume Type to hostPath or emptyDir.
      Table 1 Mounting a secret volume

      Parameter

      Mount Path

      Enter a mount point. After the secret volume is mounted, a secret file with the key as the file name and value as the file content is generated in the mount path of the container.

      -
      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may cause container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, which leads to a container startup failure or workload creation failure.
      NOTICE:

      If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

      +
      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may cause container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, which leads to a container startup failure or workload creation failure.
      NOTICE:

      If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
      @@ -174,7 +174,7 @@ spec: + + + - - - + + + @@ -258,7 +270,12 @@ - + + + diff --git a/docs/cce/umn/cce_10_0031.html b/docs/cce/umn/cce_10_0031.html index 29fe7e0c..4eb6b617 100644 --- a/docs/cce/umn/cce_10_0031.html +++ b/docs/cce/umn/cce_10_0031.html @@ -4,15 +4,17 @@
      diff --git a/docs/cce/umn/cce_10_0035.html b/docs/cce/umn/cce_10_0035.html index 1742be9b..6bbd136d 100644 --- a/docs/cce/umn/cce_10_0035.html +++ b/docs/cce/umn/cce_10_0035.html @@ -8,6 +8,8 @@
    26. Creating a Node Pool
      27. +
    27. Scaling a Node Pool
      +
    28. Managing a Node Pool
      29. diff --git a/docs/cce/umn/cce_10_00356.html b/docs/cce/umn/cce_10_00356.html index b647dab1..77ff2edc 100644 --- a/docs/cce/umn/cce_10_00356.html +++ b/docs/cce/umn/cce_10_00356.html @@ -1,9 +1,9 @@ -

      Accessing a Container

      +

      Logging In to a Container

      Scenario

      If you encounter unexpected problems when using a container, you can log in to the container to debug it.

      -

      Logging In to a Container Using kubectl

      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Run the following command to view the created pod:

        kubectl get pod
        +

        Using kubectl

        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Run the following command to view the created pod:

          kubectl get pod
          The example output is as follows:
          NAME                               READY   STATUS    RESTARTS       AGE
 nginx-59d89cb66f-mhljr             1/1     Running   0              11m
          diff --git a/docs/cce/umn/cce_10_0036.html b/docs/cce/umn/cce_10_0036.html index 0c1e60e5..19475938 100644 --- a/docs/cce/umn/cce_10_0036.html +++ b/docs/cce/umn/cce_10_0036.html @@ -1,11 +1,11 @@

          Stopping a Node

          -

          Scenario

          After a node in the cluster is stopped, services on the node are also stopped. Before stopping a node, ensure that discontinuity of the services on the node will not result in adverse impacts.

          +

          Scenario

          When a node in the cluster is stopped, all services on that node will also be stopped, and the node will no longer be available for scheduling. Check if your services will be affected before stopping a node.

          -

          Constraints

          • Deleting a node will lead to pod migration, which may affect services. Therefore, delete nodes during off-peak hours.
          • Unexpected risks may occur during the operation. Back up related data in advance.
          • While the node is being deleted, the backend will set the node to the unschedulable state.
          • Only worker nodes can be stopped.
          +

          Precautions

          • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
          • Unexpected risks may occur during the operation. Back up data beforehand.
          -

          Procedure

          1. Log in to the CCE console and click the cluster name to access the cluster console.
          2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
          3. Locate the target node and click its name.
          4. In the upper right corner of the ECS details page, click Stop. In the displayed dialog box, click Yes.

            Figure 1 ECS details page
            +

            Procedure

            1. Log in to the CCE console and click the cluster name to access the cluster console.
            2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
            3. Locate the target node and click its name.
            4. In the upper right corner of the ECS details page, click Stop. In the displayed dialog box, click Yes.

              Figure 1 ECS details page

          diff --git a/docs/cce/umn/cce_10_0044.html b/docs/cce/umn/cce_10_0044.html index 33cf02bd..b6c77e47 100644 --- a/docs/cce/umn/cce_10_0044.html +++ b/docs/cce/umn/cce_10_0044.html @@ -12,6 +12,10 @@
        3. Dynamically Mounting an EVS Disk to a StatefulSet
          4. +
        4. Encrypting EVS Disks
          +
          5. +
        5. Expanding the Capacity of an EVS Disk
          +
        6. Snapshots and Backups
          7. diff --git a/docs/cce/umn/cce_10_0046.html b/docs/cce/umn/cce_10_0046.html index 13f96000..a2010651 100644 --- a/docs/cce/umn/cce_10_0046.html +++ b/docs/cce/umn/cce_10_0046.html @@ -8,15 +8,15 @@
        7. Creating a Workload
          8. -
        8. Configuring a Container
          +
        9. Configuring a Workload
          10. -
        10. Accessing a Container
          +
        11. Logging In to a Container
          12. -
        12. Managing Workloads and Jobs
          +
        13. Managing Workloads
        14. Managing Custom Resources
          15. -
        15. Kata Runtime and Common Runtime
          +
        16. Pod Security
        diff --git a/docs/cce/umn/cce_10_0047.html b/docs/cce/umn/cce_10_0047.html index 15ab1241..ceea984a 100644 --- a/docs/cce/umn/cce_10_0047.html +++ b/docs/cce/umn/cce_10_0047.html @@ -7,7 +7,7 @@
      -

      Using the CCE Console

      1. Log in to the CCE console.
      2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
      3. Set basic information about the workload.

        Basic Info
        • Workload Type: Select Deployment. For details about workload types, see Overview.
        • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
        • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
        • Pods: Enter the number of pods of the workload.
        • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
        • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
        +

        Using the CCE Console

        1. Log in to the CCE console.
        2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
        3. Set basic information about the workload.

          Basic Info
          • Workload Type: Select Deployment. For details about workload types, see Overview.
          • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
          • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
          • Pods: Enter the number of pods of the workload.
          • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
          • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
          Container Settings
          • Container Information
            Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
            • Basic Info: Configure basic information about the container.
      Table 1 Configuring log policies

      Parameter

      Description

      @@ -155,8 +155,8 @@ spec:

      Extended host path

      Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.

      -

      A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.

      -
      • None: No extended path is configured.
      • PodUID: ID of a pod.
      • PodName: name of a pod.
      • PodUID/ContainerName: ID of a pod or name of a container.
      • PodName/ContainerName: name of a pod or container.
      +

      A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.

      +
      • None: No extended path is configured.
      • PodUID: ID of a pod.
      • PodName: name of a pod.
      • PodUID/ContainerName: ID of a pod or name of a container.
      • PodName/ContainerName: name of a pod or container.

      policy.logs.rotate

      @@ -164,7 +164,7 @@ spec:

      Log dump

      Log dump refers to rotating log files on a local host.

      -
      • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
      • Disabled: AOM does not dump log files.
      +
      • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
      • Disabled: AOM does not dump log files.
      NOTE:
      • AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.
      • Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have already set rotation for log files, skip the configuration. Otherwise, conflicts may occur.
      • You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.

      Collection path

      A collection path narrows down the scope of collection to specified logs.

      -
      • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
      • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
      • * in log file names indicates a fuzzy match.
      +
      • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
      • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
      • * in log file names indicates a fuzzy match.

      Example: The collection path /tmp/**/test*.log indicates that all .log files prefixed with test will be collected from /tmp and subdirectories at 5 levels deep.

      CAUTION:

      Ensure that ICAgent is of v5.12.22 or later.

      diff --git a/docs/cce/umn/cce_10_0020.html b/docs/cce/umn/cce_10_0020.html index cfb96256..8fecd17e 100644 --- a/docs/cce/umn/cce_10_0020.html +++ b/docs/cce/umn/cce_10_0020.html @@ -6,7 +6,7 @@
      • Overview
        • -
      • Container Network Models
        +
      • Container Network
      • Service
        • @@ -14,10 +14,6 @@
      • DNS
        • -
      • Container Network Settings
        -
        • -
      • Cluster Network Settings
        -
      • Configuring Intra-VPC Access
      • Accessing the Internet from a Container
        diff --git a/docs/cce/umn/cce_10_0024.html b/docs/cce/umn/cce_10_0024.html index c04ddf6b..bd11ca81 100644 --- a/docs/cce/umn/cce_10_0024.html +++ b/docs/cce/umn/cce_10_0024.html @@ -1,6 +1,6 @@ -

        Cloud Trace Service

        +

        Log Auditing

          diff --git a/docs/cce/umn/cce_10_0025.html b/docs/cce/umn/cce_10_0025.html index 0ff506d0..7dc3f0bc 100644 --- a/docs/cce/umn/cce_10_0025.html +++ b/docs/cce/umn/cce_10_0025.html @@ -590,7 +590,7 @@
        -
        Parent topic: Cloud Trace Service
        +
        Parent topic: Log Auditing
        diff --git a/docs/cce/umn/cce_10_0026.html b/docs/cce/umn/cce_10_0026.html index 25c74537..5d0636d9 100644 --- a/docs/cce/umn/cce_10_0026.html +++ b/docs/cce/umn/cce_10_0026.html @@ -19,7 +19,7 @@
        -
        Parent topic: Cloud Trace Service
        +
        Parent topic: Log Auditing
        diff --git a/docs/cce/umn/cce_10_0028.html b/docs/cce/umn/cce_10_0028.html index 2a60f7d5..be8ac7c6 100644 --- a/docs/cce/umn/cce_10_0028.html +++ b/docs/cce/umn/cce_10_0028.html @@ -2,7 +2,7 @@

        Creating a CCE Standard/Turbo Cluster

        On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this way, you can implement cost-effective O&M and efficient service deployment.

        -

        Constraints

        • During the node creation, software packages are downloaded from OBS using the domain name. A private DNS server must be used to resolve the OBS domain name. Therefore, the DNS server address of the subnet where the node resides must be set to the private DNS server address so that the node can access the private DNS server. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
        • You can create a maximum of 50 clusters in a single region.
        • After a cluster is created, the following items cannot be changed:
          • Cluster type
          • Number of master nodes in the cluster
          • AZ of a master node
          • Network configurations of the cluster, such as the VPC, subnet, Service CIDR block, IPv6 settings, and kube-proxy settings.
          • Network model. For example, change Tunnel network to VPC network.
          +

          Precautions

          • After a cluster is created, the following items cannot be changed:
            • Cluster type
            • Number of master nodes in the cluster
            • AZ of a master node
            • Network configurations of the cluster, such as the VPC, subnet, Service CIDR block, IPv6 settings, and kube-proxy settings
            • Network model. For example, change Tunnel network to VPC network.

          Step 1: Log In to the CCE Console

          1. Log in to the CCE console.
          2. On the Clusters page, click Create Cluster in the upper right corner.
          @@ -41,7 +41,7 @@

      Master Nodes

      Select the number of master nodes. The master nodes are automatically hosted by CCE and deployed with Kubernetes cluster management components such as kube-apiserver, kube-controller-manager, and kube-scheduler.

      -
      • Multiple: Three master nodes will be created for high cluster availability.
      • Single: Only one master node will be created in your cluster.
      +
      • 3 Masters: Three master nodes will be created for high cluster availability.
      • Single: Only one master node will be created in your cluster.
      You can also select AZs for the master nodes. By default, AZs are allocated automatically for the master nodes.
      • Automatic: Master nodes are randomly distributed in different AZs for cluster DR. If the number of available AZs is less than the number of nodes to be created, CCE will create the nodes in the AZs with sufficient resources to preferentially ensure cluster creation. In this case, AZ-level DR may not be ensured.
      • Custom: Master nodes are deployed in specific AZs.
        If there is one master node in your cluster, you can select one AZ for the master node. If there are multiple master nodes in your cluster, you can select multiple AZs for the master nodes.
        • AZ: Master nodes are deployed in different AZs for cluster DR.
        • Host: Master nodes are deployed on different hosts in the same AZ for cluster DR.
        • Custom: Master nodes are deployed in the AZs you specified.
      @@ -70,6 +70,13 @@

      Select the subnet to which the master nodes belong. If no subnet is available, click Create Subnet to create one. The value cannot be changed after the cluster is created.

      Default Security Group

      +
      Select the security group automatically generated by CCE or use the existing one as the default security group of the node.
      NOTICE:

      The default security group must allow traffic from certain ports to ensure normal communication. Otherwise, the node cannot be created.

      +
      +
      +

      IPv6

      If enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.

      @@ -155,7 +162,7 @@

      Overload Control

      After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Cluster Overload Control.

      +

      After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.

      Disk Encryption for Master Nodes

      @@ -167,8 +174,8 @@

      Resource Tag

      You can add resource tags to classify resources.

      -

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      +

      You can add resource tags to classify resources. A maximum of 20 resource tags can be added.

      +

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      Description

      @@ -214,7 +221,12 @@

      CCE Node Problem Detector

      +

      Cloud Native Cluster Monitoring

      +

      (Optional) If selected, this add-on (Cloud Native Cluster Monitoring) will be automatically installed. Cloud Native Cluster Monitoring collects monitoring metrics for your cluster and reports the metrics to AOM. The agent mode does not support HPA based on custom Prometheus statements. If related functions are required, install this add-on manually after the cluster is created.

      +

      CCE Node Problem Detector

      (Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting.

      CCE Node Problem Detector

      +

      Cloud Native Cluster Monitoring

      +

      Select an AOM instance for Cloud Native Cluster Monitoring to report metrics. If no AOM instance is available, click Creating Instance to create one.

      +

      CCE Node Problem Detector

      This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.

      Parameter

      @@ -81,16 +81,16 @@

      (Optional) Service Settings

      A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.

      You can also create a Service after creating a workload. For details about Services of different types, see Overview.

      -
      (Optional) Advanced Settings
      • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Workload Upgrade Policies.
      • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
        • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
          • Multi-AZ deployment is preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ but onto different nodes for high availability. If there are fewer nodes than pods, the extra pods will fail to run.
          • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
          • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
          +
          (Optional) Advanced Settings
          • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
          • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
            • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
              • Multi-AZ deployment is preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ but onto different nodes for high availability. If there are fewer nodes than pods, the extra pods will fail to run.
              • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
              • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
            • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
              • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
              • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
              • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
            -
          • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Taints and Tolerations.
          • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
          • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
          • Network Configuration +
          • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
          • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
          • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
          • Network Configuration

        • Click Create Workload in the lower right corner.

      Using kubectl

      The following procedure uses Nginx as an example to describe how to create a workload using kubectl.

      -
      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Create and edit the nginx-deployment.yaml file. nginx-deployment.yaml is an example file name, and you can rename it as required.

        vi nginx-deployment.yaml

        +
        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create and edit the nginx-deployment.yaml file. nginx-deployment.yaml is an example file name, and you can rename it as required.

          vi nginx-deployment.yaml

          The following is an example YAML file. For more information about Deployments, see Kubernetes documentation.

          apiVersion: apps/v1
 kind: Deployment
@@ -114,7 +114,7 @@ spec:
         name: nginx
       imagePullSecrets:
       - name: default-secret
          -

          For details about these parameters, see Table 1.

          +

          For details about the parameters, see Table 1.

          diff --git a/docs/cce/umn/cce_10_0048.html b/docs/cce/umn/cce_10_0048.html index 3d94fea4..b8bc2e92 100644 --- a/docs/cce/umn/cce_10_0048.html +++ b/docs/cce/umn/cce_10_0048.html @@ -4,13 +4,13 @@

          Scenario

          StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.

          A container can be migrated between different hosts, but data is not stored on the hosts. To store StatefulSet data persistently, attach HA storage volumes provided by CCE to the container.

          -

          Constraints

          • When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.
          • When you delete a StatefulSet, reduce the number of replicas to 0 before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.
          • When you create a StatefulSet, a headless Service is required for pod access. For details, see Headless Services.
          • When a node is unavailable, pods become Unready. In this case, manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.
          +

          Notes and Constraints

          • When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.
          • When you delete a StatefulSet, reduce the number of replicas to 0 before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.
          • When you create a StatefulSet, a headless Service is required for pod access. For details, see Headless Services.
          • When a node is unavailable, pods become Unready. In this case, manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.

          Prerequisites

          • Before creating a workload, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Standard/Turbo Cluster.
          • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.

            If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the StatefulSet will fail.

          -

          Using the CCE Console

          1. Log in to the CCE console.
          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
          3. Set basic information about the workload.

            Basic Info
            • Workload Type: Select StatefulSet. For details about workload types, see Overview.
            • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
            • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
            • Pods: Enter the number of pods of the workload.
            • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
            • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
            +

            Using the CCE Console

            1. Log in to the CCE console.
            2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
            3. Set basic information about the workload.

              Basic Info
              • Workload Type: Select StatefulSet. For details about workload types, see Overview.
              • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
              • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
              • Pods: Enter the number of pods of the workload.
              • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
              • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
              Container Settings
              • Container Information
                Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                • Basic Info: Configure basic information about the container.
          Table 1 Deployment YAML parameters

          Parameter

          Parameter

          @@ -74,7 +74,7 @@
          -
        3. (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Configuring Container Lifecycle Parameters.
        4. (Optional) Health Check: Set the liveness probe, ready probe, and startup probe as required. For details, see Configuring Container Health Check.
        5. (Optional) Environment Variables: Configure variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Configuring Environment Variables.
        6. (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
          • StatefulSets support dynamic attachment of EVS disks. For details, see Dynamically Mounting an EVS Disk to a StatefulSet and Dynamically Mounting a Local PV to a StatefulSet.

            Dynamic mounting is achieved by using the volumeClaimTemplates field and depends on the dynamic creation capability of StorageClass. A StatefulSet associates each pod with a PVC using the volumeClaimTemplates field, and the PVC is bound to the corresponding PV. Therefore, after the pod is rescheduled, the original data can still be mounted based on the PVC name.

            +
          • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Configuring Container Lifecycle Parameters.
          • (Optional) Health Check: Set the liveness probe, ready probe, and startup probe as required. For details, see Configuring Container Health Check.
          • (Optional) Environment Variables: Configure variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Configuring Environment Variables.
          • (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
            • StatefulSets support dynamic attachment of EVS disks. For details, see Dynamically Mounting an EVS Disk to a StatefulSet or Dynamically Mounting a Local PV to a StatefulSet.

              Dynamic mounting is achieved by using the volumeClaimTemplates field and depends on the dynamic creation capability of StorageClass. A StatefulSet associates each pod with a PVC using the volumeClaimTemplates field, and the PVC is bound to the corresponding PV. Therefore, after the pod is rescheduled, the original data can still be mounted based on the PVC name.

            • After a workload is created, the storage that is dynamically mounted cannot be updated.
          • (Optional) Security Context: Assign container permissions to protect the system and other containers from being affected. Enter the user ID to assign container permissions and prevent systems and other containers from being affected.
          • (Optional) Logging: Report standard container output logs to AOM by default, without requiring manual settings. You can manually configure the log collection path. For details, see Collecting Container Logs Using ICAgent.

            To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.

            @@ -87,18 +87,18 @@

            (Optional) Service Settings

            A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.

            You can also create a Service after creating a workload. For details about Services of different types, see Overview.

            -
            (Optional) Advanced Settings
            • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Workload Upgrade Policies.
            • Pod Management Policies

              For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.

              +
              (Optional) Advanced Settings
              • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
              • Pod Management Policies

                For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.

                • OrderedReady: The StatefulSet will deploy, delete, or scale pods in order and one by one. (The StatefulSet continues only after the previous pod is ready or deleted.) This is the default policy.
                • Parallel: The StatefulSet will create pods in parallel to match the desired scale without waiting, and will delete all pods at once.
              • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                  • Multi-AZ deployment is preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ but onto different nodes for high availability. If there are fewer nodes than pods, the extra pods will fail to run.
                  • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                  • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                  • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                  • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                  • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                -
              • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Taints and Tolerations.
              • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
              • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
              • Network Configuration
                • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                • Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see Configuring a Static IP Address for a Pod.
                • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                +
              • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
              • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
              • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
              • Network Configuration
                • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                • Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see Configuring a Static IP Address for a Pod.
                • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.

            • Click Create Workload in the lower right corner.

      Using kubectl

      In this example, a Nginx workload is used and the EVS volume is dynamically mounted to it using the volumeClaimTemplates field.

      -
      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
      2. Create and edit the nginx-statefulset.yaml file.

        nginx-statefulset.yaml is an example file name, and you can change it as required.

        +
        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
        2. Create and edit the nginx-statefulset.yaml file.

          nginx-statefulset.yaml is an example file name, and you can change it as required.

          vi nginx-statefulset.yaml

          The following provides an example of the file contents. For more information on StatefulSet, see the Kubernetes documentation.

          apiVersion: apps/v1
@@ -153,7 +153,7 @@ spec:
         resources:
           requests:
             storage: 10Gi
-        storageClassName: csi-disk # Storage class name. The value is csi-disk for the EVS volume.
+        storageClassName: csi-disk # StorageClass name. The value is csi-disk for the EVS volume.
   updateStrategy:
     type: RollingUpdate

          vi nginx-headless.yaml

          diff --git a/docs/cce/umn/cce_10_0054.html b/docs/cce/umn/cce_10_0054.html index 97fe3a2b..34c770c5 100644 --- a/docs/cce/umn/cce_10_0054.html +++ b/docs/cce/umn/cce_10_0054.html @@ -1,6 +1,6 @@ -

          High-Risk Operations and Solutions

          +

          High-Risk Operations

          During service deployment or running, you may trigger high-risk operations at different levels, causing service faults or interruption. To help you better estimate and avoid operation risks, this section introduces the consequences and solutions of high-risk operations from multiple dimensions, such as clusters, nodes, networking, load balancing, logs, and EVS disks.

          Clusters and Nodes

          - - -
          Table 1 High-risk operations and solutions

          Category

          @@ -63,7 +63,7 @@

          The master node may be unavailable.

          Restore the parameter settings to the recommended values. For details, see Cluster Configuration Management.

          +

          Restore the parameter settings to the recommended values. For details, see Modifying Cluster Configurations.

          Replacing the master or etcd certificate

          @@ -107,7 +107,7 @@

          Reset the node. For details, see Resetting a Node.

          Upgrading the kernel or components on which the container platform depends (such as Open vSwitch, IPvlan, Docker, and containerd)

          +

          Upgrading the kernel or components on which the container platform depends (such as Open vSwitch, IPVLAN, Docker, and containerd)

          The node may be unavailable or the network may be abnormal.

          NOTE:

          Node running depends on the system kernel version. Do not use the yum update command to update or reinstall the operating system kernel of a node unless necessary. (Reinstalling the operating system kernel using the original image or other images is a risky operation.)

          @@ -127,7 +127,7 @@

          The node may become unavailable, and components may be insecure if security-related configurations are modified.

          Restore the parameter settings to the recommended values. For details, see Configuring a Node Pool.

          +

          Restore the parameter settings to the recommended values. For details, see Modifying Node Pool Configurations.

          Modifying OS configuration

          diff --git a/docs/cce/umn/cce_10_0059.html b/docs/cce/umn/cce_10_0059.html index 02f70447..8c519eb5 100644 --- a/docs/cce/umn/cce_10_0059.html +++ b/docs/cce/umn/cce_10_0059.html @@ -1,11 +1,11 @@ -

          Network Policies

          +

          Configuring Network Policies to Restrict Pod Access

          Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities supported by network policies depend on the capabilities of the network add-ons of the cluster.

          By default, if a namespace does not have any policy, pods in the namespace accept traffic from any source and send traffic to any destination.

          Network policies are classified into the following types:

          • namespaceSelector: selects particular namespaces for which all pods should be allowed as ingress sources or egress destinations.
          • podSelector: selects particular pods in the same namespace as the network policy which should be allowed as ingress sources or egress destinations.
          • ipBlock: selects particular IP blocks to allow as ingress sources or egress destinations. (Only egress rules support IP blocks.)
          -

          Constraints

          • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
            • Ingress: All versions support this type.
            • Egress: Only the following OSs and cluster versions support egress rules. +

              Notes and Constraints

              • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                • Ingress: All versions support this type.
                • Egress: Only the following OSs and cluster versions support egress rules.
                  + + + +

                  OS

                  Cluster Version

                  @@ -23,6 +23,13 @@

                  4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64

                  HCE OS 2.0

                  +

                  v1.25 or later

                  +

                  5.10.0-60.18.0.50.r865_35.hce2.x86_64

                  +
                  @@ -47,7 +54,7 @@ spec: - protocol: TCP port: 6379

                  The following figure shows how podSelector works.

                  -
                  Figure 1 podSelector
                  +
                  Figure 1 podSelector
                • Using namespaceSelector to specify the access scope
                  apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -66,11 +73,11 @@ spec:
     - protocol: TCP
       port: 6379

                  The following figure shows how namespaceSelector works.

                  -
                  Figure 2 namespaceSelector
                  +
                  Figure 2 namespaceSelector

              Using Egress Rules

              Egress supports not only podSelector and namespaceSelector, but also ipBlock.

              -

              Only clusters of version 1.23 or later support Egress rules. Only nodes running EulerOS 2.9 are supported.

              +

              Only clusters of version 1.23 or later support Egress rules. Only nodes running EulerOS 2.9 or HCE OS 2.0 are supported.

              apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -90,7 +97,7 @@ spec:
         except:
         - 172.16.0.40/32        # This CIDR block cannot be accessed. This value must fall within the range specified by cidr.

              The following figure shows how ipBlock works.

              -
              Figure 3 ipBlock
              +
              Figure 3 ipBlock

              You can define ingress and egress in the same rule.

              apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -118,10 +125,10 @@ spec:
         matchLabels:
           role: web

              The following figure shows how to use ingress and egress together.

              -
              Figure 4 Using both ingress and egress
              +
              Figure 4 Using both ingress and egress
              -

              Creating a Network Policy on the Console

              1. Log in to the CCE console and click the cluster name to access the cluster console.
              2. Choose Policies in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.

                • Policy Name: Specify a network policy name.
                • Namespace: Select a namespace in which the network policy is applied.
                • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to use the label of an existing workload.
                • Inbound Rule: Click to add an inbound rule. For details about parameter settings, see Table 1.

                  -

                  +

                  Creating a Network Policy on the Console

                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                  2. Choose Policies in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.

                    • Policy Name: Specify a network policy name.
                    • Namespace: Select a namespace in which the network policy is applied.
                    • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to use the label of an existing workload.
                    • Inbound Rule: Click to add an inbound rule. For details about parameter settings, see Table 1.

                      +

                      @@ -148,7 +155,7 @@ spec:
                      Table 1 Adding an inbound rule

                      Parameter

                      -
                    • Outbound Rule: Click to add an outbound rule. For details about parameter settings, see Table 1.

                      +
                    • Outbound Rule: Click to add an outbound rule. For details about parameter settings, see Table 1.

                      @@ -181,12 +188,12 @@ spec: -

                    • After the configuration is complete, click OK.
                      • +

                    • Click OK.
                      • diff --git a/docs/cce/umn/cce_10_0063.html b/docs/cce/umn/cce_10_0063.html index 8131e9e1..84e73c9b 100644 --- a/docs/cce/umn/cce_10_0063.html +++ b/docs/cce/umn/cce_10_0063.html @@ -4,13 +4,16 @@

                      Scenario

                      After a node scaling policy is created, you can delete, edit, disable, enable, or clone the policy.

                      Viewing a Node Scaling Policy

                      You can view the associated node pool, rules, and scaling history of a node scaling policy and rectify faults according to the error information displayed.

                      -
                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Nodes.On the page displayed, click the Node Pools tab and then the name of the node pool for which an auto scaling policy has been created to view the node pool details.
                      3. On the node pool details page, click the Auto Scaling tab to view the auto scaling configuration and scaling records.
                      +
                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Nodes.On the page displayed, click the Node Pools tab and then the name of the node pool for which an auto scaling policy has been created to view the node pool details.
                      3. On the node pool details page, click the Auto Scaling tab to view the auto scaling configuration and scaling records.

                        You can obtain created auto scaling policies on the Policies page.

                        +
                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab.
                        3. Check the configuration of the auto scaling policies. Choose More > Scaling History for the target policy to check the scaling records of the policy.
                        +
                        +

                      Deleting a Node Scaling Policy

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and choose More > Delete in the Operation column.
                      3. In the Delete Node Scaling Policy dialog box displayed, confirm whether to delete the policy.
                      4. Click Yes to delete the policy.

                      Editing a Node Scaling Policy

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and click Edit in the Operation column.
                      3. On the Edit Node Scaling Policy page displayed, configure policy parameters listed in Table 2.
                      4. After the configuration is complete, click OK.
                      -

                      Cloning a Node Scaling Policy

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and choose More > Clone in the Operation column.
                      3. On the Clone Node Scaling Policy page displayed, certain parameters have been cloned. Add or modify other policy parameters based on service requirements.
                      4. Click OK.
                      +

                      Cloning a Node Scaling Policy

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy and choose More > Clone in the Operation column.
                      3. On the Create Node Scaling Policy page displayed, certain parameters have been cloned. Add or modify other policy parameters based on service requirements.
                      4. Click OK.

                      Enabling or Disabling a Node Scaling Policy

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the Node Scaling Policies tab, locate the row containing the target policy click Disable in the Operation column. If the policy is in the disabled state, click Enable in the Operation column.
                      3. In the dialog box displayed, confirm whether to disable or enable the node policy.
                      diff --git a/docs/cce/umn/cce_10_0064.html b/docs/cce/umn/cce_10_0064.html index 75985e10..b6aa1fe3 100644 --- a/docs/cce/umn/cce_10_0064.html +++ b/docs/cce/umn/cce_10_0064.html @@ -6,23 +6,15 @@
                      diff --git a/docs/cce/umn/cce_10_0066.html b/docs/cce/umn/cce_10_0066.html index 1f33446a..aefb01fc 100644 --- a/docs/cce/umn/cce_10_0066.html +++ b/docs/cce/umn/cce_10_0066.html @@ -4,11 +4,11 @@

                      Introduction

                      Everest is a cloud native container storage system, which enables clusters of Kubernetes v1.15.6 or later to access cloud storage services through the CSI.

                      Everest is a system resource add-on. It is installed by default when a cluster of Kubernetes v1.15 or later is created.

                      -

                      Constraints

                      • If your cluster is upgraded from v1.13 to v1.15, storage-driver will be replaced by Everest (v1.1.6 or later) for container storage. The takeover does not affect the original storage functions.
                      • In version 1.2.0 of the Everest add-on, key authentication is optimized when OBS is used. After the Everest add-on is upgraded from a version earlier than 1.2.0, restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                      • By default, this add-on is installed in clusters of v1.15 and later. For clusters of v1.13 and earlier, the storage-driver add-on is installed by default.
                      +

                      Notes and Constraints

                      • If your cluster is upgraded from v1.13 to v1.15, storage-driver will be replaced by Everest (v1.1.6 or later) for container storage. The takeover does not affect the original storage functions.
                      • In version 1.2.0 of the Everest add-on, key authentication is optimized when OBS is used. After the Everest add-on is upgraded from a version earlier than 1.2.0, restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                      • By default, this add-on is installed in clusters of v1.15 and later. For clusters of v1.13 and earlier, the storage-driver add-on is installed by default.

                      Installing the Add-on

                      This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:

                      1. Log in to the CCE console and click the cluster name to access the cluster console. Click Add-ons in the navigation pane, locate CCE Container Storage (Everest) on the right, and click Install.
                      2. On the Install Add-on page, configure the specifications.

                        -

                      Table 2 Adding an outbound rule

                      Parameter
                      Table 1 Everest parameters

                      Parameter

                      +
                      @@ -244,7 +244,7 @@ @@ -279,10 +279,275 @@
                      Table 1 Add-on configuration

                      Parameter

                      Description

                      Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                      The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                      -

                      For details, see Taints and Tolerations.

                      +

                      For details, see Configuring Tolerance Policies.
                      +

                      Collecting Prometheus Metrics

                      everest-csi-controller exposes Prometheus metrics over port 3225. You can create an on-premises Prometheus collector to identify and obtain everest-csi-controller metrics from http://{{everest-csi-controller pod IP address}}:3225/metrics.

                      +

                      Prometheus metrics can be exposed only when the Everest add-on version is 2.4.4 or later.

                      +
                      + +
                      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                      Table 6 Key metrics

                      Metric

                      +

                      Type

                      +

                      Description

                      +

                      Label

                      +

                      Example

                      +

                      everest_action_result_total

                      +

                      Counter

                      +

                      Invoking of different functions

                      +

                      action: indicates different functions. For details, see Table 7.

                      +

                      result: indicates that the invoking is successful or fails.

                      +

                      everest_action_result_total{action="create_snapshot:disk.csi.everest.io",result="success"} 2

                      +

                      everest_function_duration_seconds_bucket

                      +

                      Histogram

                      +

                      Number of times that different functions are executed at different time

                      +

                      function: indicates different functions. For details, see Table 7.

                      +

                      everest_function_duration_seconds_bucket{function="create_snapshot:disk.csi.everest.io",le="10"} 2

                      +

                      everest_function_duration_seconds_sum

                      +

                      Histogram

                      +

                      Total invoking time of different functions

                      +

                      function: indicates different functions. For details, see Table 7.

                      +

                      everest_function_duration_seconds_sum{function="create:disk.csi.everest.io"} 24.381399053

                      +

                      everest_function_duration_seconds_count

                      +

                      Histogram

                      +

                      Number of invoking times of different functions

                      +

                      function: indicates different functions. For details, see Table 7.

                      +

                      everest_function_duration_seconds_count{function="attach:disk.csi.everest.io"} 4

                      +
                      +
                      +

                      action and function specify different CSI drivers and their functions, and are in the format of {Function}:{CSI driver}. For example, create:disk.csi.everest.io specifies that the function is to create a volume and the volume type is EVS disk.

                      + +
                      + + + + + + + + + + + + + + + + + + + + + + + + + +
                      Table 7 Functions

                      Operation

                      +

                      Description

                      +

                      create

                      +

                      Creates a volume.

                      +

                      delete

                      +

                      Deletes a volume.

                      +

                      attach

                      +

                      Mounts a volume.

                      +

                      detach

                      +

                      Detaches a volume.

                      +

                      expand

                      +

                      Expands the capacity of a volume.

                      +

                      create_snapshot

                      +

                      Creates a volume snapshot.

                      +

                      delete_snapshot

                      +

                      Deletes a volume snapshot

                      +
                      +
                      +
                      +

                      Change History

                      +
                      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                      Table 8 Release history

                      Add-on Version

                      +

                      Supported Cluster Version

                      +

                      New Feature

                      +

                      2.4.28

                      +

                      v1.23

                      +

                      v1.25

                      +

                      v1.27

                      +

                      v1.28

                      +

                      v1.29

                      +

                      Fixed some issues.

                      +

                      2.3.23

                      +

                      v1.21

                      +

                      v1.23

                      +

                      v1.25

                      +

                      v1.27

                      +

                      v1.28

                      +

                      Subdirectories can be created in an SFS Turbo file system.

                      +

                      2.3.21

                      +

                      v1.21

                      +

                      v1.23

                      +

                      v1.25

                      +

                      v1.27

                      +

                      v1.28

                      +

                      Fixed some issues.

                      +

                      2.3.14

                      +

                      v1.21

                      +

                      v1.23

                      +

                      v1.25

                      +

                      v1.27

                      +

                      v1.28

                      +

                      CCE clusters 1.28 are supported.

                      +

                      2.1.51

                      +

                      v1.19

                      +

                      v1.21

                      +

                      v1.23

                      +

                      v1.25

                      +

                      v1.27

                      +

                      Supported HCE OS 2.0.

                      +

                      2.1.30

                      +

                      v1.19

                      +

                      v1.21

                      +

                      v1.23

                      +

                      v1.25

                      +
                      • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                      • Adapts the obsfs package to Ubuntu 22.04.
                      +

                      2.1.13

                      +

                      v1.19

                      +

                      v1.21

                      +

                      v1.23

                      +

                      v1.25

                      +

                      Optimized the performance of creating subpath PVCs in batches for SFS Turbo volumes.

                      +

                      1.3.28

                      +

                      v1.19

                      +

                      v1.21

                      +

                      v1.23

                      +
                      • Enabled graceful exit.
                      • Supported OBS process monitoring.
                      +

                      1.2.78

                      +

                      v1.15

                      +

                      v1.17

                      +

                      v1.19

                      +

                      v1.21

                      +

                      Supported anti-affinity scheduling of add-on pods on nodes in different AZs.

                      +

                      1.2.70

                      +

                      v1.15

                      +

                      v1.17

                      +

                      v1.19

                      +

                      v1.21

                      +

                      Optimized the performance of creating subpath PVCs in batches for SFS Turbo volumes.

                      +

                      1.2.44

                      +

                      v1.15

                      +

                      v1.17

                      +

                      v1.19

                      +

                      v1.21

                      +
                      • By default, the enable_noobj_cache parameter is no longer used for mounting OBS buckets.
                      +

                      1.2.30

                      +

                      v1.15

                      +

                      v1.17

                      +

                      v1.19

                      +

                      v1.21

                      +

                      Supported emptyDir.

                      +

                      1.2.13

                      +

                      v1.15

                      +

                      v1.17

                      +

                      v1.19

                      +

                      Supported EulerOS 2.10.

                      +

                      1.1.11

                      +

                      v1.15

                      +

                      v1.17

                      +
                      • Supports security hardening.
                      • Supports third-party OBS storage.
                      • Switches to the EVS query API with better performance.
                      • Uses snapshots to create disks in clone mode by default.
                      • Optimizes and enhances disk status detection and log output for attaching and detaching operations.
                      • Improves the reliability of determining authentication expiration.
                      +
                      +
                      +
                      -
                      Parent topic: Add-ons
                      +
                      Parent topic: Container Storage Add-ons
                      diff --git a/docs/cce/umn/cce_10_0068.html b/docs/cce/umn/cce_10_0068.html index f2613a90..7f0a987f 100644 --- a/docs/cce/umn/cce_10_0068.html +++ b/docs/cce/umn/cce_10_0068.html @@ -4,6 +4,8 @@

                      Node Pool Architecture

                      Generally, all nodes in a node pool have the following same attributes:

                      -
                      • Node OS
                      • Node flavor
                      • Node login mode
                      • Node container runtime
                      • Startup parameters of Kubernetes components on a node
                      • User-defined startup script of a node
                      • Kubernetes Labels and Taints
                      +
                      • Node OS
                      • Node login mode
                      • Node container runtime
                      • Startup parameters of Kubernetes components on a node
                      • Custom startup script of a node
                      • Kubernetes labels and taints

                      CCE provides the following extended attributes for node pools:

                      • Node pool OS
                      • Maximum number of pods on each node in a node pool
                      -

                      Description of DefaultPool

                      DefaultPool is not a real node pool. It only classifies nodes that are not in the user-created node pools. These nodes are directly created on the console or by calling APIs. DefaultPool does not support any user-created node pool functions, including scaling and parameter configuration. DefaultPool cannot be edited, deleted, expanded, or auto scaled, and nodes in it cannot be migrated.

                      +

                      Description of DefaultPool

                      DefaultPool is not a real node pool. It only classifies nodes that are not in the custom node pools. These nodes are directly created on the console or by calling APIs. DefaultPool does not support any user-created node pool functions, including scaling and parameter configuration. DefaultPool cannot be edited, deleted, expanded, or auto scaled, and nodes in it cannot be migrated.

                      -

                      Applicable Scenarios

                      When a large-scale cluster is required, you are advised to use node pools to manage nodes.

                      +

                      Application Scenarios

                      When a large-scale cluster is required, you are advised to use node pools to manage nodes.

                      The following table describes multiple scenarios of large-scale cluster management and the functions of node pools in each scenario.

                      - @@ -72,7 +72,7 @@ - @@ -86,9 +86,9 @@ - - @@ -111,7 +111,7 @@ - diff --git a/docs/cce/umn/cce_10_0083.html b/docs/cce/umn/cce_10_0083.html index b1a85918..f2e403b4 100644 --- a/docs/cce/umn/cce_10_0083.html +++ b/docs/cce/umn/cce_10_0083.html @@ -1,88 +1,27 @@

                      Managing Workload Scaling Policies

                      -

                      Scenario

                      After an HPA policy is created, you can update and delete the policy, as well as edit the YAML file.

                      +

                      Scenario

                      After a workload scaling policy is created, you can update and delete the policy, as well as edit the YAML file.

                      -

                      Checking an HPA Policy

                      You can view the rules, status, and events of an HPA policy and handle exceptions based on the error information displayed.

                      -
                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the HPA Policies tab and then next to the target HPA policy.
                      3. In the expanded area, choose View Events in the Operation column. If the policy malfunctions, locate and rectify the fault based on the error message displayed on the page.

                        You can also view the created HPA policy on the workload details page.

                        -
                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. In the navigation pane, choose Workloads. Click the workload name to view its details.
                        3. On the workload details page, switch to the Auto Scaling tab page to view the HPA policies. You can also view the scaling policies you configured on the Policies page.
                        +

                        Procedure

                        You can view the rules, status, and events of a workload scaling policy and handle exceptions based on the error information displayed.

                        +
                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. In the navigation pane, choose Policies. On the displayed page, click the HPA/CronHPA Policies tab page based on the scaling policy type.
                        3. Check the status, rules, and associated workloads of a scaling policy.

                          You can also check a created scaling policy on the workload details page.

                          +
                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                          2. In the navigation pane, choose Workloads. Click the workload name to view its details.
                          3. On the workload details page, switch to the Auto Scaling tab page to obtain the scaling policies. You can also obtain the scaling policies you configured on the Policies page.
                          - -
                      Table 1 Using node pools for different management scenarios

                      Scenario

                      @@ -60,7 +60,7 @@

                      Deleting a node pool

                      When a node pool is deleted, the nodes in the node pool are deleted first. Workloads on the original nodes are automatically migrated to available nodes in other node pools.

                      +

                      Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.

                      If pods in the node pool have a specific node selector and none of the other nodes in the cluster satisfies the node selector, the pods will become unschedulable.

                      Do not store important data on nodes in a node pool because the nodes may be deleted after scale-in. Data on the deleted nodes cannot be restored.

                      Enabling auto scaling for a node pool

                      +

                      Disabling auto scaling for a node pool

                      After auto scaling is disabled, the number of nodes in a node pool will not automatically change with the cluster loads.

                      After auto scaling is enabled, you are not advised to manually adjust the node pool size.

                      Changing node pool configurations

                      +

                      Modifying node pool configurations

                      You can modify the node pool name, node quantity, Kubernetes labels (and their quantity), resource tags, and taints.

                      +

                      You can change the node pool name and number of nodes, add or delete Kubernetes labels, resource tags, and taints, and adjust node pool configurations such as the disk, OS, and container engine of the node pool.

                      The deleted or added Kubernetes labels and taints (as well as their quantity) will apply to all nodes in the node pool, which may cause pod re-scheduling. Therefore, exercise caution when performing this operation.

                      You can configure core components with fine granularity.

                      • This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                      • The default node pool DefaultPool does not support this type of configuration.
                      +
                      • This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                      • The default node pool does not support this type of configuration.
                      Table 1 Event types and names

                      Event Type

                      +

                    • Manage scaling policies.

                      +

                      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -90,13 +29,6 @@

                      -

                      Editing an HPA Policy

                      An HPA policy is used as an example.

                      -
                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the HPA Policies tab. Locate the row containing the target policy and choose More > Edit in the Operation column.
                      3. On the Edit HPA Policy page, configure policy parameters listed in Table 1.
                      4. Click OK.
                      -
                      -

                      Editing the YAML File (HPA Policy)

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. On the page displayed, click the HPA Policies tab. Locate the row containing the target policy and click Edit YAML in the Operation column.
                      3. In the dialog box displayed, edit or download the YAML file.
                      -
                      -

                      Deleting an HPA Policy

                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. In the navigation pane, choose Policies. Choose More > Delete in the Operation column of the target policy.
                      3. In the dialog box displayed, click Yes.
                      -
                      diff --git a/docs/cce/umn/cce_10_0084.html b/docs/cce/umn/cce_10_0084.html index dd5820d2..33e2f951 100644 --- a/docs/cce/umn/cce_10_0084.html +++ b/docs/cce/umn/cce_10_0084.html @@ -1,7 +1,7 @@

                      Enabling ICMP Security Group Rules

                      -

                      Application Scenarios

                      If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers.

                      +

                      Scenario

                      If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers.

                      Procedure

                      1. Log in to the CCE console, choose Service List > Networking > Virtual Private Cloud, and choose Access Control > Security Groups in the navigation pane.
                      2. In the security group list, locate the security group of the cluster. Click the Inbound Rules tab page and then Add Rule. In the Add Inbound Rule dialog box, configure inbound parameters.

                      Scaling Policy Type

                      Event Name

                      -

                      Description

                      +

                      Operation

                      Normal

                      +

                      HPA

                      SuccessfulRescale

                      -

                      The scaling is performed successfully.

                      +
                      • View Events: Check HPA policy events. If an error occurred, locate and rectify the fault based on the error message displayed on the page.
                      • Edit YAML: In the dialog box displayed, edit, copy, or download the YAML file.
                      • Edit: On the Edit HPA Policy page, configure policy parameters listed in Table 1.
                      • Clone: Duplicate an existing auto scaling policy and modify the parameter settings as required.
                      • Delete: In the dialog box displayed, click Yes.

                      Abnormal

                      +

                      CronHPA

                      InvalidTargetRange

                      -

                      Invalid target range.

                      -

                      InvalidSelector

                      -

                      Invalid selector.

                      -

                      FailedGetObjectMetric

                      -

                      Objects fail to be obtained.

                      -

                      FailedGetPodsMetric

                      -

                      Pods fail to be obtained.

                      -

                      FailedGetResourceMetric

                      -

                      Resources fail to be obtained.

                      -

                      FailedGetExternalMetric

                      -

                      External metrics fail to be obtained.

                      -

                      InvalidMetricSourceType

                      -

                      Invalid metric source type.

                      -

                      FailedConvertHPA

                      -

                      HPA conversion failed.

                      -

                      FailedGetScale

                      -

                      The scale fails to be obtained.

                      -

                      FailedComputeMetricsReplicas

                      -

                      Failed to calculate metric-defined replicas.

                      -

                      FailedGetScaleWindow

                      -

                      Failed to obtain ScaleWindow.

                      -

                      FailedRescale

                      -

                      Failed to scale the service.

                      +
                      • View YAML: In the dialog box displayed, copy or download the YAML file but you are not allowed to modify it.
                      • Delete: In the dialog box displayed, click Yes.

                      Cluster Type

                      diff --git a/docs/cce/umn/cce_10_0091.html b/docs/cce/umn/cce_10_0091.html index c3b9acf7..b7309f72 100644 --- a/docs/cce/umn/cce_10_0091.html +++ b/docs/cce/umn/cce_10_0091.html @@ -10,10 +10,10 @@
                    • Connecting to a Cluster
                      • -
                    • Upgrading a Cluster
                      -
                    • Managing a Cluster
                      • +
                    • Upgrading a Cluster
                      +
                      • diff --git a/docs/cce/umn/cce_10_0094.html b/docs/cce/umn/cce_10_0094.html index ed803b10..f79eed71 100644 --- a/docs/cce/umn/cce_10_0094.html +++ b/docs/cce/umn/cce_10_0094.html @@ -3,18 +3,18 @@

                      Overview

                      Why We Need Ingresses

                      A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.

                      An ingress is an independent resource in the Kubernetes cluster and defines rules for forwarding external access traffic. As shown in Figure 1, you can customize forwarding rules based on domain names and URLs to implement fine-grained distribution of access traffic.

                      -
                      Figure 1 Ingress diagram
                      +
                      Figure 1 Ingress diagram

                      The following describes the ingress-related definitions:

                      • Ingress object: a set of access rules that forward requests to specified Services based on domain names or URLs. It can be added, deleted, modified, and queried by calling APIs.
                      • Ingress Controller: an executor for request forwarding. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.

                      Working Rules of LoadBalancer Ingress Controller

                      LoadBalancer Ingress Controller developed by CCE implements layer-7 network access for the internet and intranet (in the same VPC) based on ELB and distributes access traffic to the corresponding Services using different URLs.

                      LoadBalancer Ingress Controller is deployed on the master node and bound to the load balancer in the VPC where the cluster resides. Different domain names, ports, and forwarding policies can be configured for the same load balancer (with the same IP address). Figure 2 shows the working rules of LoadBalancer Ingress Controller.

                      1. A user creates an ingress object and configures a traffic access rule in the ingress, including the load balancer, URL, SSL, and backend service port.
                      2. When Ingress Controller detects that the ingress object changes, it reconfigures the listener and backend server route on the ELB side according to the traffic access rule.
                      3. When a user accesses a workload, the traffic is forwarded to the corresponding backend service port based on the forwarding policy configured on ELB, and then forwarded to each associated workload through the Service.
                      -
                      Figure 2 Working rules of shared LoadBalancer ingresses in CCE standard and Turbo clusters
                      +
                      Figure 2 Working rules of shared LoadBalancer ingresses in CCE standard and Turbo clusters

                      When you use a dedicated load balancer in a CCE Turbo cluster, pod IP addresses are allocated from the VPC and the load balancer can directly access the pods. When creating an ingress for external cluster access, you can use ELB to access a ClusterIP Service and use pods as the backend server of the ELB listener. In this way, external traffic can directly access the pods in the cluster without being forwarded by node ports.

                      -
                      Figure 3 Working rules of passthrough networking for dedicated LoadBalancer ingresses in CCE Turbo clusters
                      +
                      Figure 3 Working rules of passthrough networking for dedicated LoadBalancer ingresses in CCE Turbo clusters
                      -

                      Services Supported by Ingresses

                      Table 1 lists the services supported by LoadBalancer ingresses. +

                      Services Supported by Ingresses

                      Table 1 lists the Services supported by LoadBalancer ingresses.
                      -
                      Table 1 Services supported by LoadBalancer ingresses

                      Cluster Type

                      ELB Type

                      diff --git a/docs/cce/umn/cce_10_0105.html b/docs/cce/umn/cce_10_0105.html index 940e458a..48a49b3a 100644 --- a/docs/cce/umn/cce_10_0105.html +++ b/docs/cce/umn/cce_10_0105.html @@ -132,7 +132,7 @@

                      CLI

                      Set commands to be executed in the container for pre-stop processing. The command format is Command Args[1] Args[2].... Command is a system command or a user-defined executable program. If no path is specified, an executable program in the default path will be selected. If multiple commands need to be executed, write the commands into a script for execution.

                      +

                      Set commands to be executed in the container for pre-stop processing. The command format is Command Args[1] Args[2].... Command is a system command or a user-defined executable program. If no path is specified, an executable program in the default path will be selected. If multiple commands need to be executed, write the commands into a script for execution.

                      Example command:

                      exec: 
   command: 
@@ -152,7 +152,7 @@
 
 
                      
 
-
                      Example YAML
                      This section uses Nginx as an example to describe how to set the container lifecycle.
                      
+
                      YAML Example
                      This section uses Nginx as an example to describe how to set the container lifecycle.
                      
 
                      In the following configuration file, the postStart command is defined to run the install.sh command in the /bin/bash directory. preStop is defined to run the uninstall.sh command.
                      
 
                      apiVersion: apps/v1
 kind: Deployment
@@ -191,7 +191,7 @@ spec:
 
                      
 
                      
 
                      
-
                      Parent topic: Configuring a Container
                      
+
                      Parent topic: Configuring a Workload
                      
 
                      
 
                      
 
diff --git a/docs/cce/umn/cce_10_0107.html b/docs/cce/umn/cce_10_0107.html
index d114977f..ed5382a7 100644
--- a/docs/cce/umn/cce_10_0107.html
+++ b/docs/cce/umn/cce_10_0107.html
@@ -6,26 +6,26 @@
 
                      Permissions
                      When you access a cluster using kubectl, CCE uses kubeconfig generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig file vary from user to user.
                      
 
                      For details about user permissions, see Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).
                      
 
                      
-
                      Using kubectl
                      To connect to a Kubernetes cluster from a PC, you can use kubectl, a Kubernetes command line tool. You can log in to the CCE console and click the name of the target cluster to access the cluster console. On the Overview page, view the access address and kubectl connection procedure.
                      
+
                      Using kubectl
                      To connect to a Kubernetes cluster from a PC, you can use kubectl, a Kubernetes command line tool. You can log in to the CCE console and click the name of the target cluster to access the cluster console. On the Overview page, view the access address and kubectl connection procedure.
                      
 
                      CCE allows you to access a cluster through a private network or a public network.
                      • Intranet access: The client that accesses the cluster must be in the same VPC as the cluster.
                      • Public access: The client that accesses the cluster must be able to access public networks and the cluster has been bound with a public network IP.
                         
                        To bind an EIP to the cluster, go to the Overview page and click Bind next to EIP in the Connection Information area. In a cluster with an EIP bound, kube-apiserver will be exposed to the Internet and may be attacked. To solve this problem, you can configure Advanced Anti-DDoS for the EIP of the node on which kube-apiserver runs.
                        
 
                        
 
                      
 
                      
-
                      Download kubectl and the configuration file. Copy the file to your client, and configure kubectl. After the configuration is complete, you can access your Kubernetes clusters. Procedure:
                      
+
                      Download kubectl and the configuration file. Copy the file to your client, and configure kubectl. After the configuration is complete, you can access your Kubernetes clusters. The process is as follows:
                      
 
                      1. Download kubectl.
                        Prepare a computer that can access the public network and install kubectl in CLI mode. You can run the kubectl version command to check whether kubectl has been installed. If kubectl has been installed, skip this step.
                        
 
                        This section uses the Linux environment as an example to describe how to install and configure kubectl. For details, see Installing kubectl.
                        
 
                        1. Log in to your client and download kubectl.
                          cd /home
 curl -LO https://dl.k8s.io/release/{v1.25.0}/bin/linux/amd64/kubectl
                          
-
                          {v1.25.0} specifies the version number. Replace it as required.
                          
+
                          {v1.25.0} specifies the version. Replace it as required.
                          
 
                        2. Install kubectl.
                          chmod +x kubectl
 mv -f kubectl /usr/local/bin
                          
 
                        
-
                      2. Obtain the kubectl configuration file (kubeconfig).
                        On the Overview page, locate the Connection Info area, click Configure next to kubectl. On the page displayed, download the configuration file.
                        
+
                      3. Obtain the kubectl configuration file.
                        In the Connection Info pane on the Overview page, click Configure next to kubectl to check the kubectl connection. On the displayed page, choose Intranet access or Public network access and download the configuration file.
                        
 
                         
                        • The kubectl configuration file kubeconfig is used for cluster authentication. If the file is leaked, your clusters may be attacked.
                        • The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.
                        • If the KUBECONFIG environment variable is configured in the Linux OS, kubectl preferentially loads the KUBECONFIG environment variable instead of $home/.kube/config.
                        
 
                        
-
                      4. Configure kubectl.
                        Configure kubectl (A Linux OS is used).
                        1. Log in to your client and copy the kubeconfig.yaml file downloaded in 2 to the /home directory on your client.
                        2. Configure the kubectl authentication file.
                          cd /home
+
                        3. Configure kubectl.
                          Configure kubectl (A Linux OS is used).
                          1. Log in to your client and copy the configuration file (for example, kubeconfig.yaml) downloaded in 2 to the /home directory on your client.
                          2. Configure the kubectl authentication file.
                            cd /home
 mkdir -p $HOME/.kube
-mv -f kubeconfig.yaml $HOME/.kube/config
                            
+mv -f kubeconfig.yaml $HOME/.kube/config
                    • Switch the kubectl access mode based on service scenarios.
                      • Run this command to enable intra-VPC access:
                        kubectl config use-context internal
                      • Run this command to enable public access (EIP required):
                        kubectl config use-context external
                      • Run this command to enable public access and two-way authentication (EIP required):
                        kubectl config use-context externalTLSVerify
                        @@ -36,7 +36,7 @@ mv -f kubeconfig.yaml $HOME/.kube/config

                        • Two-Way Authentication for Domain Names

                        CCE supports two-way authentication for domain names.

                        -
                        • After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run kubectl config use-context externalTLSVerify to enable the two-way domain name authentication.
                        • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                        • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                        • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.yaml again.
                        • If the two-way domain name authentication is not supported, kubeconfig.yaml contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, download the kubeconfig.yaml file again and enable two-way authentication for the domain names.
                          Figure 1 Two-way authentication disabled for domain names
                          +
                          • After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run kubectl config use-context externalTLSVerify to enable the two-way domain name authentication.
                          • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                          • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                          • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.yaml again.
                          • If the two-way domain name authentication is not supported, kubeconfig.yaml contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, download the kubeconfig.yaml file again and enable two-way authentication for the domain names.
                            Figure 1 Two-way authentication disabled for domain names

                        FAQs

                        • Error from server Forbidden

                          When you use kubectl to create or query Kubernetes resources, the following output is returned:

                          diff --git a/docs/cce/umn/cce_10_0112.html b/docs/cce/umn/cce_10_0112.html index cff0b184..9d34d3b0 100644 --- a/docs/cce/umn/cce_10_0112.html +++ b/docs/cce/umn/cce_10_0112.html @@ -12,17 +12,17 @@
                        • CLI

                          CLI is an efficient tool for health check. When using the CLI, you must specify an executable command in a container. The cluster periodically runs the command in the container. If the command output is 0, the health check is successful. Otherwise, the health check fails.

                          The CLI mode can be used to replace the HTTP request-based and TCP port-based health check.

                          • For a TCP port, you can use a program script to connect to a container port. If the connection is successful, the script returns 0. Otherwise, the script returns –1.
                          • For an HTTP request, you can use the script command to run the wget command to detect the container.

                            wget http://127.0.0.1:80/health-check

                            -

                            Check the return code of the response. If the return code is within 200–399, the script returns 0. Otherwise, the script returns –1.

                            +

                            Check the return code of the response. If the return code is within 200–399, the script returns 0. Otherwise, the script returns –1.

                            • Put the program to be executed in the container image so that the program can be executed.
                            • If the command to be executed is a shell script, do not directly specify the script as the command, but add a script parser. For example, if the script is /data/scripts/health_check.sh, you must specify sh/data/scripts/health_check.sh for command execution.
                          -
                        • gRPC Check
                          gRPC checks can configure startup, liveness, and readiness probes for your gRPC application without exposing any HTTP endpoint, nor do you need an executable. Kubernetes can connect to your workload via gRPC and obtain its status.
                          • The gRPC check is supported only in CCE clusters of v1.25 or later.
                          • To use gRPC for check, your application must support the gRPC health checking protocol.
                          • Similar to HTTP and TCP probes, if the port is incorrect or the application does not support the health checking protocol, the check fails.
                          +
                        • gRPC check
                          gRPC checks can configure startup, liveness, and readiness probes for your gRPC application without exposing any HTTP endpoint, nor do you need an executable. Kubernetes can connect to your workload via gRPC and obtain its status.
                          • The gRPC check is supported only in CCE clusters of v1.25 or later.
                          • To use gRPC for check, your application must support the gRPC health checking protocol.
                          • Similar to HTTP and TCP probes, if the port is incorrect or the application does not support the health checking protocol, the check fails.

                        Common Parameters

                        -
                        Table 1 Common parameter description

                        Parameter

                        +
                        @@ -94,7 +94,7 @@ spec: periodSeconds: 5 startupProbe: # Startup probe httpGet: # Checking an HTTP request is used as an example. - path: /healthz # The HTTP check path is /healthz. + path: /healthz # The HTTP check path is /healthz. port: 80 # The check port number is 80. failureThreshold: 30 periodSeconds: 10 @@ -102,7 +102,7 @@ spec:
                        -
                        Parent topic: Configuring a Container
                        +
                        Parent topic: Configuring a Workload
                        diff --git a/docs/cce/umn/cce_10_0113.html b/docs/cce/umn/cce_10_0113.html index 9e4e14fa..c12190b4 100644 --- a/docs/cce/umn/cce_10_0113.html +++ b/docs/cce/umn/cce_10_0113.html @@ -9,7 +9,7 @@

                        Environment variables can be set in the following modes:

                        • Custom: Enter the environment variable name and parameter value.
                        • Added from ConfigMap key: Import all keys in a ConfigMap as environment variables.
                        • Added from ConfigMap: Import a key in a ConfigMap as the value of an environment variable. As shown in Figure 1, if you import configmap_value of configmap_key in configmap-example as the value of environment variable key1, an environment variable named key1 whose value is configmap_value is available in the container.
                        • Added from secret: Import all keys in a secret as environment variables.
                        • Added from secret key: Import the value of a key in a secret as the value of an environment variable. As shown in Figure 1, if you import secret_value of secret_key in secret-example as the value of environment variable key2, an environment variable named key2 whose value is secret_value is available in the container.
                        • Variable value/reference: Use the field defined by a pod as the value of the environment variable. As shown in Figure 1, if the pod name is imported as the value of environment variable key3, an environment variable named key3 whose value is the pod name is available in the container.
                        • Resource Reference: The value of Request or Limit defined by the container is used as the value of the environment variable. As shown in Figure 1, if you import the CPU limit of container-1 as the value of environment variable key4, an environment variable named key4 whose value is the CPU limit of container-1 is available in the container.
                        -

                        Adding Environment Variables

                        1. Log in to the CCE console.
                        2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                        3. When creating a workload, modify the container information in Container Settings and click the Environment Variables tab.
                        4. Configure environment variables.

                          Figure 1 Configuring environment variables
                          +

                          Adding Environment Variables

                          1. Log in to the CCE console.
                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                          3. When creating a workload, modify the container information in Container Settings and click the Environment Variables tab.
                          4. Configure environment variables.

                            Figure 1 Configuring environment variables

                          YAML Example

                          apiVersion: apps/v1
@@ -102,7 +102,7 @@ secret_key=secret_value               # Added from key. The key value in the ori
                          -
                          Parent topic: Configuring a Container
                          +
                          Parent topic: Configuring a Workload
                          diff --git a/docs/cce/umn/cce_10_0125.html b/docs/cce/umn/cce_10_0125.html index fcc89d8c..b2842e63 100644 --- a/docs/cce/umn/cce_10_0125.html +++ b/docs/cce/umn/cce_10_0125.html @@ -11,7 +11,9 @@
                        5. Configuring SFS Turbo Mount Options
                          6. -
                        6. Using StorageClass to Dynamically Create a Subdirectory in an SFS Turbo File System
                          +
                        7. (Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
                          +
                          8. +
                        8. Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                          9. diff --git a/docs/cce/umn/cce_10_0127.html b/docs/cce/umn/cce_10_0127.html index 6ecef4b7..8196a3ec 100644 --- a/docs/cce/umn/cce_10_0127.html +++ b/docs/cce/umn/cce_10_0127.html @@ -4,7 +4,7 @@

                          Introduction

                          CCE Container Storage (FlexVolume), also called storage-driver, functions as a standard Kubernetes FlexVolume plugin to allow containers to use EVS, SFS, OBS, and SFS Turbo storage resources. By installing and upgrading storage-driver, you can quickly install and update cloud storage capabilities.

                          FlexVolume is a system resource add-on. It is installed by default when a cluster of Kubernetes v1.13 or earlier is created.

                          -

                          Constraints

                          • For clusters created in CCE, Kubernetes v1.15.11 is a transitional version in which the FlexVolume add-on is compatible with the CSI add-on (Everest). Clusters of v1.17 and later versions do not support FlexVolume anymore. Use the Everest add-on.
                          • The FlexVolume add-on will be maintained by Kubernetes developers, but new functionality will only be added to Everest. Do not create CCE storage that uses the FlexVolume add-on (storage-driver) anymore. Otherwise, storage may malfunction.
                          • This add-on can be installed only in clusters of v1.13 or earlier. By default, the Everest add-on is installed when clusters of v1.15 or later are created.

                            In a cluster of v1.13 or earlier, when an upgrade or bug fix is available for storage functionalities, you only need to install or upgrade the storage-driver add-on. Upgrading the cluster or creating a cluster is not required.

                            +

                            Notes and Constraints

                            • For clusters created in CCE, Kubernetes v1.15.11 is a transitional version in which the FlexVolume add-on is compatible with the CSI add-on (Everest). Clusters of v1.17 and later versions do not support FlexVolume anymore. Use the Everest add-on.
                            • The FlexVolume add-on will be maintained by Kubernetes developers, but new functionality will only be added to Everest. Do not create CCE storage that uses the FlexVolume add-on (storage-driver) anymore. Otherwise, storage may malfunction.
                            • This add-on can be installed only in clusters of v1.13 or earlier. By default, the Everest add-on is installed when clusters of v1.15 or later are created.

                              In a cluster of v1.13 or earlier, when an upgrade or bug fix is available for storage functionalities, you only need to install or upgrade the storage-driver add-on. Upgrading the cluster or creating a cluster is not required.

                            @@ -15,7 +15,7 @@
                            -
                            Parent topic: Add-ons
                            +
                            Parent topic: Container Storage Add-ons
                            diff --git a/docs/cce/umn/cce_10_0129.html b/docs/cce/umn/cce_10_0129.html index 1d2e8bb0..ab290b79 100644 --- a/docs/cce/umn/cce_10_0129.html +++ b/docs/cce/umn/cce_10_0129.html @@ -10,11 +10,11 @@

                            For details, see DNS.

                            -

                            Constraints

                            To run CoreDNS properly or upgrade CoreDNS in a cluster, ensure the number of available nodes in the cluster is greater than or equal to the number of CoreDNS instances and all CoreDNS instances are running. Otherwise, the add-on will malfunction or the upgrade will fail.

                            +

                            Notes and Constraints

                            To run CoreDNS properly or upgrade CoreDNS in a cluster, ensure the number of available nodes in the cluster is greater than or equal to the number of CoreDNS instances and all CoreDNS instances are running. Otherwise, the add-on will malfunction or the upgrade will fail.

                            Installing the Add-on

                            This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:

                            1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CoreDNS on the right, and click Install.
                            2. On the Install Add-on page, configure the specifications.

                              -

                        Table 1 Common parameters

                        Parameter

                        Description
                        @@ -101,12 +101,12 @@

                      • Click Install.

                        On the Releases tab page, you can view the installation status of the release.

                        • -

                        Upgrading a Chart-based Workload

                        1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane and click the Releases tab.
                        2. Click Upgrade in the row where the desired workload resides and set the parameters for the workload.
                        3. Select a chart version for Chart Version.
                        4. Follow the prompts to modify the chart parameters. Confirm the modification and click Upgrade.
                        5. If the execution status is Upgraded, the workload has been upgraded.
                        +

                        Upgrading a Chart-based Workload

                        1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                        2. Click Upgrade in the row where the desired workload resides and set the parameters for the workload.
                        3. Select a chart version for Chart Version.
                        4. Follow the prompts to modify the chart parameters. Confirm the modification and click Upgrade.
                        5. If the execution status is Upgraded, the workload has been upgraded.
                        -

                        Rolling Back a Chart-based Workload

                        1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane and click the Releases tab.
                        2. Click More > Roll Back for the workload to be rolled back, select the workload version, and click Roll back to this version.

                          In the workload list, if the status is Rollback successful, the workload is rolled back successfully.

                          +

                          Rolling Back a Chart-based Workload

                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                          2. Click More > Roll Back for the workload to be rolled back, select the workload version, and click Roll back to this version.

                            In the workload list, if the status is Rollback successful, the workload is rolled back successfully.

                          -

                          Uninstalling a Chart-based Workload

                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane and click the Releases tab.
                          2. Click More > Uninstall next to the release to be uninstalled, and click Yes. Exercise caution when performing this operation because releases cannot be restored after being uninstalled.
                          +

                          Uninstalling a Chart-based Workload

                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose App Templates in the navigation pane. In the right pane, click the Releases tab.
                          2. Click More > Uninstall next to the release to be uninstalled, and click Yes. Exercise caution when performing this operation because releases cannot be restored after being uninstalled.
                          diff --git a/docs/cce/umn/cce_10_0150.html b/docs/cce/umn/cce_10_0150.html index 0b5ce823..85e4ad88 100644 --- a/docs/cce/umn/cce_10_0150.html +++ b/docs/cce/umn/cce_10_0150.html @@ -8,7 +8,7 @@

                          Prerequisites

                          Resources have been created. For details, see Creating a Node. If clusters and nodes are available, you need not create them again.

                          -

                          Using the CCE Console

                          1. Log in to the CCE console.
                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                          3. Set basic information about the workload.

                            Basic Info
                            • Workload Type: Select Job. For details about workload types, see Overview.
                            • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                            • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                            • Pods: Enter the number of pods of the workload.
                            • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                            +

                            Using the CCE Console

                            1. Log in to the CCE console.
                            2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                            3. Set basic information about the workload.

                              Basic Info
                              • Workload Type: Select Job. For details about workload types, see Overview.
                              • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                              • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                              • Pods: Enter the number of pods of the workload.
                              • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                              Container Settings
                              • Container Information
                                Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                • Basic Info: Configure basic information about the container.
                        Table 1 CoreDNS parameters

                        Parameter

                        +
                        @@ -23,7 +23,7 @@ - @@ -307,7 +303,7 @@ $configBlock @@ -345,12 +341,176 @@ $configBlock
                        1. The query is first sent to the DNS caching layer in CoreDNS.
                        2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                          • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                          • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                          • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                        -
                        Figure 1 Routing
                        +
                        Figure 1 Routing
                        + +

                        Change History

                        +
                        Table 1 Add-on configuration

                        Parameter

                        Description

                        Pods

                        Number of pods for the add-on.

                        -

                        High availability is not possible with a single add-on pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                        +

                        High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                        Containers

                        @@ -129,14 +129,17 @@

                        Advance Config

                        • parameterSyncStrategy: indicates whether to configure consistency check when the add-on is upgraded.
                          • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration recorded in the cluster is inconsistent with the actual configuration, the add-on cannot be upgraded.
                          • force: indicates that the configuration consistency check is ignored during an upgrade. In this case, you must ensure that the current effective configuration is the same as the original configuration. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                          • inherit: indicates that custom settings are automatically inherited during an upgrade. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                          -
                        • stub_domains: sub domains, which allow you to configure a domain name server for a custom domain name. A sub domain is in the format of a key-value pair, where the key is the suffix of a DNS domain name and the value is one or more DNS IP addresses.
                        • upstream_nameservers: IP address of the upstream DNS server.
                        • servers: nameservers, which are available in CoreDNS v1.23.1 and later versions. You can customize nameservers. For details, see dns-custom-nameservers.
                          plugins indicates the configuration of each component in CoreDNS. Retain the default settings typically to prevent CoreDNS from being unavailable due to configuration errors. Each plugin component contains name, parameters (optional), and configBlock (optional). The format of the generated Corefile is as follows:
                          $name  $parameters {
+
                        • parameterSyncStrategy: indicates whether to configure consistency check when the add-on is upgraded.
                          • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration recorded in the cluster is inconsistent with the actual configuration, the add-on cannot be upgraded.
                          • force: indicates that the configuration consistency check is ignored during an upgrade. In this case, you must ensure that the current effective configuration is the same as the original configuration. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                          • inherit: indicates that custom settings are automatically inherited during an upgrade. After the add-on is upgraded, the value of parameterSyncStrategy is automatically restored to ensureConsistent to enable the configuration consistency check again.
                          +
                        • servers: nameservers, which are available in CoreDNS v1.23.1 and later versions. You can customize nameservers. For details, see dns-custom-nameservers.
                          plugins indicates the configuration of each component in CoreDNS. Retain the default settings typically to prevent CoreDNS from being unavailable due to configuration errors. Each plugin component contains name, parameters (optional), and configBlock (optional). The format of the generated Corefile is as follows:
                          $name  $parameters {
 $configBlock
 }

                          Table 4 describes common plugins. For details, see Plugins.

                          -

                          Example:

                          +
                        • upstream_nameservers: specifies the IP address of the upstream DNS server.
                        +

                        Example of advanced configurations:

                        {
+     "annotations": {},
+     "parameterSyncStrategy": "ensureConsistent",
      "servers": [
 		   {
 			"plugins": [
@@ -157,7 +160,7 @@ $configBlock
 				},
                                 {
 					"name": "ready",
-					"{$POD_IP}:8081"
+					"parameters": "{$POD_IP}:8081"
 				},
 				{
 					"configBlock": "pods insecure\nfallthrough in-addr.arpa ip6.arpa",
@@ -189,15 +192,8 @@ $configBlock
 			]
 		}
 	],
-	"stub_domains": {
-		"acme.local": [
-			"1.2.3.4",
-			"6.7.8.9"
-		]
-	},
 	"upstream_nameservers": ["8.8.8.8", "8.8.4.4"]
 }
                        -

                        Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                        The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                        -

                        For details, see Taints and Tolerations.

                        +

                        For details, see Configuring Tolerance Policies.
                        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                        Table 7 Release history

                        Add-on Version

                        +

                        Supported Cluster Version

                        +

                        New Feature

                        +

                        Community Version

                        +

                        1.29.4

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        v1.28

                        +

                        v1.29

                        +

                        CCE clusters 1.29 are supported.

                        +

                        1.10.1

                        +

                        1.28.7

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        v1.28

                        +

                        Supported hot module replacement. Rolling upgrade is not required.

                        +

                        1.10.1

                        +

                        1.28.5

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        v1.28

                        +

                        Fixed some issues.

                        +

                        1.10.1

                        +

                        1.28.4

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        v1.28

                        +

                        CCE clusters 1.28 are supported.

                        +

                        1.10.1

                        +

                        1.27.4

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        None

                        +

                        1.10.1

                        +

                        1.25.11

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +
                        • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                        • Upgrades to its community version 1.10.1.
                        +

                        1.10.1

                        +

                        1.25.1

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        CCE clusters 1.25 are supported.

                        +

                        1.8.4

                        +

                        1.23.3

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        Regular upgrade of add-on dependencies

                        +

                        1.8.4

                        +

                        1.23.1

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        CCE clusters 1.23 are supported.

                        +

                        1.8.4

                        +

                        1.17.15

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        v1.21

                        +

                        CCE clusters 1.21 are supported.

                        +

                        1.8.4

                        +

                        1.17.9

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        Regular upgrade of add-on dependencies

                        +

                        1.8.4

                        +

                        1.17.4

                        +

                        v1.17

                        +

                        v1.19

                        +

                        CCE clusters 1.19 are supported.

                        +

                        1.6.5

                        +
                        +
                        -
                        Parent topic: Add-ons
                        +
                        Parent topic: Container Network Add-ons
                        diff --git a/docs/cce/umn/cce_10_0130.html b/docs/cce/umn/cce_10_0130.html index 50d0cb01..3f68b032 100644 --- a/docs/cce/umn/cce_10_0130.html +++ b/docs/cce/umn/cce_10_0130.html @@ -1,9 +1,11 @@ -

                        Configuring a Container

                        +

                        Configuring a Workload

                        diff --git a/docs/cce/umn/cce_10_0132.html b/docs/cce/umn/cce_10_0132.html index 428f5016..998f9ae0 100644 --- a/docs/cce/umn/cce_10_0132.html +++ b/docs/cce/umn/cce_10_0132.html @@ -4,14 +4,14 @@

                        Introduction

                        CCE node problem detector (NPD) is an add-on that monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. The NPD add-on can run as a DaemonSet or a daemon.

                        For more information, see node-problem-detector.

                        -

                        Constraints

                        • When using this add-on, do not format or partition node disks.
                        • Each NPD process occupies 30 m CPU and 100 MB memory.
                        • If the NPD version is 1.18.45 or later, the EulerOS version of the host machine must be 2.5 or later.
                        +

                        Notes and Constraints

                        • When using this add-on, do not format or partition node disks.
                        • Each NPD process occupies 30m CPUs and 100 MiB memory.
                        • If the NPD version is 1.18.45 or later, the EulerOS version of the host machine must be 2.5 or later.

                        Permissions

                        To monitor kernel logs, the NPD add-on needs to read the host /dev/kmsg. Therefore, the privileged mode must be enabled. For details, see privileged.

                        In addition, CCE mitigates risks according to the least privilege principle. Only the following privileges are available for NPD running:

                        • cap_dac_read_search: permission to access /run/log/journal.
                        • cap_sys_admin: permission to access /dev/kmsg.

                        Installing the Add-on

                        1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE Node Problem Detector on the right, and click Install.
                        2. On the Install Add-on page, configure the specifications.

                          -

                          Table 1 NPD configuration

                          Parameter

                          +
                          @@ -25,6 +25,7 @@ - @@ -91,7 +92,7 @@ @@ -155,7 +156,7 @@

                          Typical scenario: Disk I/O suspension causes process suspension.

                          @@ -167,7 +168,7 @@ @@ -208,6 +209,8 @@
                          Table 1 Add-on configuration

                          Parameter

                          Description

                          Pods

                          If you select Custom, you can adjust the number of pods as required.

                          +

                          High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                          Containers

                          @@ -55,7 +56,7 @@

                          npc.maxTaintedNode

                          The maximum number of nodes that NPC can add taints to when a single fault occurs on multiple nodes for minimizing impact.

                          +

                          The maximum number of nodes that NPC can add taints to when an individual fault occurs on multiple nodes for minimizing impact.

                          The value can be in int or percentage format.

                          Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                          The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                          -

                          For details, see Taints and Tolerations.

                          +

                          For details, see Configuring Tolerance Policies.

                          Warning event

                          -

                          Listening object: /dev/kmsg

                          +

                          Listening object: /dev/kmsg

                          Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."

                          Warning event

                          -

                          Listening object: /dev/kmsg

                          +

                          Listening object: /dev/kmsg

                          Matching rule: Remounting filesystem read-only
                          • Default threshold: 10 restarts within 10 minutes

                            If Kubelet restarts for 10 times within 10 minutes, it indicates that the system restarts frequently and a fault alarm is generated.

                          • Listening object: logs in the /run/log/journal directory
                          +
                          NOTE:

                          The Ubuntu and HCE 2.0 OSs do not support the preceding check items due to incompatible log formats.

                          +

                          Frequent restarts of Docker

                          @@ -520,6 +523,9 @@
                          +

                          Viewing NPD Events

                          Events reported by the NPD add-on can be queried on the Nodes page.

                          +
                          1. Log in to the CCE console.
                          2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane.
                          3. Locate the row that contains the target node, and click View Events.
                          +

                          Collecting Prometheus Metrics

                          The NPD daemon pod exposes Prometheus metric data on port 19901. By default, the NPD pod is added with the annotation metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"prometheus","path":"/metrics","port":"19901","names":""}]'. You can build a Prometheus collector to identify and obtain NPD metrics from http://{{NpdPodIP}}:{{NpdPodPort}}/metrics.

                          If the NPD add-on version is earlier than 1.16.5, the exposed port of Prometheus metrics is 20257.

                          @@ -538,10 +544,104 @@ problem_gauge{reason="CRIIsDown",type="CRIProblem"} 0 problem_gauge{reason="CRIIsUp",type="CRIProblem"} 0 ..
                          +

                          Change History

                          +
                          + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                          Table 12 Release history

                          Add-on Version

                          +

                          Supported Cluster Version

                          +

                          New Feature

                          +

                          Community Version

                          +

                          1.19.1

                          +

                          v1.21

                          +

                          v1.23

                          +

                          v1.25

                          +

                          v1.27

                          +

                          v1.28

                          +

                          v1.29

                          +

                          Fixed some issues.

                          +

                          0.8.10

                          +

                          1.19.0

                          +

                          v1.21

                          +

                          v1.23

                          +

                          v1.25

                          +

                          v1.27

                          +

                          v1.28

                          +

                          Fixed some issues.

                          +

                          0.8.10

                          +

                          1.18.48

                          +

                          v1.21

                          +

                          v1.23

                          +

                          v1.25

                          +

                          v1.27

                          +

                          v1.28

                          +

                          Fixed some issues.

                          +

                          0.8.10

                          +

                          1.18.46

                          +

                          v1.21

                          +

                          v1.23

                          +

                          v1.25

                          +

                          v1.27

                          +

                          v1.28

                          +

                          CCE clusters 1.28 are supported.

                          +

                          0.8.10

                          +

                          1.18.22

                          +

                          v1.19

                          +

                          v1.21

                          +

                          v1.23

                          +

                          v1.25

                          +

                          v1.27

                          +

                          None

                          +

                          0.8.10

                          +

                          1.17.4

                          +

                          v1.17

                          +

                          v1.19

                          +

                          v1.21

                          +

                          v1.23

                          +

                          v1.25

                          +

                          Optimizes DiskHung check item.

                          +

                          0.8.10

                          +
                          +
                          +
                          -
                          Parent topic: Add-ons
                          +
                          Parent topic: Cloud Native Observability Add-ons
                          diff --git a/docs/cce/umn/cce_10_0140.html b/docs/cce/umn/cce_10_0140.html index 8218a116..6efa89ee 100644 --- a/docs/cce/umn/cce_10_0140.html +++ b/docs/cce/umn/cce_10_0140.html @@ -6,10 +6,12 @@
                          diff --git a/docs/cce/umn/cce_10_0141.html b/docs/cce/umn/cce_10_0141.html index 8357225e..eb4a18ca 100644 --- a/docs/cce/umn/cce_10_0141.html +++ b/docs/cce/umn/cce_10_0141.html @@ -3,7 +3,7 @@

                          CCE AI Suite (NVIDIA GPU)

                          Introduction

                          NVIDIA GPU is a device management add-on that supports GPUs in containers. To use GPU nodes in a cluster, this add-on must be installed.

                          -

                          Constraints

                          • The driver to be downloaded must be a .run file.
                          • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                          • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                          • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                          • CCE does not guarantee the compatibility between the GPU driver version and the CDUA library version of your application. You need to check the compatibility by yourself.
                          • If a custom OS image has had a a GPU driver installed, CCE cannot ensure that the GPU driver is compatible with other GPU components such as the monitoring components used in CCE.
                          +

                          Notes and Constraints

                          • The driver to be downloaded must be a .run file.
                          • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                          • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                          • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                          • CCE does not guarantee the compatibility between the GPU driver version and the CUDA library version of your application. You need to check the compatibility by yourself.
                          • If a custom OS image has had a a GPU driver installed, CCE cannot ensure that the GPU driver is compatible with other GPU components such as the monitoring components used in CCE.

                          Installing the Add-on

                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE AI Suite (NVIDIA GPU) on the right, and click Install.
                          2. Configure the add-on parameters.

                            • NVIDIA Driver: Enter the link for downloading the NVIDIA driver. All GPU nodes in the cluster will use this driver.
                              • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                              • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. For details about how to obtain the driver link, see Obtaining the Driver Link from OBS.
                              • Ensure that the NVIDIA driver version matches the GPU node.
                              • After the driver version is changed, restart the node for the change to take effect.
                              @@ -23,11 +23,11 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
                            • Container:
                              cd /usr/local/nvidia/bin && ./nvidia-smi

                            If GPU information is returned, the device is available and the add-on has been installed.

                            -

                            +

                          -

                          Obtaining the Driver Link from Public Network

                          1. Log in to the CCE console.
                          2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                          1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                          2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.

                            Figure 1 Setting parameters
                            -

                          3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.

                            Figure 2 Driver information
                            -

                          4. Obtain the driver link in either of the following ways:

                            • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                            • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                              Figure 3 Obtaining the link
                              +

                              Obtaining the Driver Link from Public Network

                              1. Log in to the CCE console.
                              2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                              1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                              2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.

                                Figure 1 Setting parameters
                                +

                              3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.

                                Figure 2 Driver information
                                +

                              4. Obtain the driver link in either of the following ways:

                                • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                                • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                                  Figure 3 Obtaining the link

                              @@ -55,10 +55,133 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
                        +

                        Change History

                        +
                        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                        Table 2 Release history

                        Add-on Version

                        +

                        Supported Cluster Version

                        +

                        New Feature

                        +

                        2.6.4

                        +

                        v1.28

                        +

                        v1.29

                        +

                        Updated the isolation logic of GPU cards.

                        +

                        2.6.1

                        +

                        v1.28

                        +

                        v1.29

                        +

                        Upgraded the base images of the add-on.

                        +

                        2.5.6

                        +

                        v1.28

                        +

                        Fixed an issue that occurred during the installation of the driver.

                        +

                        2.5.4

                        +

                        v1.28

                        +

                        Clusters 1.28 are supported.

                        +

                        2.0.69

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        Upgraded the base images of the add-on.

                        +

                        2.0.48

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +

                        Fixed an issue that occurred during the installation of the driver.

                        +

                        2.0.46

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        v1.27

                        +
                        • Supported Nvidia driver 535.
                        • Non-root users can use xGPUs.
                        • Optimized startup logic.
                        +

                        1.2.28

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +
                        • Adapted to Ubuntu 22.04.
                        • Optimized the automatic mounting of the GPU driver directory.
                        +

                        1.2.20

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        v1.25

                        +

                        Set the add-on alias to gpu.

                        +

                        1.2.15

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        v1.21

                        +

                        v1.23

                        +

                        CCE clusters 1.23 are supported.

                        +

                        1.2.9

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        v1.21

                        +

                        CCE clusters 1.21 are supported.

                        +

                        1.2.2

                        +

                        v1.15

                        +

                        v1.17

                        +

                        v1.19

                        +

                        Supported the new EulerOS kernel.

                        +
                        +
                        +
                        diff --git a/docs/cce/umn/cce_10_0142.html b/docs/cce/umn/cce_10_0142.html index b85c2884..a9a52529 100644 --- a/docs/cce/umn/cce_10_0142.html +++ b/docs/cce/umn/cce_10_0142.html @@ -2,17 +2,17 @@

                        NodePort

                        Scenario

                        A Service is exposed on each node's IP address at a static port (NodePort). When you create a NodePort Service, Kubernetes automatically allocates an internal IP address (ClusterIP) of the cluster. When clients outside the cluster access <NodeIP>:<NodePort>, the traffic will be forwarded to the target pod through the ClusterIP of the NodePort Service.

                        -
                        Figure 1 NodePort access
                        +
                        Figure 1 NodePort access
                        -

                        Constraints

                        • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                        • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                        • CCE Turbo clusters support only cluster-level service affinity.
                        • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                        • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is IPVS, run the ipvsadm -Ln command to view the port.
                        +

                        Notes and Constraints

                        • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                        • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                        • In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                        • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                        • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is IPVS, run the ipvsadm -Ln command to view the port.
                        -

                        Creating a NodePort Service

                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                        3. Configure intra-cluster access parameters.

                          • Service Name: Specify a Service name, which can be the same as the workload name.
                          • Service Type: Select NodePort.
                          • Namespace: Namespace to which the workload belongs.
                          • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                            • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                            • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                            -
                          • Selector: Add a label and click Confirm. A Service selects a pod based on the added label. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                          • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                          • Port Settings
                            • Protocol: protocol used by the Service.
                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                            • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                            • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.
                            +

                            Creating a NodePort Service

                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                            2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                            3. Configure intra-cluster access parameters.

                              • Service Name: Specify a Service name, which can be the same as the workload name.
                              • Service Type: Select NodePort.
                              • Namespace: namespace that the workload belongs to.
                              • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                +
                              • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                              • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                              • Ports
                                • Protocol: protocol used by the Service.
                                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.

                            4. Click OK.
                            -

                            Using kubectl

                            You can run kubectl commands to set the access type. This section uses an Nginx workload as an example to describe how to set a NodePort Service using kubectl.

                            -
                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                            2. Create and edit the nginx-deployment.yaml and nginx-nodeport-svc.yaml files.

                              The file names are user-defined. nginx-deployment.yaml and nginx-nodeport-svc.yaml are merely example file names.

                              +

                              Using kubectl

                              You can configure Service access using kubectl. This section uses an Nginx workload as an example to describe how to configure a NodePort Service using kubectl.

                              +
                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                              2. Create and edit the nginx-deployment.yaml and nginx-nodeport-svc.yaml files.

                                The file names are user-defined. nginx-deployment.yaml and nginx-nodeport-svc.yaml are merely example file names.

                                vi nginx-deployment.yaml

                                apiVersion: apps/v1
 kind: Deployment
diff --git a/docs/cce/umn/cce_10_0146.html b/docs/cce/umn/cce_10_0146.html
index 73385ff3..30069f28 100644
--- a/docs/cce/umn/cce_10_0146.html
+++ b/docs/cce/umn/cce_10_0146.html
@@ -2,7 +2,7 @@
 
 
                                Deploying an Application from a Chart
                                
 
                                On the CCE console, you can upload a Helm chart package, deploy it, and manage the deployed pods.
                                
-
                                Constraints
                                • The number of charts that can be uploaded by a single user is limited. The value displayed on the console of each region is the allowed quantity.
                                • A chart with multiple versions consumes the same amount of portion of chart quota.
                                • Users with chart operation permissions can perform multiple operations on clusters. Therefore, exercise caution when assigning users the chart lifecycle management permissions, including uploading charts and creating, deleting, and updating chart releases.
                                
+
                                Notes and Constraints
                                • The number of charts that can be uploaded by a single user is limited. The value displayed on the console of each region is the allowed quantity.
                                • A chart with multiple versions consumes the same amount of portion of chart quota.
                                • Users with chart operation permissions can perform multiple operations on clusters. Therefore, exercise caution when assigning users the chart lifecycle management permissions, including uploading charts and creating, deleting, and updating chart releases.
                                
 
                                
 
                                Chart Specifications
                                The Redis workload is used as an example to illustrate the chart specifications.
                                
 
                                • Naming Requirement
                                  A chart package is named in the format of {name}-{version}.tgz, where {version} indicates the version number in the format of Major version number.Minor version number.Revision number, for example, redis-0.4.2.tgz.
                                  
@@ -33,7 +33,7 @@

                        Describes configuration parameters required by templates.

                        NOTICE:

                        Make sure that the image address set in the values.yaml file is the same as the image address in the container image repository. Otherwise, an exception occurs when you create a workload, and the system displays a message indicating that the image fails to be pulled.

                        -

                        To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click to copy the command in the Image Pull Command column.

                        +

                        To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click to copy the command in the Image Pull Command column.

                        Parameter

                        @@ -80,7 +80,7 @@
                      • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                      • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node of the specified GPU type.
                        • -
                        (Optional) Advanced Settings
                        • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                        +
                        (Optional) Advanced Settings
                        • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                        • Job Settings
                          • Parallel Pods: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.
                          • Timeout (s): Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.
                          • Completion Mode
                            • Non-indexed: A job is considered complete when all the pods are successfully executed. Each pod completion is homologous to each other.
                            • Indexed: Each pod gets an associated completion index from 0 to the number of pods minus 1. The job is considered complete when every pod allocated with an index is successfully executed. For an indexed job, pods are named in the format of $(job-name)-$(index).
                          • Suspend Job: By default, a job is executed immediately after being created. The job's execution will be suspended if you enable this option, and resumed after you disable it.
                        • Network Configuration diff --git a/docs/cce/umn/cce_10_0151.html b/docs/cce/umn/cce_10_0151.html index 366a17a4..e94596bd 100644 --- a/docs/cce/umn/cce_10_0151.html +++ b/docs/cce/umn/cce_10_0151.html @@ -9,7 +9,7 @@

                        Prerequisites

                        Resources have been created. For details, see Creating a Node.

                        -

                        Using the CCE Console

                        1. Log in to the CCE console.
                        2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                        3. Set basic information about the workload.

                          Basic Info
                          • Workload Type: Select Cron Job. For details about workload types, see Overview.
                          • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                          • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                          • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                          +

                          Using the CCE Console

                          1. Log in to the CCE console.
                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                          3. Set basic information about the workload.

                            Basic Info
                            • Workload Type: Select Cron Job. For details about workload types, see Overview.
                            • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                            • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                            • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                            Container Settings
                            • Container Information
                              Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                              • Basic Info: Configure basic information about the container.
                                - - - - - - - - @@ -53,38 +53,38 @@ - - - - - - - @@ -93,7 +93,7 @@

                                For a small-capacity node, adjust the maximum number of instances based on the site requirements. Alternatively, when creating a node on the CCE console, you can adjust the maximum number of instances for the node based on the node specifications.

                                -

                                Rules for Reserving Node Memory v2

                                For clusters of v1.21.4-r0, v1.23.3-r0, or later, the node memory reservation model is optimized to v2 and can be dynamically adjusted using the node pool parameters kube-reserved-mem and system-reserved-mem. For details, see Configuring a Node Pool.

                                +

                                Rules for Reserving Node Memory v2

                                For clusters of v1.21.4-r0, v1.23.3-r0, or later, the node memory reservation model is optimized to v2 and can be dynamically adjusted using the node pool parameters kube-reserved-mem and system-reserved-mem. For details, see Modifying Node Pool Configurations.

                                The total reserved node memory of the v2 model is equal to the sum of that reserved for the OS and that reserved for CCE to manage pods.

                                Reserved memory includes basic and floating parts. For the OS, the floating memory depends on the node specifications. For CCE, the floating memory depends on the number of pods on a node.

                                @@ -101,9 +101,9 @@
                                - - @@ -111,14 +111,14 @@ - - - @@ -127,15 +127,15 @@ - - -

                                Parameter

                                @@ -85,7 +85,7 @@
                              • Job Records: You can set the number of jobs that are successfully executed or fail to be executed. Setting a limit to 0 corresponds to keeping none of the jobs after they finish.
                                • -
                                (Optional) Advanced Settings
                                • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                +
                                (Optional) Advanced Settings
                                • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                diff --git a/docs/cce/umn/cce_10_0152.html b/docs/cce/umn/cce_10_0152.html index 98f69cc1..49a85b7b 100644 --- a/docs/cce/umn/cce_10_0152.html +++ b/docs/cce/umn/cce_10_0152.html @@ -6,7 +6,7 @@

                                Benefits of ConfigMaps:

                                • Manage configurations of different environments and services.
                                • Deploy workloads in different environments. Multiple versions are supported for configuration files so that you can update and roll back workloads easily.
                                • Quickly import configurations in the form of files to containers.
                                -

                                Constraints

                                • The size of a ConfigMap resource file cannot exceed 1 MB.
                                • ConfigMaps cannot be used in static pods.
                                +

                                Notes and Constraints

                                • The size of a ConfigMap resource file cannot exceed 1 MB.
                                • ConfigMaps cannot be used in static pods.

                                Procedure

                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                2. Choose ConfigMaps and Secrets in the navigation pane and click Create ConfigMap in the upper right corner.
                                3. Configure parameters.

                                  @@ -194,16 +192,534 @@

                                  Scale-In Cool-Down Period

                                  Scale-in cooling intervals can be configured in the node pool settings and the Autoscaler add-on settings.

                                  Scale-in cooling interval configured in a node pool

                                  -

                                  This interval indicates the period during which nodes added to the current node pool after a scale-out operation cannot be deleted. This interval takes effect at the node pool level.

                                  +

                                  This interval indicates the period during which nodes added to the current node pool after a scale-out cannot be deleted. This setting takes effect in the entire node pool.

                                  Scale-in cooling interval configured in the Autoscaler add-on

                                  -

                                  The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the Autoscaler add-on triggers scale-out (due to the unschedulable pods, metrics, and scaling policies). This interval takes effect at the cluster level.

                                  -

                                  The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers scale-in. This interval takes effect at the cluster level.

                                  +

                                  The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the Autoscaler add-on triggers a scale-out (due to the unschedulable pods, metrics, and scaling policies). This setting takes effect in the entire cluster.

                                  +

                                  The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the auto scaling add-on triggers a scale-in. This setting takes effect in the entire cluster.

                                  The interval after a failed scale-in indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers scale-in. This interval takes effect at the cluster level.

                                  +

                                  Change History

                                  +
                                  Table 1 Parameters for creating a ConfigMap

                                  Parameter

                                  @@ -33,7 +33,7 @@

                                  Data

                                  Data of a ConfigMap, in the key-value pair format.

                                  -

                                  Click to add data. The value can be in string, JSON, or YAML format.

                                  +

                                  Click to add data. The value can be in string, JSON, or YAML format.

                                  Label

                                  @@ -47,7 +47,7 @@

                                4. Click OK.

                                  The new ConfigMap is displayed in the ConfigMap list.

                                  5. -

                                  Creating a ConfigMap Using kubectl

                                  1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                  2. Create a file named cce-configmap.yaml and edit it.

                                    vi cce-configmap.yaml

                                    +

                                    Creating a ConfigMap Using kubectl

                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                    2. Create a file named cce-configmap.yaml and edit it.

                                      vi cce-configmap.yaml

                                      apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/docs/cce/umn/cce_10_0153.html b/docs/cce/umn/cce_10_0153.html
index e6a5e61d..60e817b1 100644
--- a/docs/cce/umn/cce_10_0153.html
+++ b/docs/cce/umn/cce_10_0153.html
@@ -3,7 +3,7 @@
 
                                      Creating a Secret
                                      
 
                                      Scenario
                                      A secret is a type of resource that holds sensitive data, such as authentication and key information. Its content is user-defined. After creating secrets, you can use them as files or environment variables in a containerized workload.
                                      
 
                                      
-
                                      Constraints
                                      Secrets cannot be used in static pods.
                                      
+
                                      Notes and Constraints
                                      Secrets cannot be used in static pods.
                                      
 
                                      
 
                                      Procedure
                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                      2. Choose ConfigMaps and Secrets in the navigation pane, click the Secrets tab, and click Create Secret in the upper right corner.
                                      3. Configure parameters.
                                        
 
                                        
@@ -67,7 +67,7 @@ data:
 kind: Secret
 metadata:
   name: mysecret           #Secret name
-  namespace: default       #Namespace. The default value is default.
+  namespace: default       #Namespace. The default value is default.
 data:
   .dockerconfigjson: eyJh*****    # Content encoded using Base64.
 type: kubernetes.io/dockerconfigjson
@@ -86,7 +86,7 @@ data:
 apiVersion: v1
 metadata:
   name: mysecret           #Secret name
-  namespace: default       #Namespace. The default value is default.
+  namespace: default       #Namespace. The default value is default.
 data:
   tls.crt: LS0tLS1CRU*****FURS0tLS0t  # Certificate content, which must be encoded using Base64.
   tls.key: LS0tLS1CRU*****VZLS0tLS0=  # Private key content, which must be encoded using Base64.
@@ -96,7 +96,7 @@ data:
 apiVersion: v1
 metadata:
   name: mysecret           #Secret name
-  namespace: default       #Namespace. The default value is default.
+  namespace: default       #Namespace. The default value is default.
 data:
   tls.crt: LS0tLS1CRU*****FURS0tLS0t  # Certificate content, which must be encoded using Base64.
   tls.key: LS0tLS1CRU*****VZLS0tLS0=  # Private key content, which must be encoded using Base64.
@@ -104,7 +104,7 @@ data:
 
-
                                        Creating a Secret Using kubectl
                                        1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                        2. Create and edit the Base64-encoded cce-secret.yaml file.
                                          # echo -n "content to be encoded" | base64
+
                                          Creating a Secret Using kubectl
                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                          2. Create and edit the Base64-encoded cce-secret.yaml file.
                                            # echo -n "content to be encoded" | base64
 ******
                                            
 
                                            vi cce-secret.yaml
                                            
 
                                            The following YAML file uses the Opaque type as an example. For details about other types, see Secret Resource File Configuration Example.
                                            
diff --git a/docs/cce/umn/cce_10_0154.html b/docs/cce/umn/cce_10_0154.html
index 57a6a2bb..e811513c 100644
--- a/docs/cce/umn/cce_10_0154.html
+++ b/docs/cce/umn/cce_10_0154.html
@@ -19,7 +19,7 @@
 
                                          
 
                                          3. 
 
                                        
-
                                        Constraints
                                        • Ensure that there are sufficient resources for installing the add-on.
                                        • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                        • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                          • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                          • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                          
+
                                          Notes and Constraints
                                          • Ensure that there are sufficient resources for installing the add-on.
                                          • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                          • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, a pod that uses the local PV will be evicted from the node. A new pod will be created, but it remains in a pending state because the label of the PVC bound to it conflicts with the node label.
                                          • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                            • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affect cluster scaling.
                                            • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                            
 
                                          
 
                                          
 
                                          Installing the Add-on
                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE Cluster Autoscaler on the right, and click Install.
                                          2. On the Install Add-on page, configure the specifications.
                                            
@@ -130,7 +130,7 @@
 
                                        
-
@@ -138,8 +138,6 @@
 
                                        Table 1 Parameters for creating a secret
                                        Parameter
                                        
@@ -36,7 +36,7 @@
 
                                        Secret Data
                                        
                                         		
 
                                        Workload secret data can be used in containers.
                                        
-
                                        • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                        • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password for logging in to the private image repository.
                                        • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                           NOTE: 
                                          • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                          • A certificate request is a request for a signature with a private key.
                                          
+
                                          • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                          • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password for logging in to the private image repository.
                                          • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                             NOTE: 
                                            • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                            • A certificate request is a request for a signature with a private key.
                                            
 
                                            
 
                                          
 
                                        		
 
 
                                        Maximum sum of CPU cores of all nodes in a cluster, within which cluster scale-out is performed.
                                        
                                         		
 
                                        Total Memory
                                        
+
                                        Total Memory (GiB)
                                        
                                         		
 
                                        Maximum sum of memory of all nodes in a cluster, within which cluster scale-out is performed.
                                        
                                         		
 
                                        
 
                                        
-
                                         
                                        When the total number of nodes, CPUs, or memory is counted, unavailable nodes and resources on them in the default node pool are not included.
                                        
-
                                        
 
                                      4. Configure scheduling policies for the add-on.
                                         
                                        • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                        • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                        
 
                                        
 
@@ -164,7 +162,7 @@

                                  Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                  The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                                  -

                                  For details, see Taints and Tolerations.

                                  +

                                  For details, see Configuring Tolerance Policies.
                                  + + + + + + + + + + + + + + + + +
                                  Table 6 Updates of the add-on adapted to clusters 1.29

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.29.17

                                  +

                                  v1.29

                                  +

                                  Optimized events.

                                  +

                                  1.29.1

                                  +

                                  1.29.13

                                  +

                                  v1.29

                                  +

                                  Clusters 1.29 are supported.

                                  +

                                  1.29.1

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 7 Updates of the add-on adapted to clusters 1.28

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.28.55

                                  +

                                  v1.28

                                  +

                                  Optimized events.

                                  +

                                  1.28.1

                                  +

                                  1.28.22

                                  +

                                  v1.28

                                  +

                                  Fixed some issues.

                                  +

                                  1.28.1

                                  +

                                  1.28.20

                                  +

                                  v1.28

                                  +

                                  Fixed some issues.

                                  +

                                  1.28.1

                                  +

                                  1.28.17

                                  +

                                  v1.28

                                  +

                                  Fixed the issue that scale-in cannot be performed when there are custom pod controllers in a cluster.

                                  +

                                  1.28.1

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 8 Updates of the add-on adapted to clusters 1.27

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.27.55

                                  +

                                  v1.27

                                  +

                                  Fixed some issues.

                                  +

                                  1.27.1

                                  +

                                  1.27.53

                                  +

                                  v1.27

                                  +

                                  Fixed some issues.

                                  +

                                  1.27.1

                                  +

                                  1.27.51

                                  +

                                  v1.27

                                  +

                                  Fixed some issues.

                                  +

                                  1.27.1

                                  +

                                  1.27.14

                                  +

                                  v1.27

                                  +

                                  Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                  +

                                  1.27.1

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 9 Updates of the add-on adapted to clusters 1.25

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.25.88

                                  +

                                  v1.25

                                  +

                                  Fixed some issues.

                                  +

                                  1.25.0

                                  +

                                  1.25.86

                                  +

                                  v1.25

                                  +

                                  Fixed some issues.

                                  +

                                  1.25.0

                                  +

                                  1.25.84

                                  +

                                  v1.25

                                  +

                                  Fixed some issues.

                                  +

                                  1.25.0

                                  +

                                  1.25.46

                                  +

                                  v1.25

                                  +

                                  Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                  +

                                  1.25.0

                                  +

                                  1.25.21

                                  +

                                  v1.25

                                  +
                                  • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                  • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                  • The default taint tolerance duration is changed to 60s.
                                  • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                  +

                                  1.25.0

                                  +

                                  1.25.7

                                  +

                                  v1.25

                                  +
                                  • CCE clusters 1.25 are supported.
                                  • Modified the memory request and limit of a customized flavor.
                                  • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                  +

                                  1.25.0

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 10 Updates of the add-on adapted to clusters 1.23

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.23.95

                                  +

                                  v1.23

                                  +

                                  Fixed some issues.

                                  +

                                  1.23.0

                                  +

                                  1.23.93

                                  +

                                  v1.23

                                  +

                                  Fixed some issues.

                                  +

                                  1.23.0

                                  +

                                  1.23.91

                                  +

                                  v1.23

                                  +

                                  Fixed some issues.

                                  +

                                  1.23.0

                                  +

                                  1.23.54

                                  +

                                  v1.23

                                  +

                                  Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                  +

                                  1.23.0

                                  +

                                  1.23.31

                                  +

                                  v1.23

                                  +
                                  • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                  • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                  • The default taint tolerance duration is changed to 60s.
                                  • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                  +

                                  1.23.0

                                  +

                                  1.23.17

                                  +

                                  v1.23

                                  +
                                  • Supported node scaling policies without a step.
                                  • Fixed a bug so that deleted node pools are automatically removed.
                                  • Supported scheduling by priority.
                                  • Supported the emptyDir scheduling policy.
                                  • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                  • Modified the memory request and limit of a customized flavor.
                                  • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                  +

                                  1.23.0

                                  +

                                  1.23.10

                                  +

                                  v1.23

                                  +
                                  • Optimized logging.
                                  • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                  +

                                  1.23.0

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 11 Updates of the add-on adapted to clusters 1.21

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.21.89

                                  +

                                  v1.21

                                  +

                                  Fixed some issues.

                                  +

                                  1.21.0

                                  +

                                  1.21.87

                                  +

                                  v1.21

                                  +

                                  Fixed some issues.

                                  +

                                  1.21.0

                                  +

                                  1.21.86

                                  +

                                  v1.21

                                  +

                                  Fixed the issue that the node pool auto scaling cannot meet expectations after AZ topology constraints are configured for nodes.

                                  +

                                  1.21.0

                                  +

                                  1.21.51

                                  +

                                  v1.21

                                  +

                                  Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                  +

                                  1.21.0

                                  +

                                  1.21.29

                                  +

                                  v1.21

                                  +
                                  • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                  • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                  • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                  • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                  • The default taint tolerance duration is changed to 60s.
                                  • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                  +

                                  1.21.0

                                  +

                                  1.21.16

                                  +

                                  v1.21

                                  +
                                  • Supported node scaling policies without a step.
                                  • Fixed a bug so that deleted node pools are automatically removed.
                                  • Supported scheduling by priority.
                                  • Supported the emptyDir scheduling policy.
                                  • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                  • Modified the memory request and limit of a customized flavor.
                                  • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                  +

                                  1.21.0

                                  +

                                  1.21.9

                                  +

                                  v1.21

                                  +
                                  • Optimized logging.
                                  • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                  +

                                  1.21.0

                                  +

                                  1.21.1

                                  +

                                  v1.21

                                  +

                                  Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                  +

                                  1.21.0

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 12 Updates of the add-on adapted to clusters 1.19

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.19.76

                                  +

                                  v1.19

                                  +
                                  • Optimized the method of identifying GPUs and NPUs.
                                  • Used the remaining node quota of a cluster for the extra nodes that are beyond the cluster scale.
                                  +

                                  1.19.0

                                  +

                                  1.19.56

                                  +

                                  v1.19

                                  +

                                  Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.

                                  +

                                  1.19.0

                                  +

                                  1.19.35

                                  +

                                  v1.19

                                  +
                                  • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                  • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                  • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                  • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                  • The default taint tolerance duration is changed to 60s.
                                  • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                  +

                                  1.19.0

                                  +

                                  1.19.22

                                  +

                                  v1.19

                                  +
                                  • Supported node scaling policies without a step.
                                  • Fixed a bug so that deleted node pools are automatically removed.
                                  • Supported scheduling by priority.
                                  • Supported the emptyDir scheduling policy.
                                  • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                  • Modified the memory request and limit of a customized flavor.
                                  • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                  +

                                  1.19.0

                                  +

                                  1.19.14

                                  +

                                  v1.19

                                  +
                                  • Optimized logging.
                                  • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                  +

                                  1.19.0

                                  +

                                  1.19.11

                                  +

                                  v1.19

                                  +

                                  Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.

                                  +

                                  1.19.0

                                  +

                                  1.19.8

                                  +

                                  v1.19

                                  +

                                  Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                  +

                                  1.19.0

                                  +

                                  1.19.7

                                  +

                                  v1.19

                                  +

                                  Regular upgrade of add-on dependencies

                                  +

                                  1.19.0

                                  +
                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 13 Updates of the add-on adapted to clusters 1.17

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  Community Version

                                  +

                                  1.17.27

                                  +

                                  v1.17

                                  +
                                  • Optimized logging.
                                  • Fixed a bug so that deleted node pools are automatically removed.
                                  • Supported scheduling by priority.
                                  • Fixed the issue that taints on newly added nodes are overwritten.
                                  • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                  • Modified the memory request and limit of a customized flavor.
                                  • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                  +

                                  1.17.0

                                  +

                                  1.17.22

                                  +

                                  v1.17

                                  +

                                  Optimized logging.

                                  +

                                  1.17.0

                                  +

                                  1.17.19

                                  +

                                  v1.17

                                  +

                                  Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.

                                  +

                                  1.17.0

                                  +

                                  1.17.16

                                  +

                                  v1.17

                                  +

                                  Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.

                                  +

                                  1.17.0

                                  +

                                  1.17.15

                                  +

                                  v1.17

                                  +

                                  Unified resource specification configuration unit.

                                  +

                                  1.17.0

                                  +

                                  1.17.2

                                  +

                                  v1.17

                                  +

                                  Clusters 1.17 are supported.

                                  +

                                  1.17.0

                                  +
                                  +
                                  +
                                -
                                Parent topic: Add-ons
                                +
                                Parent topic: Scheduling and Elasticity Add-ons
                                diff --git a/docs/cce/umn/cce_10_0163.html b/docs/cce/umn/cce_10_0163.html index 1a1d92ef..843ab2b5 100644 --- a/docs/cce/umn/cce_10_0163.html +++ b/docs/cce/umn/cce_10_0163.html @@ -10,7 +10,7 @@

                                When creating a workload, you are advised to set the upper and lower limits of CPU and memory resources. If the upper and lower resource limits are not set for a workload, a resource leak of this workload will make resources unavailable for other workloads deployed on the same node. In addition, workloads that do not have upper and lower resource limits cannot be accurately monitored.

                                -

                                Configuration Description

                                In real-world scenarios, the recommended ratio of Request to Limit is about 1:1.5. For some sensitive services, the recommended ratio is 1:1. If the Request is too small and the Limit is too large, node resources are oversubscribed. During service peaks, the memory or CPU of a node may be used up. As a result, the node is unavailable.

                                +

                                Configuration

                                In real-world scenarios, the recommended ratio of Request to Limit is about 1:1.5. For some sensitive services, the recommended ratio is 1:1. If the Request is too small and the Limit is too large, node resources are oversubscribed. During service peaks, the memory or CPU of a node may be used up. As a result, the node is unavailable.

                                • CPU quota: The unit of CPU resources is core, which can be expressed by quantity or an integer suffixed with the unit (m). For example, 0.1 core in the quantity expression is equivalent to 100m in the expression. However, Kubernetes does not allow CPU resources whose precision is less than 1m.
                                  @@ -55,7 +55,7 @@
                                  Table 1 CPU quotas

                                  Parameter

                                  Recommended configuration

                                  -

                                  Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (Resource Management > Nodes > Allocatable).

                                  +

                                  Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (Resource Management > Nodes > Allocatable).

                                The allocatable resources are calculated based on the resource request value (Request), which indicates the upper limit of resources that can be requested by pods on this node, but does not indicate the actual available resources of the node (for details, see Example of CPU and Memory Quota Usage). The calculation formula is as follows:

                                • Allocatable CPU = Total CPU – Requested CPU of all pods – Reserved CPU for other resources
                                • Allocatable memory = Total memory – Requested memory of all pods – Reserved memory for other resources
                                @@ -105,7 +105,7 @@

                                In this case, the remaining 1 core 5 GiB can be used by the next new pod.

                                If pod 1 is under heavy load during peak hours, it will use more CPUs and memory within the limit. Therefore, the actual allocatable resources are fewer than 1 core 5 GiB.

                                -

                                Quotas of Other Resources

                                Typically, nodes support local ephemeral storage, which is provided by locally mounted writable devices or RAM. Ephemeral storage does not ensure long-term data availability. Pods can use local ephemeral storage to buffer data and store logs, or mount emptyDir storage volumes to containers. For details, see Local ephemeral storage.

                                +

                                Quotas of Other Resources

                                Typically, nodes support local ephemeral storage, which is provided by locally mounted writable devices or RAM. EV does not ensure long-term data availability. Pods can use local EVs to buffer data and store logs, or mount emptyDir volumes to containers. For details, see Local ephemeral storage.

                                Kubernetes allows you to specify the requested value and limit value of ephemeral storage in container configurations to manage the local ephemeral storage. The following attributes can be configured for each container in a pod:

                                • spec.containers[].resources.limits.ephemeral-storage
                                • spec.containers[].resources.requests.ephemeral-storage
                                @@ -144,7 +144,7 @@ spec:
                                -
                                Parent topic: Configuring a Container
                                +
                                Parent topic: Configuring a Workload
                                diff --git a/docs/cce/umn/cce_10_0164.html b/docs/cce/umn/cce_10_0164.html index 80831242..07de0fd6 100644 --- a/docs/cce/umn/cce_10_0164.html +++ b/docs/cce/umn/cce_10_0164.html @@ -14,8 +14,6 @@
                              • Permission Dependency of the CCE Console
                                • -
                              • Pod Security
                                -
                              • Service Account Token Security Improvement
                                • diff --git a/docs/cce/umn/cce_10_0175.html b/docs/cce/umn/cce_10_0175.html index 36228a12..fbf9480f 100644 --- a/docs/cce/umn/cce_10_0175.html +++ b/docs/cce/umn/cce_10_0175.html @@ -1,14 +1,14 @@ -

                                Connecting to a Cluster Using an X.509 Certificate

                                -

                                Scenario

                                This section describes how to obtain the cluster certificate from the console and use it access Kubernetes clusters.

                                +

                                Accessing a Cluster Using an X.509 Certificate

                                +

                                Scenario

                                This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.

                                -

                                Procedure

                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.

                                  Figure 1 Downloading a certificate
                                  +

                                  Procedure

                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                  2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                  3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.

                                    Figure 1 Downloading a certificate
                                    • The downloaded certificate contains three files: client.key, client.crt, and ca.crt. Keep these files secure.
                                    • Certificates are not required for mutual access between containers in a cluster.
                                    -

                                  4. Call native Kubernetes APIs using the cluster certificate.

                                    For example, run the curl command to call an API to view the pod information. In the following information, 192.168.0.18:5443 indicates the IP address of the API server in the cluster.

                                    +

                                  5. Call native Kubernetes APIs using the cluster certificate.

                                    For example, run the curl command to call an API to obtain the pod information. In the following information, 192.168.0.18:5443 indicates the private IP address or EIP and port number of the API server in the cluster.

                                    curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://192.168.0.18:5443/api/v1/namespaces/default/pods/
                                    -

                                    For more cluster APIs, see Kubernetes APIs.

                                    +

                                    For more cluster APIs, see Kubernetes API.

                                diff --git a/docs/cce/umn/cce_10_0178.html b/docs/cce/umn/cce_10_0178.html index aead90ab..9643e14f 100644 --- a/docs/cce/umn/cce_10_0178.html +++ b/docs/cce/umn/cce_10_0178.html @@ -5,7 +5,7 @@

                                To ensure node stability, a certain number of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications.

                                CCE calculates the resources that can be allocated to user nodes as follows:

                                Allocatable resources = Total amount - Reserved amount - Eviction threshold

                                -

                                The memory eviction threshold is fixed at 100 MB.

                                +

                                The memory eviction threshold is fixed at 100 MiB.

                                Total amount indicates the available memory of the ECS, excluding the memory used by system components. Therefore, the total amount is slightly less than the memory of the node flavor.

                                When the memory consumed by all pods on a node increases, the following behaviors may occur:

                                @@ -21,24 +21,24 @@

                                TM ≤ 8 GB

                                +

                                TM ≤ 8 GiB

                                0 MB

                                +

                                0 MiB

                                8 GB < TM ≤ 16 GB

                                +

                                8 GiB < TM ≤ 16 GiB

                                [(TM – 8 GB) x 1024 x 10%] MB

                                +

                                [(TM – 8 GiB) x 1024 x 10%] MiB

                                16 GB < TM ≤ 128 GB

                                +

                                16 GiB < TM ≤ 128 GiB

                                [8 GB x 1024 x 10% + (TM – 16 GB) x 1024 x 6%] MB

                                +

                                [8 GiB x 1024 x 10% + (TM – 16 GiB) x 1024 x 6%] MiB

                                TM > 128 GB

                                +

                                TM > 128 GiB

                                (8 GB x 1024 x 10% + 112 GB x 1024 x 6% + (TM – 128 GB) x 1024 x 2%) MB

                                +

                                (8 GiB x 1024 x 10% + 112 GiB x 1024 x 6% + (TM – 128 GiB) x 1024 x 2%) MiB

                                TM ≤ 2 GB

                                +

                                TM ≤ 2 GiB

                                None

                                TM x 25%

                                TM > 2 GB

                                +

                                TM > 2 GiB

                                0 < Max. pods on a node ≤ 16

                                700 MB

                                +

                                700 MiB

                                16 < Max. pods on a node ≤ 32

                                [700 + (Max. pods on a node – 16) x 18.75] MB

                                +

                                [700 + (Max. pods on a node – 16) x 18.75] MiB

                                32 < Max. pods on a node ≤ 64

                                [1024 + (Max. pods on a node – 32) x 6.25] MB

                                +

                                [1024 + (Max. pods on a node – 32) x 6.25] MiB

                                64 < Max. pods on a node ≤ 128

                                [1230 + (Max. pods on a node – 64) x 7.80] MB

                                +

                                [1230 + (Max. pods on a node – 64) x 7.80] MiB

                                Max. pods on a node > 128

                                [1740 + (Max. pods on a node – 128) x 11.20] MB

                                +

                                [1740 + (Max. pods on a node – 128) x 11.20] MiB

                                Basic/Floating

                                Reservation

                                +

                                Reservation

                                Used by

                                +

                                Used by

                                Basic

                                400 MB (fixed)

                                +

                                Fixed at 400 MiB

                                OS service components such as sshd and systemd-journald.

                                +

                                OS service components such as sshd and systemd-journald.

                                Floating (depending on the node memory)

                                25 MB/GB

                                +

                                25MiB/GiB

                                Kernel

                                Basic

                                500 MB (fixed)

                                +

                                Fixed at 500 MiB

                                Container engine components, such as kubelet and kube-proxy, when the node is unloaded

                                +

                                Container engine components, such as kubelet and kube-proxy, when the node is unloaded

                                Floating (depending on the number of pods on the node)

                                Docker: 20 MB/pod

                                -

                                containerd: 5 MB/pod

                                +

                                Docker: 20 MiB/Pod

                                +

                                containerd: 5 MiB/Pod

                                Container engine components when the number of pods increases

                                NOTE:

                                When the v2 model reserves memory for a node by default, the default maximum number of pods is estimated based on the memory. For details, see Table 1.

                                diff --git a/docs/cce/umn/cce_10_0183.html b/docs/cce/umn/cce_10_0183.html index 14ebd694..a421e86d 100644 --- a/docs/cce/umn/cce_10_0183.html +++ b/docs/cce/umn/cce_10_0183.html @@ -6,9 +6,9 @@
                                • Node Overview
                                  • -
                                • Container Engine
                                  +
                                • Container Engines
                                  • -
                                • Node OS
                                  +
                                • Node OSs
                                • Creating a Node
                                  • diff --git a/docs/cce/umn/cce_10_0184.html b/docs/cce/umn/cce_10_0184.html index 10229ae9..daaf7c59 100644 --- a/docs/cce/umn/cce_10_0184.html +++ b/docs/cce/umn/cce_10_0184.html @@ -4,9 +4,9 @@

                                  Scenario

                                  Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifying node specifications will affect services. Perform the operation on nodes one by one.

                                  Some information of CCE nodes is maintained independently from the ECS console. After you change the name, EIP, or specifications of an ECS on the ECS console, synchronize the ECS with the target node on the CCE console. After the synchronization, information on both consoles is consistent.

                                  -

                                  Constraints

                                  • Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.
                                  • Data, such as the OS and image ID, cannot be synchronized. (Such parameters cannot be modified on the ECS console.)
                                  +

                                  Notes and Constraints

                                  • Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.
                                  • Data, such as the OS and image ID, cannot be synchronized. (Such parameters cannot be modified on the ECS console.)
                                  -

                                  Synchronizing the Data of a Cloud Server

                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                  2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                  3. Locate the target node and choose More > Sync Server Data in the Operation column.

                                    Figure 1 Synchronizing server data
                                    +

                                    Synchronizing the Data of a Cloud Server

                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                    2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                    3. Locate the target node and choose More > Sync Server Data in the Operation column.

                                      Figure 1 Synchronizing server data

                                      After the synchronization is complete, the ECS data synchronization requested message is displayed in the upper right corner.

                                    diff --git a/docs/cce/umn/cce_10_0185.html b/docs/cce/umn/cce_10_0185.html index 0a671fa8..794cf3c9 100644 --- a/docs/cce/umn/cce_10_0185.html +++ b/docs/cce/umn/cce_10_0185.html @@ -1,7 +1,7 @@

                                    Logging In to a Node

                                    -

                                    Constraints

                                    • If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).
                                    • Only login to a running ECS is allowed.
                                    • Only the user linux can log in to a Linux server.
                                    +

                                    Notes and Constraints

                                    • If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).
                                    • Only login to a running ECS is allowed.
                                    • Only the user linux can log in to a Linux server.

                                    Login Modes

                                    You can log in to an ECS in either of the following modes:

                                    • Management console (VNC)

                                      If an ECS has no EIP, log in to the ECS console and click Remote Login in the same row as the ECS.

                                      diff --git a/docs/cce/umn/cce_10_0186.html b/docs/cce/umn/cce_10_0186.html index 8f6f6e9a..b1883697 100644 --- a/docs/cce/umn/cce_10_0186.html +++ b/docs/cce/umn/cce_10_0186.html @@ -1,13 +1,13 @@

                                      Deleting a Node

                                      -

                                      Scenario

                                      When a node in a CCE cluster is deleted, services running on the node will also be deleted. Exercise caution when performing this operation.

                                      +

                                      Scenario

                                      You can delete a pay-per-use node that is not needed from the node list.

                                      +

                                      Deleting or unsubscribing from a node in a CCE cluster will release the node and services running on the node. Drain the node and back up data before the deletion or unsubscription to prevent services running on the node from being affected.

                                      -

                                      Constraints

                                      • VM nodes that are being used by CCE do not support deletion on the ECS page.
                                      • Deleting a node will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                      +

                                      Precautions

                                      • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours. It is a good practice to drain the node before deletion. For details, see Draining a Node.
                                      • Unexpected risks may occur during the operation. Back up data beforehand.
                                      +
                                      • Deleting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                      -

                                      Precautions

                                      • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                                      • Unexpected risks may occur during the operation. Back up related data in advance.
                                      • While the node is being deleted, the backend will set the node to the unschedulable state.
                                      • Only worker nodes can be deleted.
                                      -
                                      -

                                      Procedure

                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                      2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                      3. Locate the target node and choose More > Delete in the Operation column.
                                      4. In the Delete Node dialog box, enter DELETE and click Yes.

                                        • After the node is deleted, workload pods on the node are automatically migrated to other available nodes.
                                        • If the disks and EIPs bound to the node are important resources, unbind them first. Otherwise, they will be deleted with the node.
                                        +

                                        Deleting a Node

                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                        3. Locate the target node and choose More > Delete in the Operation column.
                                        4. In the Delete Node dialog box, enter DELETE and click Yes.

                                          • After the node is deleted, workload pods on the node are automatically migrated to other available nodes.
                                          • If the disks and EIPs bound to the node are important resources, unbind them first. Otherwise, they will be deleted with the node.

                                        diff --git a/docs/cce/umn/cce_10_0187.html b/docs/cce/umn/cce_10_0187.html index eec797e3..2e990cdf 100644 --- a/docs/cce/umn/cce_10_0187.html +++ b/docs/cce/umn/cce_10_0187.html @@ -9,7 +9,7 @@

                                    In general, you configure CCE permissions in two scenarios. The first is creating and managing clusters and related resources, such as nodes. The second is creating and using Kubernetes resources in the cluster, such as workloads and Services.

                                    -
                                    Figure 1 Illustration on CCE permissions
                                    +
                                    Figure 1 Illustration on CCE permissions

                                    These permissions allow you to manage resource users at a finer granularity.

                                    Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)

                                    Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.

                                    diff --git a/docs/cce/umn/cce_10_0188.html b/docs/cce/umn/cce_10_0188.html index 953a7c42..2b215fa5 100644 --- a/docs/cce/umn/cce_10_0188.html +++ b/docs/cce/umn/cce_10_0188.html @@ -2,13 +2,13 @@

                                    Granting Cluster Permissions to an IAM User

                                    CCE cluster-level permissions are assigned based on IAM system policies and custom policies. You can use user groups to assign permissions to IAM users.

                                    -
                                    • Cluster permissions are granted for users to operate cluster-related resources only (such as clusters and nodes). To operate Kubernetes resources like workloads and Services, you must be granted the namespace permissions at the same time.
                                    • When viewing a cluster on the CCE console, the information displayed depends on the namespace permissions. If you have no namespace permissions, you cannot view the resources in the cluster. For details, see Permission Dependency of the CCE Console.
                                    +
                                    • Cluster permissions are granted to users for operating cluster-related resources only (such as clusters and nodes). To operate Kubernetes resources like workloads and Services, you must be granted the namespace permissions at the same time.
                                    • When viewing a cluster on the CCE console, the information displayed depends on the namespace permissions. If you have no namespace permissions, you cannot view the resources in the cluster. For details, see Permission Dependency of the CCE Console.

                                    Prerequisites

                                    • A user with the Security Administrator role (for example, your account) has all IAM permissions except role switching. Only these users can view user groups and their permissions on the Permissions page on the CCE console.

                                    Configuration

                                    On the CCE console, when you choose Permissions > Cluster-Level Permissions to create a user group, you will be directed to the IAM console to complete the process. After the user group is created and its permissions are configured, you can view the information on the Cluster-Level Permissions tab page. This section describes the operations in IAM.

                                    -

                                    Process Flow

                                    Figure 1 Process of assigning CCE permissions
                                    +

                                    Process Flow

                                    Figure 1 Process of assigning CCE permissions

                                    1. Create a user group and assign permissions to it.

                                      Create a user group on the IAM console, and assign CCE permissions, for example, the CCE ReadOnlyAccess policy to the group.

                                      CCE is deployed by region. On the IAM console, select Region-specific projects when assigning CCE permissions.

                                      @@ -43,7 +43,7 @@ } ] } -
                                    2. Example 2: Denying node deletion

                                      A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

                                      +
                                    3. Example 2: Denying node deletion

                                      A policy with only "Deny" permissions must be used with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.

                                      The following method can be used if you need to assign permissions of the CCEFullAccess policy to a user but you want to prevent the user from deleting nodes (cce:node:delete). Create a custom policy for denying node deletion, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on CCE except deleting nodes. The following is an example of a deny policy:

                                      {
     "Version": "1.1",
@@ -73,16 +73,16 @@
     ]
 }
                                -

                                CCE Cluster Permissions and IAM RBAC

                                CCE is compatible with IAM system roles for permissions management. You are advised to use fine-grained policies provided by IAM to simplify permissions management.

                                +

                                CCE Cluster Permissions and IAM RBAC

                                CCE is compatible with IAM system roles for permissions management. Use fine-grained policies provided by IAM to simplify permissions management.

                                CCE supports the following roles:

                                • Basic IAM roles:
                                  • te_admin (Tenant Administrator): Users with this role can call all APIs of all services except IAM.
                                  • readonly (Tenant Guest): Users with this role can call APIs with the read-only permissions of all services except IAM.
                                • Custom CCE administrator role: CCE Administrator

                                If a user has the Tenant Administrator or CCE Administrator system role, the user has the cluster-admin permissions in Kubernetes RBAC and the permissions cannot be removed after the cluster is created.

                                -
                                If the user is the cluster creator, the cluster-admin permissions in Kubernetes RBAC are granted to the user by default. The permissions can be manually removed after the cluster is created.
                                • Method 1: Choose Permissions Management > Namespace-Level Permissions > Delete at the same role as cluster-creator on the CCE console.
                                • Method 2: Delete ClusterRoleBinding: cluster-creator through the API or kubectl.
                                +
                                If the user is the cluster creator, the cluster-admin permissions in Kubernetes RBAC are granted to the user by default. The permissions can be manually removed after the cluster is created.
                                • Method 1: Choose Permissions Management > Namespace-Level Permissions > Delete in the same role as cluster-creator on the CCE console.
                                • Method 2: Delete ClusterRoleBinding: cluster-creator through the API or kubectl.
                                -

                                When RBAC and IAM policies co-exist, the backend authentication logic for open APIs or console operations on CCE is as follows:

                                -

                                +

                                When RBAC and IAM policies co-exist, the backend authentication logic for open APIs or console operations on CCE is as follows.

                                +

                                diff --git a/docs/cce/umn/cce_10_0189.html b/docs/cce/umn/cce_10_0189.html index 4534e03e..2fa073f7 100644 --- a/docs/cce/umn/cce_10_0189.html +++ b/docs/cce/umn/cce_10_0189.html @@ -4,7 +4,7 @@

                                Namespace Permissions (Kubernetes RBAC-based)

                                You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. The RBAC API declares four kinds of Kubernetes objects: Role, ClusterRole, RoleBinding, and ClusterRoleBinding, which are described as follows:

                                • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                • RoleBinding: defines the relationship between users and roles.
                                • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                • ClusterRoleBinding: defines the relationship between users and cluster roles.

                                Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. Illustration:

                                -
                                Figure 1 Role binding
                                +
                                Figure 1 Role binding
                                On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                • view (read-only): read-only permission on most resources in all or selected namespaces.
                                • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                • drainage-editor: drain a node.
                                • drainage-viewer: view the nodal drainage status but cannot drain a node.

                                In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant the permissions to add, delete, modify, and obtain global resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) in namespaces for refined permission control.

                                @@ -145,7 +145,7 @@ csi-nas everest-csi-provisioner Delete Immediate csi-obs everest-csi-provisioner Delete Immediate false 75d

                                Example: Assigning Namespace O&M Permissions (admin)

                                The admin role has the read and write permissions on most namespace resources. You can grant the admin permission on all namespaces to a user or user group.

                                -

                                In the following example kubectl output, a RoleBinding has been created and binds the admin role to the user group cce-role-group.

                                +

                                In the following example kubectl output, a RoleBinding has been created and the admin role is bound to the user group cce-role-group.

                                # kubectl get rolebinding
 NAME                                                      ROLE                AGE
 clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/admin   18s
diff --git a/docs/cce/umn/cce_10_0191.html b/docs/cce/umn/cce_10_0191.html
index 9b6c0584..ae30fb9b 100644
--- a/docs/cce/umn/cce_10_0191.html
+++ b/docs/cce/umn/cce_10_0191.html
@@ -2,11 +2,11 @@
 
 
                                Overview
                                
 
                                CCE provides a console for managing Helm charts, helping you easily deploy applications using the charts and manage applications on the console. 
                                
-
                                Helm
                                Helm is a package manager for Kubernetes and manages charts. A Helm chart is a series of YAML files used to encapsulate native Kubernetes applications. When deploying an application, you can customize some metadata of the application for easy application distribution. Application releasers can use Helm to package applications, manage application dependencies and application versions, and release applications to the software repository. After using Helm, users do not need to compile complex application deployment files. They can easily search for, install, upgrade, roll back, and uninstall applications on Kubernetes.
                                
+
                                Helm
                                Helm is a package manager for Kubernetes and manages charts. A Helm chart is a series of YAML files used to encapsulate native Kubernetes applications. When deploying an application, you can customize some metadata of the application for easy application distribution. Application releasors can use Helm to package applications, manage application dependencies and application versions, and release applications to the software repository. After using Helm, users do not need to compile complex application deployment files. They can easily search for, install, upgrade, roll back, and uninstall applications on Kubernetes.
                                
 
                                The relationship between Helm and Kubernetes is as follows:
                                
 
                                • Helm <–> Kubernetes
                                • Apt <–> Ubuntu
                                • Yum <–> CentOS
                                • Pip <–> Python
                                
 
                                The following figure shows the solution architecture:
                                
-
                                
+
                                
 
                                Helm can help application orchestration for Kubernetes:
                                
 
                                • Manages, edits, and updates a large number of Kubernetes configuration files.
                                • Deploys a complex Kubernetes application that contains a large number of configuration files.
                                • Shares and reuses Kubernetes configurations and applications.
                                • Supports multiple environments with parameter-based configuration templates.
                                • Manages the release of applications, including rolling back the application, finding differences (using the diff command), and viewing the release history.
                                • Controls phases in a deployment cycle.
                                • Tests and verifies the released version.
                                
 
                                
diff --git a/docs/cce/umn/cce_10_0193.html b/docs/cce/umn/cce_10_0193.html
index 8dce80b2..4e30661a 100644
--- a/docs/cce/umn/cce_10_0193.html
+++ b/docs/cce/umn/cce_10_0193.html
@@ -11,7 +11,7 @@

                                Installing the Add-on

                                1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, and click Install.
                                2. On the Install Add-on page, configure the specifications.

                                  -

                                  Table 1 Volcano configuration

                                  Parameter

                                  +
                                  @@ -26,6 +26,7 @@
                                  Table 1 Add-on configuration

                                  Parameter

                                  Description

                                  Number of pods that will be created to match the selected add-on specifications.

                                  If you select Custom, you can adjust the number of pods as required.

                                  +

                                  High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                  Containers

                                  @@ -148,7 +149,8 @@
                                  -

                                3. Configure the add-on parameters.

                                  Configure parameters of the default Volcano scheduler. For details, see Table 4.
                                  colocation_enable: ''
+
                                4. Configure the add-on parameters.

                                  • Application Scaling Priority Policy: After this function is enabled, application scale-in is performed based on the default priority policy and customized policies. If application scale-out is required, you need to set the default scheduler of the cluster to volcano.
                                  • Advanced Settings: You can configure the default scheduler parameters. For details, see Table 4.
                                  +
                                  Example:
                                  colocation_enable: ''
 default_scheduler_conf:
   actions: 'allocate, backfill, preempt'
   tiers:
@@ -185,65 +187,65 @@ tolerations:
     operator: Exists
     tolerationSeconds: 60
                                  -
                                  Table 3 Advanced Volcano configuration parameters

                                  Plugin

                                  +
                                  - - - - - - - - - - - - - - - - - - - - - - -
                                  Table 3 Advanced Volcano configuration parameters

                                  Plugin

                                  Function

                                  +

                                  Function

                                  Description

                                  +

                                  Description

                                  Demonstration

                                  +

                                  Demonstration

                                  colocation_enable

                                  +

                                  colocation_enable

                                  Whether to enable hybrid deployment.

                                  +

                                  Whether to enable hybrid deployment.

                                  Value:

                                  +

                                  Value:

                                  • true: hybrid enabled
                                  • false: hybrid disabled

                                  None

                                  +

                                  None

                                  default_scheduler_conf

                                  +

                                  default_scheduler_conf

                                  Used to schedule pods. It consists of a series of actions and plugins and features high scalability. You can specify and implement actions and plugins based on your requirements.

                                  +

                                  Used to schedule pods. It consists of a series of actions and plugins and features high scalability. You can specify and implement actions and plugins based on your requirements.

                                  It consists of actions and tiers.

                                  +

                                  It consists of actions and tiers.

                                  • actions: defines the types and sequence of actions to be executed by the scheduler.
                                  • tiers: configures the plugin list.

                                  None

                                  +

                                  None

                                  actions

                                  +

                                  actions

                                  Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.

                                  +

                                  Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.

                                  The scheduler traverses all jobs to be scheduled and performs actions such as enqueue, allocate, preempt, and backfill in the configured sequence to find the most appropriate node for each job.

                                  The following options are supported:

                                  +

                                  The following options are supported:

                                  • enqueue: uses a series of filtering algorithms to filter out tasks to be scheduled and sends them to the queue to wait for scheduling. After this action, the task status changes from pending to inqueue.
                                  • allocate: selects the most suitable node based on a series of pre-selection and selection algorithms.
                                  • preempt: performs preemption scheduling for tasks with higher priorities in the same queue based on priority rules.
                                  • backfill: schedules pending tasks as much as possible to maximize the utilization of node resources.
                                  actions: 'allocate, backfill, preempt'
                                  +
                                  actions: 'allocate, backfill, preempt'
                                  NOTE:

                                  When configuring actions, use either preempt or enqueue.

                                  plugins

                                  +

                                  plugins

                                  Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.

                                  +

                                  Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.

                                  For details, see Table 4.

                                  +

                                  For details, see Table 4.

                                  None

                                  +

                                  None

                                  tolerations

                                  +

                                  tolerations

                                  Tolerance of the add-on to node taints.

                                  +

                                  Tolerance of the add-on to node taints.

                                  By default, the add-on can run on nodes with the node.kubernetes.io/not-ready or node.kubernetes.io/unreachable taint and the taint effect value is NoExecute, but it'll be evicted in 60 seconds.

                                  +

                                  By default, the add-on can run on nodes with the node.kubernetes.io/not-ready or node.kubernetes.io/unreachable taint and the taint effect value is NoExecute, but it'll be evicted in 60 seconds.

                                  tolerations:
+
                                  tolerations:
   - effect: NoExecute
     key: node.kubernetes.io/not-ready
     operator: Exists
@@ -258,24 +260,24 @@ tolerations:
                                  -
                                  - - @@ -98,7 +103,7 @@ - @@ -111,7 +116,7 @@
                                  Table 4 Supported plugins

                                  Plugin

                                  +
                                  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -619,8 +621,7 @@ tolerations:

                                  Only Volcano of v1.7.1 and later support this function. On the new add-on page, options such as resource_exporter_enable are replaced by default_scheduler_conf.

                                  Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane. On the right of the page, locate Volcano Scheduler and click Install or Upgrade. In the Parameters area, configure the Volcano parameters.

                                  -
                                  • Using resource_exporter:
                                    {
-    "ca_cert": "",
+
                                    • Using resource_exporter:
                                      ...
     "default_scheduler_conf": {
         "actions": "allocate, backfill, preempt",
         "tiers": [
@@ -684,9 +685,7 @@ tolerations:
             }
         ]
     },
-    "server_cert": "",
-    "server_key": ""
-}
                                      
+...

                                    After this function is enabled, you can use the functions of both numa-aware and resource_exporter.

                                  @@ -721,8 +720,7 @@ data: - name: nodeCSIscheduling - name: networkresource -

                                5. Enter the customized content in the Parameters area on the console.

                                  {
-    "ca_cert": "",
+
                                6. Enter the customized content in the Parameters area on the console.

                                  ...
     "default_scheduler_conf": {
         "actions": "enqueue, allocate, backfill",
         "tiers": [
@@ -792,9 +790,7 @@ data:
             }
         ]
     },
-    "server_cert": "",
-    "server_key": ""
-}
                                  +...

                                  When this function is used, the original content in volcano-scheduler-configmap will be overwritten. Therefore, you must check whether volcano-scheduler-configmap has been modified during the upgrade. If yes, synchronize the modification to the upgrade page.

                                  7. @@ -986,10 +982,111 @@ data:
                                  Table 4 Supported plugins

                                  Plugin

                                  Function

                                  +

                                  Function

                                  Description

                                  +

                                  Description

                                  Demonstration

                                  +

                                  Demonstration

                                  binpack

                                  +

                                  binpack

                                  Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.

                                  +

                                  Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.

                                  arguments:

                                  +

                                  arguments:

                                  • binpack.weight: weight of the binpack plugin.
                                  • binpack.cpu: ratio of CPUs to all resources. The parameter value defaults to 1.
                                  • binpack.memory: ratio of memory resources to all resources. The parameter value defaults to 1.
                                  • binpack.resources: other custom resource types requested by the pod, for example, nvidia.com/gpu. Multiple types can be configured and be separated by commas (,).
                                  • binpack.resources.<your_resource>: weight of your custom resource in all resources. Multiple types of resources can be added. <your_resource> indicates the resource type defined in binpack.resources, for example, binpack.resources.nvidia.com/gpu.
                                  - plugins:
+
                                  - plugins:
   - name: binpack
     arguments:
       binpack.weight: 10
@@ -286,60 +288,60 @@ tolerations:
       binpack.resources.example.com/foo: 3

                                  conformance

                                  +

                                  conformance

                                  Prevent key pods, such as the pods in the kube-system namespace from being preempted.

                                  +

                                  Prevent key pods, such as the pods in the kube-system namespace from being preempted.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'priority'
   - name: 'gang'
     enablePreemptable: false
   - name: 'conformance'

                                  lifecycle

                                  +

                                  lifecycle

                                  By collecting statistics on service scaling rules, pods with similar lifecycles are preferentially scheduled to the same node. With the horizontal scaling capability of the Autoscaler, resources can be quickly scaled in and released, reducing costs and improving resource utilization.

                                  +

                                  By collecting statistics on service scaling rules, pods with similar lifecycles are preferentially scheduled to the same node. With the horizontal scaling capability of the Autoscaler, resources can be quickly scaled in and released, reducing costs and improving resource utilization.

                                  1. Collects statistics on the lifecycle of pods in the service load and schedules pods with similar lifecycles to the same node.

                                  2. For a cluster configured with an automatic scaling policy, adjust the scale-in annotation of the node to preferentially scale in the node with low usage.

                                  arguments:
                                  • lifecycle.WindowSize: The value is an integer greater than or equal to 1 and defaults to 10.

                                    Record the number of times that the number of replicas changes. If the load changes regularly and periodically, decrease the value. If the load changes irregularly and the number of replicas changes frequently, increase the value. If the value is too large, the learning period is prolonged and too many events are recorded.

                                    +
                                  arguments:
                                  • lifecycle.WindowSize: The value is an integer greater than or equal to 1 and defaults to 10.

                                    Record the number of times that the number of replicas changes. If the load changes regularly and periodically, decrease the value. If the load changes irregularly and the number of replicas changes frequently, increase the value. If the value is too large, the learning period is prolonged and too many events are recorded.

                                  • lifecycle.MaxGrade: The value is an integer greater than or equal to 3 and defaults to 3.

                                    It indicates levels of replicas. For example, if the value is set to 3, the replicas are classified into three levels. If the load changes regularly and periodically, decrease the value. If the load changes irregularly, increase the value. Setting an excessively small value may result in inaccurate lifecycle forecasts.

                                  • lifecycle.MaxScore: float64 floating point number. The value must be greater than or equal to 50.0. The default value is 200.0.

                                    Maximum score (equivalent to the weight) of the lifecycle plugin.

                                  • lifecycle.SaturatedTresh: float64 floating point number. If the value is less than 0.5, use 0.5. If the value is greater than 1, use 1. The default value is 0.8.

                                    Threshold for determining whether the node usage is too high. If the node usage exceeds the threshold, the scheduler preferentially schedules jobs to other nodes.

                                  - plugins:
+
                                  - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
   - name: conformance
   - name: lifecycle
     arguments:
-      lifecycle.MaxGrade: 10
+      lifecycle.MaxGrade: 3
       lifecycle.MaxScore: 200.0
-      lifecycle.SaturatedTresh: 1.0
+      lifecycle.SaturatedTresh: 0.8
       lifecycle.WindowSize: 10
                                  NOTE:
                                  • For nodes that do not want to be scaled in, manually mark them as long-period nodes and add the annotation volcano.sh/long-lifecycle-node: true to them. For an unmarked node, the lifecycle plugin automatically marks the node based on the lifecycle of the load on the node.
                                  • The default value of MaxScore is 200.0, which is twice the weight of other plugins. When the lifecycle plugin does not have obvious effect or conflicts with other plugins, disable other plugins or increase the value of MaxScore.
                                  • After the scheduler is restarted, the lifecycle plugin needs to re-record the load change. The optimal scheduling effect can be achieved only after several periods of statistics are collected.

                                  Gang

                                  +

                                  Gang

                                  Consider a group of pods as a whole for resource allocation. This plugin checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.

                                  +

                                  Consider a group of pods as a whole for resource allocation. This plugin checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.

                                  NOTE:

                                  If a gang scheduling policy is used, if the remaining resources in the cluster are greater than or equal to half of the minimum number of resources for running a job but less than the minimum of resources for running the job, Autoscaler scale-outs will not be triggered.

                                  • enablePreemptable:
                                    • true: Preemption enabled
                                    • false: Preemption not enabled
                                    +
                                  • enablePreemptable:
                                    • true: Preemption enabled
                                    • false: Preemption not enabled
                                  • enableJobStarving:
                                    • true: Resources are preempted based on the minAvailable setting of jobs.
                                    • false: Resources are preempted based on job replicas.
                                    NOTE:
                                    • The default value of minAvailable for Kubernetes-native workloads (such as Deployments) is 1. It is a good practice to set enableJobStarving to false.
                                    • In AI and big data scenarios, you can specify the minAvailable value when creating a vcjob. It is a good practice to set enableJobStarving to true.
                                    • In Volcano versions earlier than v1.11.5, enableJobStarving is set to true by default. In Volcano versions later than v1.11.5, enableJobStarving is set to false by default.
                                  - plugins:
+
                                  - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
@@ -347,66 +349,66 @@ tolerations:
   - name: conformance

                                  priority

                                  +

                                  priority

                                  Schedule based on custom load priorities.

                                  +

                                  Schedule based on custom load priorities.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
   - name: conformance

                                  overcommit

                                  +

                                  overcommit

                                  Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.

                                  +

                                  Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.

                                  NOTE:

                                  This plugin is supported in Volcano 1.6.5 and later versions.

                                  arguments:

                                  +

                                  arguments:

                                  • overcommit-factor: inflation factor, which defaults to 1.2.
                                  - plugins:
+
                                  - plugins:
   - name: overcommit
     arguments:
       overcommit-factor: 2.0

                                  drf

                                  +

                                  drf

                                  The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.

                                  +

                                  The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.

                                  -

                                  +

                                  -

                                  - plugins:
+
                                  - plugins:
   - name: 'drf'
   - name: 'predicates'
   - name: 'nodeorder'

                                  predicates

                                  +

                                  predicates

                                  Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.

                                  +

                                  Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'drf'
   - name: 'predicates'
   - name: 'nodeorder'

                                  nodeorder

                                  +

                                  nodeorder

                                  A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.

                                  +

                                  A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.

                                  Scoring parameters:

                                  -
                                  • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 2.
                                  • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 2.
                                  • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                  • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                  • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                  • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 3.
                                  • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                  • selectorspread.weight: Pods are evenly scheduled to different nodes. This parameter defaults to 0.
                                  • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                  +

                                  Scoring parameters:

                                  +
                                  • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 2.
                                  • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 2.
                                  • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                  • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                  • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                  • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 3.
                                  • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                  • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                  - plugins:
+
                                  - plugins:
   - name: nodeorder
     arguments:
       leastrequested.weight: 1
@@ -419,50 +421,50 @@ tolerations:
       podtopologyspread.weight: 2

                                  cce-gpu-topology-predicate

                                  +

                                  cce-gpu-topology-predicate

                                  GPU-topology scheduling preselection algorithm

                                  +

                                  GPU-topology scheduling preselection algorithm

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
   - name: 'cce-gpu'

                                  cce-gpu-topology-priority

                                  +

                                  cce-gpu-topology-priority

                                  GPU-topology scheduling priority algorithm

                                  +

                                  GPU-topology scheduling priority algorithm

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
   - name: 'cce-gpu'

                                  cce-gpu

                                  +

                                  cce-gpu

                                  GPU resource allocation that supports decimal GPU configurations by working with the gpu add-on.

                                  +

                                  GPU resource allocation that supports decimal GPU configurations by working with the gpu add-on.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
   - name: 'cce-gpu'

                                  numa-aware

                                  +

                                  numa-aware

                                  NUMA affinity scheduling.

                                  +

                                  NUMA affinity scheduling.

                                  arguments:

                                  +

                                  arguments:

                                  • weight: weight of the numa-aware plugin
                                  - plugins:
+
                                  - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
@@ -474,14 +476,14 @@ tolerations:
       weight: 10

                                  networkresource

                                  +

                                  networkresource

                                  The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.

                                  +

                                  The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.

                                  arguments:

                                  +

                                  arguments:

                                  • NetworkType: network type (eni or vpc-router)
                                  - plugins:
+
                                  - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
@@ -490,39 +492,39 @@ tolerations:
       NetworkType: vpc-router

                                  nodelocalvolume

                                  +

                                  nodelocalvolume

                                  Filter out nodes that do not meet local volume requirements.

                                  +

                                  Filter out nodes that do not meet local volume requirements.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'

                                  nodeemptydirvolume

                                  +

                                  nodeemptydirvolume

                                  Filter out nodes that do not meet the emptyDir requirements.

                                  +

                                  Filter out nodes that do not meet the emptyDir requirements.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'

                                  nodeCSIscheduling

                                  +

                                  nodeCSIscheduling

                                  Filter out nodes with malfunctional Everest.

                                  +

                                  Filter out nodes with malfunctional Everest.

                                  None

                                  +

                                  None

                                  - plugins:
+
                                  - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
@@ -557,7 +559,7 @@ tolerations:

                                  Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                  The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                                  -

                                  For details, see Taints and Tolerations.

                                  +

                                  For details, see Configuring Tolerance Policies.
                                  +

                                  Change History

                                  It is a good practice to upgrade Volcano to the latest version that is supported by the cluster.

                                  +
                                  + +
                                  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                  Table 9 Release history

                                  Add-on Version

                                  +

                                  Supported Cluster Version

                                  +

                                  New Feature

                                  +

                                  1.13.3

                                  +

                                  v1.21

                                  +

                                  v1.23

                                  +

                                  v1.25

                                  +

                                  v1.27

                                  +

                                  v1.28

                                  +

                                  v1.29

                                  +
                                  • Supported scale-in of customized resources based on node priorities.
                                  • Optimized the association between preemption and node scale-out.
                                  +

                                  1.12.1

                                  +

                                  v1.19.16

                                  +

                                  v1.21

                                  +

                                  v1.23

                                  +

                                  v1.25

                                  +

                                  v1.27

                                  +

                                  v1.28

                                  +

                                  Optimized application auto scaling performance.

                                  +

                                  1.11.21

                                  +

                                  v1.19.16

                                  +

                                  v1.21

                                  +

                                  v1.23

                                  +

                                  v1.25

                                  +

                                  v1.27

                                  +

                                  v1.28

                                  +
                                  • Supported Kubernetes 1.28.
                                  • Supported load-aware scheduling.
                                  • Updated image OS to HCE 2.0.
                                  • Optimized CSI resource preemption.
                                  • Optimized load-aware rescheduling.
                                  • Optimized preemption in hybrid deployment scenarios.
                                  +

                                  1.11.6

                                  +

                                  v1.19.16

                                  +

                                  v1.21

                                  +

                                  v1.23

                                  +

                                  v1.25

                                  +

                                  v1.27

                                  +
                                  • Supported Kubernetes 1.27.
                                  • Supported rescheduling.
                                  • Supported affinity scheduling of nodes in the node pool.
                                  • Optimized the scheduling performance.
                                  +

                                  1.9.1

                                  +

                                  v1.19.16

                                  +

                                  v1.21

                                  +

                                  v1.23

                                  +

                                  v1.25

                                  +
                                  • Fixes the issue that the counting pipeline pod of the networkresource add-on occupies supplementary network interfaces (Sub-ENI).
                                  • Fixes the issue where the binpack add-on scores nodes with insufficient resources.
                                  • Fixes the issue of processing resources in the pod with unknown end status.
                                  • Optimizes event output.
                                  • Supports HA deployment by default.
                                  +

                                  1.7.1

                                  +

                                  v1.19.16

                                  +

                                  v1.21

                                  +

                                  v1.23

                                  +

                                  v1.25

                                  +

                                  Adapts to clusters 1.25.

                                  +

                                  1.4.5

                                  +

                                  v1.17

                                  +

                                  v1.19

                                  +

                                  v1.21

                                  +

                                  Changes the deployment mode of volcano-scheduler from statefulset to deployment, and fixes the issue that pods cannot be automatically migrated when the node is abnormal.

                                  +

                                  1.3.7

                                  +

                                  v1.15

                                  +

                                  v1.17

                                  +

                                  v1.19

                                  +

                                  v1.21

                                  +
                                  • Supports hybrid deployment of online and offline jobs and resource oversubscription.
                                  • Optimizes the scheduling throughput for clusters.
                                  • Fixes the issue where the scheduler panics in certain scenarios.
                                  • Fixes the issue that the volumes.secret verification of the volcano job in the CCE clusters 1.15 fails.
                                  • Fixes the issue that jobs fail to be scheduled when volumes are mounted.
                                  +
                                  +
                                  +
                                  -
                                  Parent topic: Add-ons
                                  +
                                  Parent topic: Scheduling and Elasticity Add-ons
                                  diff --git a/docs/cce/umn/cce_10_0196.html b/docs/cce/umn/cce_10_0196.html index 083de630..97919528 100644 --- a/docs/cce/umn/cce_10_0196.html +++ b/docs/cce/umn/cce_10_0196.html @@ -1,6 +1,6 @@ -

                                  Binding a Subnet and Security Group to a Namespace or Workload

                                  +

                                  Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration

                                  Scenario

                                  In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. If you want to configure a specified container subnet and security group for a specified namespace or workload, create a container network configuration and associate it with the target namespace or workload. In this way, service subnets can be planned or services can be securely isolated.

                                  The following table lists the resources that a container network configuration can be associated with.
                                  - - @@ -38,24 +38,22 @@
                                  Table 1 Associated resources

                                  Category

                                  @@ -28,9 +28,9 @@

                                  Available only in CCE Turbo clusters of 1.23.11-r0, 1.25.6-r0, 1.27.3-r0, 1.28.1-r0, or later.

                                  Constraints

                                  +

                                  Notes and Constraints

                                  The namespaces associated with different container network configurations must be unique.

                                  +

                                  A namespace can be associated with only one container network configuration.

                                  Only the custom container network configurations that are not associated with any namespace can be specified.
                                  -
                                  -
                                  -

                                  Constraints

                                  • Only the default container network configuration default-network supports container ENI prebinding. The speed of creating pods using a custom container network configuration is slower than that of creating pods using default-network. Therefore, this function is not suitable for ultra-fast pod scaling.
                                  • default-network cannot be deleted.
                                  • If a workload with a fixed IP address needs to be associated with a new container network configuration, the fixed IP address will be invalid when pods are rebuilt. In this case, delete the workload, release the fixed IP address, and create a workload again.
                                  • Before deleting a custom container network configuration, delete the pods (with the cni.yangtse.io/network-status annotation) created using the configuration in the target namespace. For details, see Deleting a Container Network Configuration.
                                  -
                                  -

                                  Using the CCE Console to Create a Container Network Configuration of the Namespace Type

                                  1. Log in to the CCE console.
                                  2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane and click the Network tab.

                                    If default-network is available in the cluster, it takes effect on all pods where no custom container network configuration has been configured. The default container subnet in the network settings on the Overview page is the container subnet in default-network.

                                    +
                                    • The priorities (in descending order) of the container network configurations used by a pod are as follows: Container network configuration directly associated with the pod > Container network configuration associated with the pod namespace > Default container network configuration of the cluster (default-network)
                                    • If default-network is available in a cluster, it takes effect on all pods where no custom container network configuration has been configured. The default container subnet in the network settings on the Overview page is the container subnet in default-network. default-network cannot be deleted.
                                    -

                                  3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.

                                    • Name: Enter a name that contains a maximum of 253 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                    • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the namespace type, select Namespace.
                                    • Namespace: Select the namespace to be associated. The namespaces associated with different container network configurations must be unique. If no namespace is available, click Create Namespace to create one.
                                    • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. A maximum of 20 subnets can be selected.
                                    • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                    +
                                  +
                                  +

                                  Notes and Constraints

                                  • Only the default container network configuration supports dynamic pre-binding of container NICs. When the quota of node NICs is used up, the pod that uses the custom container network configuration attempts to unbind the pre-bound NIC of the default container network configuration, leading to slower pod startup. Therefore, if you need to frequently use the custom container network configuration, disable dynamic pre-binding of global container NICs in the target cluster. If you require high-speed pod elasticity using the default container network configuration, properly plan dynamic pre-binding of container NICs in the target node pool based on scheduling.
                                  • If a workload with a fixed IP address needs to be associated with a new container network configuration, the fixed IP address will be invalid when pods are rebuilt. In this case, delete the workload, release the fixed IP address, and create a workload again.
                                  • Before deleting a custom container network configuration, delete the pods (with the cni.yangtse.io/network-status annotation) created using the configuration in the target namespace. For details, see Deleting a Container Network Configuration.
                                  +
                                  +

                                  Using the CCE Console to Create a Container Network Configuration of the Namespace Type

                                  1. Log in to the CCE console.
                                  2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                  3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.

                                    • Name: Enter a name that contains a maximum of 253 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                    • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the namespace type, select Namespace.
                                    • Namespace: Select the namespace to be associated. The namespaces associated with different container network configurations must be unique. If no namespace is available, click Create Namespace to create one.
                                    • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. A maximum of 20 subnets can be selected.
                                    • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.

                                  4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                  -

                                  Using the CCE Console to Create a Container Network Configuration of the Workload Type

                                  1. Log in to the CCE console.
                                  2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane and click the Network tab.

                                    If default-network is available in the cluster, it takes effect on all pods where no custom container network configuration has been configured. The default container subnet in the network settings on the Overview page is the container subnet in default-network.

                                    -
                                    -

                                  3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.

                                    • Name: Enter a name that contains a maximum of 253 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                    • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the workload type, select Workload.
                                    • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. A maximum of 20 subnets can be selected.
                                    • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                    +

                                    Using the CCE Console to Create a Container Network Configuration of the Workload Type

                                    1. Log in to the CCE console.
                                    2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                    3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.

                                      • Name: Enter a name that contains a maximum of 253 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                      • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the workload type, select Workload.
                                      • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. A maximum of 20 subnets can be selected.
                                      • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.

                                    4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                    5. When creating a workload, you can select a custom container network configuration.

                                      1. In the navigation pane, choose Workloads. In the right pane, click the Deployments tab.
                                      2. Click Create Workload in the upper right corner of the page. In the Advanced Settings area, choose Network Configuration and determine whether to enable a specified container network configuration.
                                      3. Select an existing container network configuration. If no configuration is available, click Add to create one.
                                      4. After the configuration, click Create Workload.

                                        Return to the Settings page. In the container network configuration list, the name of the resource associated with the created container network configuration is displayed.

                                    Using Kubectl to Create a Container Network Configuration of the Namespace Type

                                    This section describes how to use kubectl to create a container network configuration of the namespace type.

                                    -
                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                    2. Modify the networkattachment-test.yaml file.

                                      vi networkattachment-test.yaml

                                      +
                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                      2. Modify the networkattachment-test.yaml file.

                                        vi networkattachment-test.yaml

                                        apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
 metadata:
@@ -64,8 +62,8 @@ metadata:
   name: example
   namespace: kube-system
 spec:
-  config: 
-  '{
+  config: |
+   {
     "type":"eni-neutron",
     "args":{
       "securityGroups":"41891**",
@@ -82,7 +80,7 @@ spec:
         }
       }
     }
-  }'
                                        + }
                                        @@ -264,26 +262,27 @@ spec:

                                        Using Kubectl to Create a Container Network Configuration of the Workload Type

                                        This section describes how to use kubectl to create a container network configuration of the workload type.

                                        -
                                        1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                        2. Modify the networkattachment-test.yaml file.

                                          vi networkattachment-test.yaml

                                          +
                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                          2. Modify the networkattachment-test.yaml file.

                                            vi networkattachment-test.yaml

                                            apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
 metadata:
   annotations:
-    yangtse.io/project-id: 05e38**
+    yangtse.io/project-id: 80d5a**
   name: example
   namespace: kube-system
 spec:
-  config: 
-  '{
+  config: |
+   {
     "type":"eni-neutron",
     "args":{
-      "securityGroups":"41891**",
+      "securityGroups":"f4983**",
       "subnets":[
         {
-          "subnetID":"27d95**"
+          "subnetID":"5594b**"
         }
       ]
-    }'
                                            + } + }
                                        Table 2 Key parameters

                                        Parameter
                                        @@ -301,7 +300,7 @@ spec: - - - - - @@ -460,7 +459,7 @@ spec:

                                        Deleting a Container Network Configuration

                                        You can delete the new container network configuration or view its YAML file.

                                        Before deleting a container network configuration, delete all pods using the configuration. Otherwise, the deletion will fail.

                                        -
                                        1. Run the following command to filter the pods that uses the configuration in the cluster (example is used as an example):
                                          kubectl get po -A -o=jsonpath="{.items[?(@.metadata.annotations.cni\.yangtse\.io/network-status=='[{\"name\":\"example\"}]')]['metadata.namespace', 'metadata.name']}"
                                          +
                                          1. Run the following command to filter the pods that uses the configuration in the cluster (example is used as an example):
                                            kubectl get pod -A -o=jsonpath="{.items[?(@.metadata.annotations.cni\.yangtse\.io/network-status=='[{\"name\":\"example\"}]')]['metadata.namespace', 'metadata.name']}"

                                            The command output contains the pod name and namespace associated with the configuration.

                                          2. Delete the owner of the pod. The owner may be a Deployment, StatefulSet, DaemonSet, or Job.
                                        diff --git a/docs/cce/umn/cce_10_0197.html b/docs/cce/umn/cce_10_0197.html index 7bef9f3f..612c3682 100644 --- a/docs/cce/umn/cce_10_0197.html +++ b/docs/cce/umn/cce_10_0197.html @@ -1,9 +1,9 @@ -

                                        Upgrade Overview

                                        +

                                        Process and Method of Upgrading a Cluster

                                        CCE strictly complies with community consistency authentication. It releases three Kubernetes versions each year and offers a maintenance period of at least 24 months after each version is released. CCE ensures the stable running of Kubernetes versions during the maintenance period.

                                        To ensure your service rights and benefits, upgrade your Kubernetes clusters before a maintenance period ends. You can check the Kubernetes version of your cluster on the cluster list page and check whether a new version is available. Proactive cluster upgrades help you:

                                        -
                                        1. Reduce security and stability risks: During the iteration of Kubernetes versions, known security and stability vulnerabilities are continuously fixed. Long-term use of EOS clusters will result in security and stability risks to services.
                                        2. Experience the latest functions: During the iteration of Kubernetes versions, new functions and optimizations are continuously released. For details about the features of the latest version, see Release Notes for CCE Cluster Versions.
                                        3. Minimize compatibility risks: During the iteration of Kubernetes versions, APIs are continuously modified and functions are deprecated. If a cluster has not been upgraded for a long time, more O&M assurance investment will be required when the cluster is upgraded. Periodic upgrades can effectively mitigate compatibility risks caused by accumulated version differences. It is a good practice to upgrade a patch version every quarter and upgrade a major version to the latest version every year.
                                        4. Obtain more effective technical support: CCE does not provide security patches or issue fixing for EOS Kubernetes cluster versions, and does not ensure technical support for the EOS versions.
                                        +
                                        • Reduce security and stability risks: During the iteration of Kubernetes versions, known security and stability vulnerabilities are continuously fixed. Long-term use of EOS clusters will result in security and stability risks to services.
                                        • Experience the latest functions: During the iteration of Kubernetes versions, new functions and optimizations are continuously released. For details about the features of the latest version, see Release Notes for CCE Cluster Versions.
                                        • Minimize compatibility risks: During the iteration of Kubernetes versions, APIs are continuously modified and functions are deprecated. If a cluster has not been upgraded for a long time, more O&M assurance investment will be required when the cluster is upgraded. Periodic upgrades can effectively mitigate compatibility risks caused by accumulated version differences. It is a good practice to upgrade a patch version every quarter and upgrade a major version to the latest version every year.
                                        • Obtain more effective technical support: CCE does not provide security patches or issue fixing for EOS Kubernetes cluster versions, and does not ensure technical support for the EOS versions.

                                        Cluster Upgrade Path

                                        CCE clusters evolve iteratively based on the community Kubernetes version. A CCE cluster version consists of the community Kubernetes version and the CCE patch version. Therefore, two cluster upgrade paths are provided.

                                        • Upgrading a Kubernetes version
                                        Table 6 Key parameters

                                        Parameter

                                        String

                                        API version. The value is fixed at k8s.cni.cncf.io/v1.

                                        +

                                        API version. The value is fixed at k8s.cni.cncf.io/v1.

                                        kind

                                        @@ -310,7 +309,7 @@ spec:

                                        String

                                        Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.

                                        +

                                        Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.

                                        yangtse.io/project-id

                                        @@ -337,7 +336,7 @@ spec:

                                        String

                                        Namespace of the configuration resource. The value is fixed to kube-system.

                                        +

                                        Namespace of the configuration resource. The value is fixed to kube-system.

                                        config

                                        @@ -369,7 +368,7 @@ spec:

                                        String

                                        The value is fixed at eni-neutron.

                                        +

                                        The value is fixed at eni-neutron.

                                        args

                                        @@ -402,9 +401,9 @@ spec:

                                        String

                                        Security group ID. If no security group is planned, select the same security group as that in default-network.

                                        +

                                        Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.

                                        How to obtain:

                                        -

                                        Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.

                                        +

                                        Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.

                                        subnets

                                        @@ -417,7 +416,7 @@ spec: 
                                        [{"subnetID":"27d95**"},{"subnetID":"827bb**"},{"subnetID":"bdd6b**"}]

                                        Subnet ID not used by the cluster in the same VPC.

                                        How to obtain:

                                        -

                                        Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.

                                        +

                                        Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                        - - @@ -52,17 +52,22 @@ + + +

                                        Source Kubernetes Version

                                        @@ -37,12 +37,12 @@

                                        v1.23 or v1.25

                                        v1.23

                                        +

                                        v1.23

                                        v1.25 or v1.27

                                        v1.25

                                        +

                                        v1.25

                                        v1.27

                                        v1.28

                                        v1.28

                                        +

                                        1.29

                                        +
                                        -
                                        • A version that has been end of maintenance cannot be directly upgraded to the latest version. You need to upgrade such a version for multiple times, for example, from v1.15 to v1.19, v1.23, and then to v1.27/v1.28.
                                        • A Kubernetes version can be upgraded only after the patch is upgraded to the latest version. CCE will automatically generate an optimal upgrade path on the console based on the current cluster version.
                                        +
                                        • A version that has been end of maintenance cannot be directly upgraded to the latest version. You need to upgrade such a version for multiple times, for example, from v1.15 to v1.19, v1.23, and then to v1.27 or v1.28.
                                        • A Kubernetes version can be upgraded only after the patch is upgraded to the latest version. CCE will automatically generate an optimal upgrade path on the console based on the current cluster version.
                                      3. Upgrading a patch version

                                        Patch version management is available for CCE clusters of v1.19 or later to provide new features and fix bugs and vulnerability for in-maintenance clusters without requiring a major version upgrade.

                                        After a new patch version is released, you can directly upgrade any patch version to the latest patch version. For details about the release history of patch versions, see Patch Version Release Notes.

                                    Cluster Upgrade Process

                                    The cluster upgrade process involves pre-upgrade check, backup, upgrade, and post-upgrade verification.

                                    -
                                    Figure 1 Process of upgrading a cluster
                                    +
                                    Figure 1 Process of upgrading a cluster

                                    After determining the target version of the cluster, read the precautions carefully and prevent function incompatibility during the upgrade.

                                    1. Pre-upgrade check

                                      Before a cluster upgrade, CCE checks mandatory items such as the cluster status, add-ons, and nodes to ensure that the cluster meets the upgrade requirements. For more details, see Pre-upgrade Check. If any check item is abnormal, rectify the fault as prompted on the console.

                                    2. Backup

                                      You can use disk snapshots to back up master node data, including CCE component images, component configurations, and etcd data. Back up data before an upgrade. If unexpected cases occur during an upgrade, you can use the backup to quickly restore the cluster.

                                      @@ -73,9 +78,9 @@

                                  Backup Mode

                                  Backup Time

                                  +

                                  Backup Duration

                                  Rollback Time

                                  +

                                  Rollback Duration

                                  Description

                                  Master node disks, including component images, configurations, logs, and etcd data

                                  One-click backup on web pages (manually triggered)

                                  +

                                  One-click backup on a web page (manually triggered)

                                  20 minutes to 2 hours (based on the cloud backup tasks in the current region)

                                7. Configuration and upgrade

                                  Configure parameters before an upgrade. CCE has provided default settings, which can be modified as needed. After the configuration, upgrade add-ons, master nodes, and worker nodes in sequence.

                                  -
                                  • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, CCE automatically upgrades the selected add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.

                                    If an add-on is marked with on its right side, the add-on cannot be compatible with both the source and target versions of the cluster upgrade. In this case, CCE will upgrade the add-on after the cluster upgrade. The add-on may be unavailable during the cluster upgrade.

                                    +
                                    • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, CCE automatically upgrades the selected add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.

                                      If an add-on is marked with on its right side, the add-on cannot be compatible with both the source and target versions of the cluster upgrade. In this case, CCE will upgrade the add-on after the cluster upgrade. The add-on may be unavailable during the cluster upgrade.

                                    • Node Upgrade Configuration
                                      • Max. Nodes for Batch Upgrade: You can configure the maximum number of nodes to be upgraded in a batch.

                                        Node pools will be upgraded in sequence. Nodes in node pools will be upgraded in batches. One node is upgraded in the first batch, two nodes in the second batch, and the number of nodes to be upgraded in each subsequent batch increases by a power of 2 until the maximum number of nodes to be upgraded in each batch is reached. The next cluster is upgraded after the previous one is upgraded. By default, 20 nodes are upgraded in a batch, and the number can be increased to the maximum of 60.

                                      • Node Priority: You can customize node upgrade priorities. If the priorities are not specified, CCE will perform the upgrade based on the priorities generated by the default policy.
                                        • Add Upgrade Priority: You can custom the priorities for upgrading node pools. If the priorities are not specified, CCE will preferentially upgrade the node pool with the least number of nodes based on the default policy.
                                        • Add Node Priority: You can custom the priorities for upgrading nodes in a node pool. If the priorities are not specified, CCE will preferentially upgrade the node with lightest load (calculated based on the number of pods, resource request rate, and number of PVs) based on the default policy.
                                        diff --git a/docs/cce/umn/cce_10_0198.html b/docs/cce/umn/cce_10_0198.html index d330f269..fe55c02d 100644 --- a/docs/cce/umn/cce_10_0198.html +++ b/docs/cce/umn/cce_10_0198.html @@ -2,45 +2,45 @@

                                        Accepting Nodes for Management

                                        Scenario

                                        In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs) to your cluster for management.

                                        -
                                        • While an ECS is being accepted into a cluster, the operating system of the ECS will be reset to the standard OS image provided by CCE to ensure node stability. The CCE console prompts you to select the operating system and the login mode during the reset.
                                        • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs), will be deleted from the system disks and data disks attached to the selected ECSs during management. Ensure that the information has been backed up.
                                        • While an ECS is being accepted into a cluster, do not perform any operation on the ECS through the ECS console.
                                        +
                                        • When accepting an ECS, you can reset the ECS OS to a standard public image offered by CCE. If you choose to do so, you need to reset the password or key pair, and the previous password or key pair will become invalid.
                                        • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs), will be deleted from the system disks and data disks attached to the selected ECSs during acceptance. Ensure that the information has been backed up.
                                        • During the acceptance of an ECS, do not perform any operation on the ECS through the ECS console.
                                        -

                                        Constraints

                                        • The cluster version must be 1.15 or later.
                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                        • If a password or key has been set when the original VM node was created, reset the password or key during management. The original password or key will become invalid.
                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node.
                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                        +

                                        Notes and Constraints

                                        • ECSs and BMSs can be managed.
                                        -

                                        Prerequisites

                                        A cloud server that meets the following conditions can be accepted:

                                        -
                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                        • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB.
                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                        • Only cloud servers with the same specifications, AZ, and data disk configuration can be added in batches.
                                        +

                                        Prerequisites

                                        The cloud servers to be managed must meet the following requirements:

                                        +
                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                        • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB.
                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                        • Only cloud servers with the same data disk configurations can be added in batches.
                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node.
                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.

                                        Procedure

                                        1. Log in to the CCE console and go to the cluster where the node to be accepted resides.
                                        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab and then Accept Node in the upper right corner.
                                        3. Specify node parameters.

                                          Configurations

                                          -
                                          Table 1 Node configuration parameters

                                          Parameter

                                          +
                                          - - - - - - - - - @@ -50,7 +50,7 @@

                                          Storage Settings

                                          Configure storage resources on a node for the containers running on it. -
                                          Table 1 Node configuration parameters

                                          Parameter

                                          Description

                                          +

                                          Description

                                          Specifications

                                          +

                                          Specifications

                                          Click Select Cloud Server and select the servers to be accepted.

                                          +

                                          Click Select Cloud Server and select the servers to be accepted.

                                          You can select multiple cloud servers for batch management. However, only the cloud servers with the same specifications, AZ, and data disk configuration can be added in batches.

                                          If a cloud server contains multiple data disks, select one of them for the container runtime and kubelet.

                                          Container Engine

                                          +

                                          Container Engine

                                          The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

                                          +

                                          The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

                                          OS

                                          +

                                          OS

                                          Select an OS type. Different types of nodes support different OSs.
                                          • Public image: Select a public image for the node.
                                          • Private image: Select a private image for the node.
                                          +
                                          Select an OS type. Different types of nodes support different OSs.
                                          • Public image: Select a public image for the node.
                                          • Private image: Select a private image for the node.
                                          NOTE:

                                          Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.

                                          Login Mode

                                          +

                                          Login Mode

                                          • Key Pair

                                            Select the key pair used to log in to the node. You can select a shared key.

                                            +
                                          • Key Pair

                                            Select the key pair used to log in to the node. You can select a shared key.

                                            A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                          Table 2 Configuration parameters

                                          Parameter

                                          +
                                          @@ -82,20 +82,20 @@ - - - - diff --git a/docs/cce/umn/cce_10_0201.html b/docs/cce/umn/cce_10_0201.html index 308966f6..02be89b5 100644 --- a/docs/cce/umn/cce_10_0201.html +++ b/docs/cce/umn/cce_10_0201.html @@ -2,7 +2,7 @@

                                          Monitoring Custom Metrics on AOM

                                          CCE allows you to upload custom metrics to AOM. ICAgent on a node periodically calls the metric monitoring API configured on a workload to read monitoring data and then uploads the data to AOM.

                                          -
                                          Figure 1 Using ICAgent to collect monitoring metrics
                                          +
                                          Figure 1 Using ICAgent to collect monitoring metrics

                                          The custom metric API of a workload can be configured when the workload is created. The following procedure uses an Nginx application as an example to describe how to report custom metrics to AOM.

                                          1. Preparing an Application

                                            Prepare an application image. The application must provide a metric monitoring API for ICAgent to collect data, and the monitoring data must comply with the Prometheus specifications.

                                          2. Deploying Applications and Converting Nginx Metrics

                                            Use the application image to deploy a workload in a cluster. Custom metrics are automatically reported.

                                            @@ -58,7 +58,7 @@ ADD nginx.conf /etc/nginx/nginx.conf EXPOSE 80 CMD ["nginx", "-g", "daemon off;"]
                                          -

                                        4. Use this Dockerfile to build an image and upload it to SWR. The image name is nginx:exporter.

                                          1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. On the displayed dialog box, click Generate a temporary login command and click to copy the command.
                                          2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                          3. Run the following command to build an image named nginx. The image version is exporter.
                                            docker build -t nginx:exporter .
                                            +

                                          4. Use this Dockerfile to build an image and upload it to SWR. The image name is nginx:exporter.

                                            1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. On the displayed dialog box, click Generate a temporary login command and click to copy the command.
                                            2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                            3. Run the following command to build an image named nginx. The image version is exporter.
                                              docker build -t nginx:exporter .
                                            4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                              docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
 docker push {swr-address}/{group}/nginx:exporter
                                            @@ -71,7 +71,7 @@ Reading: 0 Writing: 1 Waiting: 2

                                          Deploying Applications and Converting Nginx Metrics

                                          The format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. Convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter, as shown in the following figure.

                                          -
                                          Figure 2 Using exporter to convert the data format
                                          +
                                          Figure 2 Using exporter to convert the data format

                                          Deploy nginx:exporter and nginx-prometheus-exporter in the same pod.

                                          kind: Deployment
 apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0205.html b/docs/cce/umn/cce_10_0205.html
index 2ced25f5..bb876cc8 100644
--- a/docs/cce/umn/cce_10_0205.html
+++ b/docs/cce/umn/cce_10_0205.html
@@ -1,12 +1,12 @@
 
 
 
                                          Kubernetes Metrics Server
                                          
-
                                          From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for heapster for providing the similar functions. heapster has been gradually abandoned since v1.11.
                                          
+
                                          From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for Heapster for providing the similar functions. Heapster has been gradually abandoned since v1.11.
                                          
 
                                          metrics-server is an aggregator for monitoring data of core cluster resources. You can quickly install this add-on on the CCE console.
                                          
-
                                          After installing this add-on, you can create HPA policies. For details, see HPA Policies.
                                          
+
                                          After installing this add-on, you can create HPA policies. For details, see Creating an HPA Policy.
                                          
 
                                          The official community project and documentation are available at https://github.com/kubernetes-sigs/metrics-server.
                                          
 
                                          Installing the Add-on
                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Kubernetes Metrics Server on the right, and click Install.
                                          2. On the Install Add-on page, configure the specifications.
                                            
-
                                          5. Table 2 Storage configuration parameters

                                          Parameter

                                          Description

                                          Resource Tag

                                          You can add resource tags to classify resources.

                                          -

                                          You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

                                          -

                                          CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.

                                          +

                                          You can add resource tags to classify resources. A maximum of eight resource tags can be added.

                                          +

                                          You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

                                          +

                                          CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.

                                          Kubernetes Label

                                          Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

                                          -

                                          Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

                                          +

                                          Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.

                                          Taint

                                          This parameter is left blank by default. You can add taints to configure node anti-affinity. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                          • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                          • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                          • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                          +
                                          This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                          • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                          • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                          • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                          NOTICE:
                                          • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
                                          • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.
                                          @@ -109,13 +109,13 @@

                                          Pre-installation Command

                                          Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded.

                                          +

                                          Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

                                          The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

                                          Post-installation Command

                                          Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded.

                                          +

                                          Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

                                          The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                          Table 1 metrics-server configuration

                                          Parameter

                                          +
                                          @@ -21,6 +21,7 @@ @@ -84,10 +85,136 @@
                                          Table 1 Add-on configuration

                                          Parameter

                                          Description

                                          Number of pods that will be created to match the selected add-on specifications.

                                          If you select Custom, you can adjust the number of pods as required.

                                          +

                                          High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                          Containers

                                          @@ -56,7 +57,7 @@

                                          Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                          The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                                          -

                                          For details, see Taints and Tolerations.

                                          +

                                          For details, see Configuring Tolerance Policies.
                                          +

                                          Change History

                                          +
                                          + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
                                          Table 4 Release history

                                          Add-on Version

                                          +

                                          Supported Cluster Version

                                          +

                                          New Feature

                                          +

                                          Community Version

                                          +

                                          1.3.60

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          v1.25

                                          +

                                          v1.27

                                          +

                                          v1.28

                                          +

                                          v1.29

                                          +

                                          CCE clusters 1.29 are supported.

                                          +

                                          0.6.2

                                          +

                                          1.3.39

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          v1.25

                                          +

                                          v1.27

                                          +

                                          v1.28

                                          +

                                          Fixed some issues.

                                          +

                                          0.6.2

                                          +

                                          1.3.37

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          v1.25

                                          +

                                          v1.27

                                          +

                                          v1.28

                                          +

                                          CCE clusters 1.28 are supported.

                                          +

                                          0.6.2

                                          +

                                          1.3.12

                                          +

                                          v1.19

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          v1.25

                                          +

                                          v1.27

                                          +

                                          None

                                          +

                                          0.6.2

                                          +

                                          1.3.6

                                          +

                                          v1.19

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          v1.25

                                          +
                                          • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                          • The default taint tolerance duration is changed to 60s.
                                          +

                                          0.6.2

                                          +

                                          1.3.2

                                          +

                                          v1.19

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          v1.25

                                          +

                                          CCE clusters 1.25 are supported.

                                          +

                                          0.6.2

                                          +

                                          1.2.1

                                          +

                                          v1.19

                                          +

                                          v1.21

                                          +

                                          v1.23

                                          +

                                          CCE clusters 1.23 are supported.

                                          +

                                          0.4.4

                                          +

                                          1.1.10

                                          +

                                          v1.15

                                          +

                                          v1.17

                                          +

                                          v1.19

                                          +

                                          v1.21

                                          +

                                          CCE clusters 1.21 are supported.

                                          +

                                          0.4.4

                                          +

                                          1.1.4

                                          +

                                          v1.15

                                          +

                                          v1.17

                                          +

                                          v1.19

                                          +

                                          Unified resource specification configuration unit.

                                          +

                                          0.4.4

                                          +
                                          +
                                          +
                                          -
                                          Parent topic: Add-ons
                                          +
                                          Parent topic: Cloud Native Observability Add-ons
                                          diff --git a/docs/cce/umn/cce_10_0208.html b/docs/cce/umn/cce_10_0208.html index 53500e99..56a76ba2 100644 --- a/docs/cce/umn/cce_10_0208.html +++ b/docs/cce/umn/cce_10_0208.html @@ -1,14 +1,15 @@ -

                                          HPA Policies

                                          +

                                          Creating an HPA Policy

                                          Horizontal Pod Autoscaling (HPA) in Kubernetes implements horizontal scaling of pods. In a CCE HPA policy, you can configure different cooldown time windows and scaling thresholds for different applications based on the Kubernetes HPA.

                                          -

                                          Prerequisites

                                          To use HPA, install an add-on that provides metrics APIs. Select one of the following add-ons based on your cluster version and service requirements.
                                          • Kubernetes Metrics Server: provides basic resource usage metrics, such as container CPU and memory usage. It is supported by all cluster versions.
                                          -
                                          -
                                          -

                                          Constraints

                                          • HPA policies can be created only for clusters of v1.13 or later.
                                          • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.

                                            For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volume mounted, a new pod cannot be started because EVS disks cannot be attached.

                                            +

                                            Prerequisites

                                            To use HPA, install an add-on that provides metrics APIs. Select one of the following add-ons based on your cluster version and service requirements.
                                            -

                                            Creating an HPA Policy

                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                            2. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                            3. Set Policy Type to HPA+CronHPA, enable the created HPA policy, and configure parameters.

                                              This section describes only HPA policies. To enable CronHPA, see CronHPA Policies.

                                              +
                                            +

                                            Notes and Constraints

                                            • HPA policies can be created only for clusters of v1.13 or later.
                                            • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.

                                              For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.

                                              +
                                            +
                                            +

                                            Procedure

                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                            2. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                            3. Set Policy Type to HPA+CronHPA, enable the created HPA policy, and configure parameters.

                                              This section describes only HPA policies. To enable CronHPA, see Creating a Scheduled CronHPA Policy.

                                              @@ -50,6 +51,7 @@ -
                                              Table 1 HPA policy

                                              Parameter

                                              Custom Policy (supported only in clusters of v1.15 or later)
                                              NOTE:

                                              Before creating a custom policy, install an add-on that supports custom metric collection (for example, Prometheus) in the cluster. Ensure that the add-on can collect and report the custom metrics of the workloads.

                                              +

                                              For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.

                                              • Metric Name: name of the custom metric. You can select a name as prompted.
                                              • Metric Source: Select an object type from the drop-down list. You can select Pod.
                                              • Desired Value: the average metric value of all pods. Number of pods to be scaled (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                NOTE:

                                                When calculating the number of pods to be added or reduced, the HPA policy uses the maximum number of pods in the last 5 minutes.

                                                diff --git a/docs/cce/umn/cce_10_0209.html b/docs/cce/umn/cce_10_0209.html index 1189313c..fcf554a9 100644 --- a/docs/cce/umn/cce_10_0209.html +++ b/docs/cce/umn/cce_10_0209.html @@ -2,14 +2,14 @@

                                                Creating a Node Scaling Policy

                                                CCE provides auto scaling through the CCE Cluster Autoscaler add-on. Nodes with different flavors can be automatically added across AZs on demand.

                                                -

                                                If both a node scaling policy and the configuration in the auto scaling add-on take effect, for example, there are pods that cannot be scheduled and the value of a metric reaches the threshold, scale-out is performed first for the unschedulable pods.

                                                +

                                                If both a node scaling policy and the configuration in the Autoscaler add-on take effect, for example, there are pods that cannot be scheduled and the value of a metric reaches the threshold, scale-out is performed first for the unschedulable pods.

                                                • If the scale-out succeeds for the unschedulable pods, the system skips the metric-based rule logic and enters the next loop.
                                                • If the scale-out fails for the unschedulable pods, the metric-based rule is executed.

                                                Prerequisites

                                                Before using the node scaling function, you must install the CCE Cluster Autoscaler add-on of v1.13.8 or later in the cluster.

                                                -

                                                Constraints

                                                • If there are no nodes in a node pool, Autoscaler cannot obtain the CPU or memory data of the node, and the node scaling rule triggered using these metrics will not take effect.
                                                • If the driver of a GPU node is not installed, Autoscaler determines that the node is not fully available and the node scaling rules triggered using the CPU or memory metrics will not take effect.
                                                • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                  • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                                  • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                  +

                                                  Notes and Constraints

                                                  • If there are no nodes in a node pool, Autoscaler cannot obtain the CPU or memory data of the node, and the node scaling rule triggered using these metrics will not take effect.
                                                  • If the driver of a GPU node is not installed, Autoscaler determines that the node is not fully available and the node scaling rules triggered using the CPU or memory metrics will not take effect.
                                                  • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                    • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affect cluster scaling.
                                                    • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                  -

                                                  Configuring Node Pool Scaling Policies

                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                  2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.

                                                    • If the auto scaling add-on has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                    • If the auto scaling add-on has been installed, directly configure auto scaling policies.
                                                    +

                                                    Configuring Node Pool Scaling Policies

                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                    2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.

                                                      • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                      • If Autoscaler has been installed, directly configure auto scaling policies.

                                                    3. Configure auto scaling policies.

                                                      AS Configuration

                                                      • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. You can add multiple node scaling policies, a maximum of one CPU usage-based rule, and one memory usage-based rule. The total number of rules cannot exceed 10.
                                                        The following table lists custom rules.
                                                        -
                                                        Table 1 Custom rules

                                                        Rule Type

                                                        @@ -20,9 +20,9 @@

                                                        Metric-based

                                                        • Trigger: Select CPU allocation rate or Memory allocation rate and enter a value. The value must be greater than the scale-in percentage configured in the auto scaling add-on.
                                                          NOTE:
                                                          • Resource allocation (%) = Resources requested by pods in the node pool/Resources allocatable to pods in the node pool
                                                          • If multiple rules meet the conditions, the rules are executed in either of the following modes:

                                                            If rules based on the CPU allocation rate and memory allocation rate are configured and two or more rules meet the scale-out conditions, the rule that will add the most nodes will be executed.

                                                            -

                                                            If a rule based on the CPU allocation rate and a periodic rule are configured and they both meet the scale-out conditions, one of them will be executed randomly. The rule executed first (rule A) changes the node pool to the scaling state. As a result, the other rule (rule B) cannot be executed. After rule A is executed and the node pool status becomes normal, rule B will not be executed.

                                                            -
                                                          • If rules based on the CPU allocation rate and memory allocation rate are configured, the policy detection period varies with the processing logic of each loop of the Autoscaler add-on. A scale-out is triggered once the conditions are met, but it is constrained by other factors such as the cooldown period and node pool status.
                                                          • When the number of nodes in the cluster reaches the upper limit, or the CPU or memory usage reaches the upper limit of the autoscaler add-on, node scale-out will not be triggered.
                                                          +
                                                        • Trigger: Select CPU allocation rate or Memory allocation rate and enter a value. The percentage must be greater than the value specified in the node resource requirements for a node scale-in when you configure a scaling policy (Configuring an Auto Scaling Policy for a Cluster).
                                                          NOTE:
                                                          • Resource allocation (%) = Resources requested by pods in the node pool/Resources allocatable to pods in the node pool
                                                          • If multiple rules meet the conditions, the rules are executed in either of the following modes:

                                                            If rules based on the CPU allocation rate and memory allocation rate are configured and two or more rules meet the scale-out conditions, the rule that will add the most nodes will be executed.

                                                            +

                                                            If a rule is configured based on the CPU allocation rate and a periodic rule and both the rules meet the scale-out conditions, the periodic rule executed early changes the node pool to the scaling state. As a result, the metric-based rule cannot be executed. After the periodic rule is executed and the node pool status becomes normal, the metric-based rule will not be executed. If the metric-based rule is executed early, the periodic rule will be executed after the metric-based rule is executed.

                                                            +
                                                          • If a rule is configured based on the CPU allocation rate and memory allocation rate, the policy detection period varies with the processing logic of each loop of the Autoscaler add-on. A scale-out is triggered once the conditions are met, but it is constrained by other factors such as the cooldown period and node pool status.
                                                          • If the number of nodes reaches the upper limit of the cluster scale, the upper limit of the nodes supported in a node pool, or the upper limit of the nodes of a specific flavor, a metric-based scale-out will not be triggered.
                                                          • If the number of nodes, CPUs, or memory resources reaches the upper limit for a node scale-out, a metric-based scale-out will not be triggered.
                                                        • Action: Configure an action to be performed when the triggering condition is met.
                                                          • Custom: Add a specified number of nodes to a node pool.
                                                          • Auto calculation: When the trigger condition is met, nodes are automatically added and the allocation rate is restored to a value lower than the threshold. The formula is as follows:

                                                            Number of nodes to be added = [Resource request of pods in the node pool/(Available resources of a single node x Target allocation rate)] – Number of current nodes + 1

                                                          @@ -38,24 +38,25 @@
                                                        -
                                                      • Nodes: The number of nodes in a node pool will always be within the range during auto scaling.
                                                      • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in.
                                                      +
                                                    4. Nodes: The number of nodes in a node pool will always be within the range during auto scaling.
                                                    5. Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in.

                                                AS Object

                                                -

                                                Specification selection: Configure whether to enable auto scaling for node flavors in a node pool.

                                                +
                                                • Specifications: Configure whether to enable auto scaling for node flavors in a node pool.

                                                  If multiple flavors are configured for a node pool, you can specify the upper limit for the number of nodes and the priority for each flavor separately.

                                                  +
                                                  +

                                              • View cluster-level auto scaling configurations, which take effect for all node pools in the cluster. On this page, you can only view cluster-level auto scaling policies. To modify these policies, go to the Settings page. For details, see Configuring an Auto Scaling Policy for a Cluster.
                                              • After the configuration is complete, click OK.

                                                • Configuring an Auto Scaling Policy for a Cluster

                                                An auto scaling policy takes effect on all node pools in a cluster. After the policy is modified, the Autoscaler add-on will be restarted.

                                                -
                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                2. In the navigation pane, choose Settings and click the Auto Scaling tab.
                                                3. Configure for an elastic scale-out.

                                                  • Auto Scale-out when the load cannot be scheduled: When workload pods in a cluster cannot be scheduled (pods remain in pending state), CCE automatically adds nodes to the slave node pool. If a node has been configured to be affinity for pods, no node will not be automatically added when pods cannot be scheduled. Such auto scaling typically works with an HPA policy. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.

                                                    If this function is not enabled, scaling can be performed only using custom scaling policies.

                                                    -
                                                  • Upper limit of resources to be expanded: Configure an upper limit for the total resources in the cluster. When the upper limit is reached, nodes will not be automatically added.

                                                    When the total number of nodes, CPUs, and memory is collected, unavailable nodes in custom node pools are included but unavailable nodes in the default node pool are not included.

                                                    -
                                                    -
                                                  • Scale-Out Priority: You can drag and drop the node pools in a list to adjust their scale-out priorities.
                                                  +
                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                  2. In the navigation pane, choose Settings and click the Auto Scaling tab.

                                                    • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                    • If Autoscaler has been installed, directly configure scaling policies.
                                                    +

                                                  3. Configure for an elastic scale-out.

                                                    • Auto Scale-out when the load cannot be scheduled: When workload pods in a cluster cannot be scheduled (pods remain in pending state), CCE automatically adds nodes to the slave node pool. If a pod has been scheduled to a node, the node will not be involved in an automatic scale-out. Such auto scaling typically works with an HPA policy. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.

                                                      If this function is not enabled, custom scaling rules are the only option for performing a scale-out.

                                                      +
                                                    • Upper limit of resources to be expanded: the upper limit for the cluster's resources, such as the number of nodes, CPU cores, and memory. Once this limit is reached, no new nodes will be automatically added.
                                                    • Scale-Out Priority: You can drag and drop the node pools in a list to adjust their scale-out priorities.

                                                  4. Configure for an elastic scale-in. Elastic scale-in is disabled by default. After it is enabled, the following configurations are supported:

                                                    Node Scale-In Conditions: Nodes in a cluster are automatically scaled in when the scale-in conditions are met.
                                                    • Node Resource Condition: When the requested cluster node resources (both CPU and memory) are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), a cluster scale-in is triggered.
                                                    • Node Status Condition: If a node is unavailable for a specified period of time, the node will be automatically reclaimed. The default value is 20 minutes.
                                                    • Scale-in Exception Scenarios: When a node meets the following exception scenarios, CCE will not scale in the node even if the node resources or status meets scale-in conditions:
                                                      1. Resources on other nodes in the cluster are insufficient.
                                                      2. Scale-in protection is enabled on the node. To enable or disable node scale-in protection, choose Nodes in the navigation pane and then click the Nodes tab. Locate the target node, choose More, and then enable or disable node scale-in protection in the Operation column.
                                                      3. There is a pod with the non-scale label on the node.
                                                      4. Policies such as reliability have been configured on some containers on the node.
                                                      5. There are non-DaemonSet containers in the kube-system namespace on the node.
                                                      6. (Optional) A container managed by a third-party pod controller is running on a node. Third-party pod controllers are for custom workloads except Kubernetes-native workloads such as Deployments and StatefulSets. Such controllers can be created using CustomResourceDefinitions.
                                                    Node Scale-in Policy
                                                    • Number of Concurrent Scale-In Requests: maximum number of idle nodes that can be concurrently deleted. Default value: 10.
                                                      Only idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.

                                                      During a node scale-in, if the pods on the node do not need to be evicted (such as DaemonSet pods), the node is idle. Otherwise, the node is not idle.

                                                      -
                                                    • Node Recheck Timeout: interval for rechecking a node that could not be removed. Default value: 5 minutes.
                                                    • Cooldown Time
                                                      • Scale-in Cooldown Time After Scale-out: Default value: 10 minutes.

                                                        If both auto scale-out and scale-in exist in a cluster, set Scale-in Cooldown Time After Scale-out to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.

                                                        +
                                                      • Node Recheck Timeout: interval for rechecking a node that could not be removed. Default value: 5 minutes.
                                                      • Cooldown Period
                                                        • Scale-in Cooldown Time After Scale-out: Default value: 10 minutes.

                                                          If both auto scale-out and scale-in exist in a cluster, set Scale-in Cooldown Time After Scale-out to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.

                                                        • Scale-in Cooldown Time After Node Deletion: Default value: 10 minutes.
                                                        • Scale-in Cooldown Time After Failure: Default value: 3 minutes. For details, see Cooldown Period.
                                                      @@ -210,7 +211,7 @@ spec:

                                              String

                                              Metric threshold of a metric-based rule. The value can be any integer from 1 to 100 and must be a character string.

                                              +

                                              Threshold of the metric rule. The value can be an integer ranging from 1 to 100 and must be a character. If the value is set to -1, the threshold is automatically calculated.

                                              spec.rules[x].metricTrigger.Unit

                                              diff --git a/docs/cce/umn/cce_10_0210.html b/docs/cce/umn/cce_10_0210.html index 18077a26..d836d22f 100644 --- a/docs/cce/umn/cce_10_0210.html +++ b/docs/cce/umn/cce_10_0210.html @@ -42,8 +42,8 @@

                                              Procedure

                                              1. Create a CCE cluster.

                                                Create a cluster with the same specifications and configurations as the cluster of the earlier version. For details, see Creating a CCE Standard/Turbo Cluster.

                                              2. Add a node.

                                                Add a node with the same specifications and manual configuration items. For details, see Creating a Node.

                                                -

                                              3. Create a storage volume in the new cluster.

                                                Use the existing storage to create a PVC in the new cluster. The PVC name remains unchanged. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.

                                                -

                                                Storage switching supports only OBS buckets and SFS Turbo file systems. If non-shared storage is used, suspend the workloads in the old cluster to switch the storage resources. As a result, services will be unavailable.

                                                +

                                              4. Create a storage volume in the new cluster.

                                                Use the existing storage to create a PVC in the new cluster. The PVC name remains unchanged. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.

                                                +

                                                Storage switching supports only shared storage such as OBS and SFS Turbo. If non-shared storage is used, suspend the workloads in the old cluster to switch the storage resources. In this case, services will be unavailable.

                                              5. Create a workload in the new cluster.

                                                Create a workload in the new cluster. The name and specifications remain unchanged. For details, see Creating a Deployment or Creating a StatefulSet.

                                              6. Mount the storage again.

                                                Remount the existing storage in the workload. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.

                                                diff --git a/docs/cce/umn/cce_10_0212.html b/docs/cce/umn/cce_10_0212.html index 63406829..63a8815b 100644 --- a/docs/cce/umn/cce_10_0212.html +++ b/docs/cce/umn/cce_10_0212.html @@ -1,9 +1,7 @@

                                                Deleting a Cluster

                                                -

                                                Precautions

                                                • Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workloads, and Services. Related services cannot be restored. Before performing this operation, ensure that data has been backed up or migrated. Deleted data cannot be restored.
                                                  Resources that are not created in CCE will not be deleted:
                                                  • Accepted nodes (only the nodes created in CCE are deleted)
                                                  • ELB load balancers associated with Services and ingresses (only the automatically created load balancers are deleted)
                                                  • Manually created cloud storage resources associated with PVs or imported cloud storage resources (only the cloud storage resources automatically created by PVCs are deleted)
                                                  -
                                                  -
                                                • If you delete a cluster that is not running (for example, unavailable), associated resources, such as storage and networking resources, will remain.
                                                +

                                                Precautions

                                                • Deleting a cluster will delete the workloads and Services in the cluster, and the deleted data cannot be recovered. Before performing this operation, ensure that related data has been backed up or migrated.
                                                • If you choose to delete a cluster with the nodes in it, the system disks and data disks attached to the nodes will also be deleted. Back up data before the deletion.
                                                • If you delete a cluster that is not running (for example, unavailable), associated resources, such as storage and networking resources, will remain.

                                                Deleting a Cluster

                                                A hibernated cluster cannot be deleted. Wake up the cluster and try again.

                                                diff --git a/docs/cce/umn/cce_10_0213.html b/docs/cce/umn/cce_10_0213.html index 5cb7ac74..1a4525c4 100644 --- a/docs/cce/umn/cce_10_0213.html +++ b/docs/cce/umn/cce_10_0213.html @@ -1,405 +1,578 @@ -

                                                Cluster Configuration Management

                                                +

                                                Modifying Cluster Configurations

                                                Scenario

                                                CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.

                                                -

                                                Constraints

                                                This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.

                                                -

                                                Procedure

                                                1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                2. Locate the target cluster, click ... to view more operations on the cluster, and choose Manage.
                                                3. On the Manage Components page on the right, change the values of the Kubernetes parameters listed in the following table.

                                                  -

                                                  Table 1 kube-apiserver configuration

                                                  Item

                                                  +
                                                  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + +
                                                  Table 1 kube-apiserver configurations

                                                  Item

                                                  Parameter

                                                  +

                                                  Parameter

                                                  Description

                                                  +

                                                  Description

                                                  Value

                                                  +

                                                  Value

                                                  Toleration time for nodes in NotReady state

                                                  +

                                                  Toleration time for nodes in NotReady state

                                                  default-not-ready-toleration-seconds

                                                  +

                                                  default-not-ready-toleration-seconds

                                                  Specifies the default tolerance time. The configuration takes effect for all pods by default. You can configure different tolerance time for pods. In this case, the tolerance time configured for the pod is used. For details, see Taints and Tolerations.

                                                  +

                                                  Specifies the default tolerance time. The configuration takes effect for all pods by default. You can configure different tolerance time for pods. In this case, the tolerance time configured for the pod is used. For details, see Configuring Tolerance Policies.

                                                  If the specified tolerance time is too short, pods may be frequently migrated in scenarios like a network jitter. If the specified tolerance time is too long, services may be interrupted during this period after the node is faulty.

                                                  Default: 300s

                                                  +

                                                  Default: 300s

                                                  Toleration time for nodes in unreachable state

                                                  +

                                                  Toleration time for nodes in unreachable state

                                                  default-unreachable-toleration-seconds

                                                  +

                                                  default-unreachable-toleration-seconds

                                                  Specifies the default tolerance time. The configuration takes effect for all pods by default. You can configure different tolerance time for pods. In this case, the tolerance time configured for the pod is used. For details, see Taints and Tolerations.

                                                  +

                                                  Specifies the default tolerance time. The configuration takes effect for all pods by default. You can configure different tolerance time for pods. In this case, the tolerance time configured for the pod is used. For details, see Configuring Tolerance Policies.

                                                  If the specified tolerance time is too short, pods may be frequently migrated in scenarios like a network jitter. If the specified tolerance time is too long, services may be interrupted during this period after the node is faulty.

                                                  Default: 300s

                                                  +

                                                  Default: 300s

                                                  Maximum Number of Concurrent Modification API Calls

                                                  +

                                                  Maximum Number of Concurrent Modification API Calls

                                                  max-mutating-requests-inflight

                                                  +

                                                  max-mutating-requests-inflight

                                                  Maximum number of concurrent mutating requests. When the value of this parameter is exceeded, the server rejects requests.

                                                  +

                                                  Maximum number of concurrent mutating requests. When the value of this parameter is exceeded, the server rejects requests.

                                                  The value 0 indicates that there is no limitation on the maximum number of concurrent modification requests. This parameter is related to the cluster scale. You are advised not to change the value.

                                                  Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.

                                                  +

                                                  Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.

                                                  • 200 for clusters with 50 or 200 nodes
                                                  • 500 for clusters with 1000 nodes
                                                  • 1000 for clusters with 2000 nodes

                                                  Maximum Number of Concurrent Non-Modification API Calls

                                                  +

                                                  Maximum Number of Concurrent Non-Modification API Calls

                                                  max-requests-inflight

                                                  +

                                                  max-requests-inflight

                                                  Maximum number of concurrent non-mutating requests. When the value of this parameter is exceeded, the server rejects requests.

                                                  +

                                                  Maximum number of concurrent non-mutating requests. When the value of this parameter is exceeded, the server rejects requests.

                                                  The value 0 indicates that there is no limitation on the maximum number of concurrent non-modification requests. This parameter is related to the cluster scale. You are advised not to change the value.

                                                  Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.

                                                  +

                                                  Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.

                                                  • 400 for clusters with 50 or 200 nodes
                                                  • 1000 for clusters with 1000 nodes
                                                  • 2000 for clusters with 2000 nodes

                                                  NodePort port range

                                                  +

                                                  NodePort port range

                                                  service-node-port-range

                                                  +

                                                  service-node-port-range

                                                  NodePort port range. After changing the value, go to the security group page and change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed externally.

                                                  +

                                                  NodePort port range. After changing the value, go to the security group page and change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed externally.

                                                  If the port number is smaller than 20106, a conflict may occur between the port and the CCE health check port, which may further lead to unavailable cluster. If the port number is greater than 32767, a conflict may occur between the port and the ports in net.ipv4.ip_local_port_range, which may further affect the network performance.

                                                  Default: 30000 to 32767

                                                  +

                                                  Default: 30000 to 32767

                                                  Value range:

                                                  Min > 20105

                                                  Max < 32768

                                                  Request Timeout

                                                  +

                                                  Request Timeout

                                                  request-timeout

                                                  +

                                                  request-timeout

                                                  Default request timeout interval of kube-apiserver. Exercise caution when changing the value of this parameter. Ensure that the changed value is proper to prevent frequent API timeout or other errors.

                                                  +

                                                  Default request timeout interval of kube-apiserver. Exercise caution when changing the value of this parameter. Ensure that the changed value is proper to prevent frequent API timeout or other errors.

                                                  This parameter is available only in clusters of v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later versions.

                                                  Default: 1m0s

                                                  +

                                                  Default: 1m0s

                                                  Value range:

                                                  Min ≥ 1s

                                                  Max ≤ 1 hour

                                                  Overload Control

                                                  +

                                                  Overload Control

                                                  support-overload

                                                  +

                                                  support-overload

                                                  Cluster overload control. If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.

                                                  +

                                                  Cluster overload control. If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.

                                                  This parameter is available only in clusters of v1.23 or later.

                                                  • false: Overload control is disabled.
                                                  • true: Overload control is enabled.
                                                  +
                                                  • false: Overload control is disabled.
                                                  • true: Overload control is enabled.
                                                  +

                                                  Node Restriction Add-on

                                                  +

                                                  enable-admission-plugin-node-restriction

                                                  +

                                                  This add-on allows the Kubelet of a node to operate only the objects of the current node for enhanced isolation in multi-tenant scenarios or the scenarios with high security requirements.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +

                                                  Default: true

                                                  +

                                                  Pod Node Selector Add-on

                                                  +

                                                  enable-admission-plugin-pod-node-selector

                                                  +

                                                  This add-on allows cluster administrators to configure the default node selector through namespace annotations. In this way, pods run only on specific nodes and configurations are simplified.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +

                                                  Default: true

                                                  +

                                                  Pod Toleration Limit Add-on

                                                  +

                                                  enable-admission-plugin-pod-toleration-restriction

                                                  +

                                                  This add-on allows cluster administrators to configure the default value and limits of pod tolerations through namespaces for fine-grained control over pod scheduling and key resource protection.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +

                                                  Default: false

                                                  +

                                                  API Audience Settings

                                                  +

                                                  api-audiences

                                                  +

                                                  Audiences for a service account token. The Kubernetes component for authenticating service account tokens checks whether the token used in an API request specifies authorized audiences.

                                                  +

                                                  Configuration suggestion: Accurately configure audiences according to the communication needs among cluster services. By doing so, the service account token is used for authentication only between authorized services, which enhances security.

                                                  +
                                                  NOTE:

                                                  An incorrect configuration may lead to an authentication communication failure between services or an error during token verification.

                                                  +
                                                  +

                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.

                                                  +

                                                  Default value: "https://kubernetes.default.svc.cluster.local"

                                                  +

                                                  Multiple values can be configured, which are separated by commas (,).

                                                  +

                                                  Service Account Token Issuer Identity

                                                  +

                                                  service-account-issuer

                                                  +

                                                  Entity identifier for issuing a service account token, which is the value identified by the iss field in the payload of the service account token.

                                                  +

                                                  Configuration suggestion: Ensure the configured issuer URL can be accessed in the cluster and trusted by the authentication system in the cluster.

                                                  +
                                                  NOTE:

                                                  If your specified issuer URL is untrusted or inaccessible, the authentication process based on the service account may fail.

                                                  +
                                                  +

                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.

                                                  +

                                                  Default value: "https://kubernetes.default.svc.cluster.local"

                                                  +

                                                  Multiple values can be configured, which are separated by commas (,).
                                                  -
                                                  Table 2 Scheduler configurations

                                                  Item

                                                  +
                                                  - - - - - - - - - - - - - - -
                                                  Table 2 Scheduler configurations

                                                  Item

                                                  Parameter

                                                  +

                                                  Parameter

                                                  Description

                                                  +

                                                  Description

                                                  Value

                                                  +

                                                  Value

                                                  Qps for communicating with kube-apiserver

                                                  +

                                                  QPS for communicating with kube-apiserver

                                                  kube-api-qps

                                                  +

                                                  kube-api-qps

                                                  QPS for communicating with kube-apiserver.

                                                  +

                                                  QPS for communicating with kube-apiserver.

                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If a cluster contains 1000 or more nodes, the default value is 200.
                                                  +
                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If the number of nodes in a cluster is 1000 or more, the default value is 200.

                                                  Burst for communicating with kube-apiserver

                                                  +

                                                  Burst for communicating with kube-apiserver

                                                  kube-api-burst

                                                  +

                                                  kube-api-burst

                                                  Burst for communicating with kube-apiserver.

                                                  +

                                                  Burst for communicating with kube-apiserver.

                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If a cluster contains 1000 or more nodes, the default value is 200.
                                                  +
                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If the number of nodes in a cluster is 1000 or more, the default value is 200.

                                                  Whether to enable GPU sharing

                                                  +

                                                  Whether to enable GPU sharing

                                                  enable-gpu-share

                                                  +

                                                  enable-gpu-share

                                                  Whether to enable GPU sharing. This parameter is supported only by clusters of v1.23.7-r10, v1.25.3-r0, and later.

                                                  -
                                                  • When disabled, ensure that pods in the cluster do not use the shared GPU (that is, the annotation of cce.io/gpu-decision does not exist in pods).
                                                  • When enabled, ensure that the annotation of cce.io/gpu-decision exists in pods that use GPU resources in the cluster.
                                                  +

                                                  Whether to enable GPU sharing. This parameter is supported only by clusters of v1.23.7-r10, v1.25.3-r0, and later.

                                                  +
                                                  • When disabled, ensure that pods in the cluster cannot use shared GPUs (no cce.io/gpu-decision annotation in pods).
                                                  • When enabled, ensure that there is a cce.io/gpu-decision annotation on all pods that use GPU resources in the cluster.

                                                  Default: true

                                                  +

                                                  Default: true
                                                  -
                                                  Table 3 kube-controller-manager configurations

                                                  Item

                                                  +
                                                  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + +
                                                  Table 3 kube-controller-manager configurations

                                                  Item

                                                  Parameter

                                                  +

                                                  Parameter

                                                  Description

                                                  +

                                                  Description

                                                  Value

                                                  +

                                                  Value

                                                  Number of concurrent processing of deployment

                                                  +

                                                  Number of concurrent processing of deployment

                                                  concurrent-deployment-syncs

                                                  +

                                                  concurrent-deployment-syncs

                                                  Number of deployment objects that are allowed to sync concurrently

                                                  +

                                                  Number of deployment objects that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  Concurrent processing number of endpoint

                                                  +

                                                  Concurrent processing number of endpoint

                                                  concurrent-endpoint-syncs

                                                  +

                                                  concurrent-endpoint-syncs

                                                  Number of endpoint syncing operations that will be done concurrently

                                                  +

                                                  Number of endpoint syncing operations that will be done concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  Concurrent number of garbage collector

                                                  +

                                                  Concurrent number of garbage collector

                                                  concurrent-gc-syncs

                                                  +

                                                  concurrent-gc-syncs

                                                  Number of garbage collector workers that are allowed to sync concurrently

                                                  +

                                                  Number of garbage collector workers that can be synchronized concurrently

                                                  Default: 20

                                                  +

                                                  Default: 20

                                                  Number of job objects allowed to sync simultaneously

                                                  +

                                                  Number of job objects allowed to sync simultaneously

                                                  concurrent-job-syncs

                                                  +

                                                  concurrent-job-syncs

                                                  Number of job objects that are allowed to sync concurrently

                                                  +

                                                  Number of job objects that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  Number of CronJob objects allowed to sync simultaneously

                                                  +

                                                  Number of CronJob objects allowed to sync simultaneously

                                                  concurrent-cron-job-syncs

                                                  +

                                                  concurrent-cron-job-syncs

                                                  Number of scheduled jobs that can be synchronized concurrently.

                                                  +

                                                  Number of scheduled jobs that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  Number of concurrent processing of namespace

                                                  +

                                                  Number of concurrent processing of namespace

                                                  concurrent-namespace-syncs

                                                  +

                                                  concurrent-namespace-syncs

                                                  Number of namespace objects that are allowed to sync concurrently

                                                  +

                                                  Number of namespace objects that can be synchronized concurrently

                                                  Default: 10

                                                  +

                                                  Default: 10

                                                  Concurrent processing number of replicaset

                                                  +

                                                  Concurrent processing number of replicaset

                                                  concurrent-replicaset-syncs

                                                  +

                                                  concurrent-replicaset-syncs

                                                  Number of replica sets that are allowed to sync concurrently

                                                  +

                                                  Number of replica sets that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  ResourceQuota

                                                  +

                                                  ResourceQuota

                                                  concurrent-resource-quota-syncs

                                                  +

                                                  concurrent-resource-quota-syncs

                                                  Number of resource quotas that are allowed to sync concurrently

                                                  +

                                                  Number of resource quotas that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  Concurrent processing number of service

                                                  +

                                                  Concurrent processing number of service

                                                  concurrent-service-syncs

                                                  +

                                                  concurrent-service-syncs

                                                  Number of services that are allowed to sync concurrently

                                                  +

                                                  Number of services that can be synchronized concurrently

                                                  Default: 10

                                                  +

                                                  Default: 10

                                                  Concurrent processing number of serviceaccount-token

                                                  +

                                                  Concurrent processing number of serviceaccount-token

                                                  concurrent-serviceaccount-token-syncs

                                                  +

                                                  concurrent-serviceaccount-token-syncs

                                                  Number of service account token objects that are allowed to sync concurrently

                                                  +

                                                  Number of service account token objects that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  Concurrent processing of ttl-after-finished

                                                  +

                                                  Concurrent processing of ttl-after-finished

                                                  concurrent-ttl-after-finished-syncs

                                                  +

                                                  concurrent-ttl-after-finished-syncs

                                                  Number of ttl-after-finished-controller workers that are allowed to sync concurrently

                                                  +

                                                  Number of ttl-after-finished-controller workers that can be synchronized concurrently

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  RC

                                                  +

                                                  RC

                                                  concurrent-rc-syncs

                                                  +

                                                  concurrent_rc_syncs (used in clusters of v1.19 or earlier)

                                                  +

                                                  concurrent-rc-syncs (used in clusters of v1.21 through v1.25.3-r0)

                                                  Number of replication controllers that are allowed to sync concurrently

                                                  -
                                                  NOTE:

                                                  This parameter is used only in clusters of v1.21 to v1.23. In clusters of v1.25 and later, this parameter is deprecated (officially deprecated from v1.25.3-r0 on).

                                                  +

                                                  Number of replication controllers that can be synchronized concurrently

                                                  +
                                                  NOTE:

                                                  This parameter is no longer supported in clusters of v1.25.3-r0 and later versions.

                                                  Default: 5

                                                  +

                                                  Default: 5

                                                  HPA

                                                  +

                                                  HPA

                                                  concurrent-horizontal-pod-autoscaler-syncs

                                                  +

                                                  concurrent-horizontal-pod-autoscaler-syncs

                                                  Number of HPA auto scaling requests that can be concurrently processed.

                                                  +

                                                  Number of HPA auto scaling requests that can be concurrently processed

                                                  Default 1 for clusters earlier than v1.27 and 5 for clusters earlier than v1.27

                                                  +

                                                  Default 1 for clusters earlier than v1.27 and 5 for clusters of v1.27 or later

                                                  Value range: 1 to 50

                                                  Cluster elastic computing period

                                                  +

                                                  Cluster elastic computing period

                                                  horizontal-pod-autoscaler-sync-period

                                                  +

                                                  horizontal-pod-autoscaler-sync-period

                                                  How often HPA audits metrics in a cluster.

                                                  +

                                                  Period for the horizontal pod autoscaler to perform auto scaling on pods. A smaller value will result in a faster auto scaling response and higher CPU load.

                                                  +
                                                  NOTE:

                                                  Make sure to configure this parameter properly as a lengthy period can cause the controller to respond slowly, while a short period may overload the cluster control plane.

                                                  +

                                                  Default: 15 seconds

                                                  +

                                                  Default: 15 seconds

                                                  Qps for communicating with kube-apiserver

                                                  +

                                                  Horizontal Pod Scaling Tolerance

                                                  kube-api-qps

                                                  +

                                                  horizontal-pod-autoscaler-tolerance

                                                  QPS for communicating with kube-apiserver

                                                  +

                                                  The configuration determines how quickly the horizontal pod autoscaler will act to auto scaling policies. If the parameter is set to 0, auto scaling will be triggered immediately when the related metrics are met.

                                                  +

                                                  Configuration suggestion: If the service resource usage increases sharply over time, retain a certain tolerance to prevent auto scaling which is beyond expectation in high resource usage scenarios.

                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If a cluster contains 1000 or more nodes, the default value is 200.
                                                  +

                                                  Default: 0.1

                                                  Burst for communicating with kube-apiserver

                                                  +

                                                  HPA CPU Initialization Period

                                                  kube-api-burst

                                                  +

                                                  horizontal-pod-autoscaler-cpu-initialization-period

                                                  Burst for communicating with kube-apiserver.

                                                  +

                                                  During the period specified by this parameter, the CPU usage data used in HPA calculation is limited to pods that are both ready and have recently had their metrics collected. You can use this parameter to filter out unstable CPU usage data during the early stage of pod startup. This helps prevent incorrect scaling decisions based on momentary peak values.

                                                  +

                                                  Configuration suggestion: If you find that HPA is making incorrect scaling decisions due to CPU usage fluctuations during pod startup, increase the value of this parameter to allow for a buffer period of stable CPU usage.

                                                  +
                                                  NOTE:

                                                  Make sure to configure this parameter properly as a small value may trigger unnecessary scaling based on peak CPU usage, while a large value may cause scaling to be delayed.

                                                  +

                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.

                                                  +
                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If a cluster contains 1000 or more nodes, the default value is 200.
                                                  +

                                                  Default: 5 minutes

                                                  The maximum number of terminated pods that can be kept before the Pod GC deletes the terminated pod

                                                  +

                                                  HPA Initial Readiness Delay

                                                  terminated-pod-gc-threshold

                                                  +

                                                  horizontal-pod-autoscaler-initial-readiness-delay

                                                  Number of terminated pods that can exist in a cluster. If there are more terminated pods than the expected number in the cluster, the terminated pods that exceed the number will be deleted.

                                                  +

                                                  After CPU initialization, this period allows HPA to use a less strict criterion for filtering CPU metrics. During this period, HPA will gather data on the CPU usage of the pod for scaling, regardless of any changes in the pod's readiness status. This parameter ensures continuous tracking of CPU usage, even when the pod status changes frequently.

                                                  +

                                                  Configuration suggestion: If the readiness status of pods fluctuates after startup and you want to prevent HPA misjudgment caused by the fluctuation, increase the value of this parameter to allow HPA to gather more comprehensive CPU usage data.

                                                  +
                                                  NOTE:

                                                  Configure this parameter properly. If it is set to a small value, an unnecessary scale-out may occur due to CPU data fluctuations when the pod enters the ready state. If it is set to a large value, HPA may not be able to make a quick decision when a rapid response is needed.

                                                  +

                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.

                                                  +
                                                  +

                                                  Default: 30s

                                                  +

                                                  QPS for communicating with kube-apiserver

                                                  +

                                                  kube-api-qps

                                                  +

                                                  QPS for communicating with kube-apiserver

                                                  +
                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                  +

                                                  Burst for communicating with kube-apiserver

                                                  +

                                                  kube-api-burst

                                                  +

                                                  Burst for communicating with kube-apiserver

                                                  +
                                                  • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                  • If the number of nodes in a cluster is 1000 or more, the default value is 200.
                                                  +

                                                  The maximum number of terminated pods that can be kept before the Pod GC deletes the terminated pod

                                                  +

                                                  terminated-pod-gc-threshold

                                                  +

                                                  Number of terminated pods that can exist in a cluster. If there are more terminated pods than the expected number in the cluster, the terminated pods that exceed the number will be deleted.

                                                  NOTE:

                                                  If this parameter is set to 0, all pods in the terminated state are retained.

                                                  Default: 1000

                                                  +

                                                  Default: 1000

                                                  Value range: 10 to 12500

                                                  If the cluster version is v1.21.11-r40, v1.23.8-r0, v1.27.3-r0, v1.25.6-r0, or later, the value range is changed to 0 to 100000.

                                                  Unhealthy AZ Threshold

                                                  +

                                                  unhealthy-zone-threshold

                                                  +

                                                  When more than a certain proportion of pods in an AZ are unhealthy, the AZ itself will be considered unhealthy, and scheduling pods to nodes in that AZ will be restricted to limit the impacts of the unhealthy AZ.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +
                                                  NOTE:

                                                  If the parameter is set to a large value, pods in unhealthy AZs will be migrated in a large scale, which may lead to risks such as overloaded clusters.

                                                  +
                                                  +

                                                  Default: 0.55

                                                  +

                                                  Value range: 0 to 1

                                                  +

                                                  Node Eviction Rate

                                                  +

                                                  node-eviction-rate

                                                  +

                                                  This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is healthy. The default value is 0.1, indicating that pods can be evicted from at most one node every 10 seconds.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +
                                                  NOTE:

                                                  If the parameter is set to a large value, the cluster may be overloaded. Additionally, if too many pods are evicted, they cannot be rescheduled, which will slow down fault recovery.

                                                  +
                                                  +

                                                  Default: 0.1

                                                  +

                                                  Secondary Node Eviction Rate

                                                  +

                                                  secondary-node-eviction-rate

                                                  +

                                                  This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is unhealthy. The default value is 0.01, indicating that pods can be evicted from at most one node every 100 seconds.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +
                                                  NOTE:

                                                  There is no need to set the parameter to a large value for nodes in an unhealthy AZ, and this configuration may result in overloaded clusters.

                                                  +
                                                  +

                                                  Default: 0.01

                                                  +

                                                  Configure this parameter with node-eviction-rate and set it to one-tenth of node-eviction-rate.

                                                  +

                                                  Large Cluster Threshold

                                                  +

                                                  large-cluster-size-threshold

                                                  +

                                                  If the number of nodes in a cluster is greater than the value of this parameter, this is a large cluster.

                                                  +

                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +
                                                  NOTE:

                                                  kube-controller-manager automatically adjusts configurations for large clusters to optimize the cluster performance. Therefore, an excessively small threshold for small clusters will deteriorate the cluster performance.

                                                  +
                                                  +

                                                  Default: 50

                                                  +

                                                  For the clusters with a large number of nodes, configure a relatively larger value than the default one for higher performance and faster responses of controllers. Retain the default value for small clusters. Before adjusting the value of this parameter in a production environment, check the impact of the change on cluster performance in a test environment.

                                                  +
                                                  -
                                                  Table 4 Networking component configurations (supported only by CCE Turbo clusters)

                                                  Item

                                                  +
                                                  - - - - - - - - - - - - - - - - - - - - - - -
                                                  Table 4 Network components (available only for CCE Turbo clusters)

                                                  Item

                                                  Parameter

                                                  +

                                                  Parameter

                                                  Description

                                                  +

                                                  Description

                                                  Value

                                                  +

                                                  Value

                                                  The minimum number of network cards bound to the container at the cluster level

                                                  +

                                                  The minimum number of network cards bound to the container at the cluster level

                                                  nic-minimum-target

                                                  +

                                                  nic-minimum-target

                                                  Minimum number of container ENIs bound to a node

                                                  +

                                                  Minimum number of container ENIs bound to a node

                                                  The parameter value must be a positive integer. The value 10 indicates that at least 10 container ENIs must be bound to a node. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.

                                                  Default: 10

                                                  +

                                                  Default: 10

                                                  Cluster-level node preheating container NIC upper limit check value

                                                  +

                                                  Cluster-level node preheating container NIC upper limit check value

                                                  nic-maximum-target

                                                  +

                                                  nic-maximum-target

                                                  After the number of ENIs bound to a node exceeds the nic-maximum-target value, CCE will not proactively pre-bind ENIs.

                                                  +

                                                  After the number of ENIs bound to a node exceeds the nic-maximum-target value, CCE will not proactively pre-bind ENIs.

                                                  Checking the upper limit of pre-bound container ENIs is enabled only when the value of this parameter is greater than or equal to the minimum number of container ENIs (nic-minimum-target) bound to a node.

                                                  The parameter value must be a positive integer. The value 0 indicates that checking the upper limit of pre-bound container ENIs is disabled. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.

                                                  Default: 0

                                                  +

                                                  Default: 0

                                                  Number of NICs for dynamically warming up containers at the cluster level

                                                  +

                                                  Number of NICs for dynamically warming up containers at the cluster level

                                                  nic-warm-target

                                                  +

                                                  nic-warm-target

                                                  Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.

                                                  -

                                                  When the value of nic-warm-target + the number of bound ENIs is greater than the value of nic-maximum-target, the system will pre-bind ENIs based on the difference between the value of nic-maximum-target and the number of bound ENIs.

                                                  +

                                                  Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.

                                                  +

                                                  When the sum of the nic-warm-target value and the number of ENIs bound to the node is greater than the nic-maximum-target value, CCE will pre-bind the number of ENIs specified by the difference between the nic-maximum-target value and the current number of ENIs bound to the node.

                                                  Default: 2

                                                  +

                                                  Default: 2

                                                  Cluster-level node warm-up container NIC recycling threshold

                                                  +

                                                  Cluster-level node warm-up container NIC recycling threshold

                                                  nic-max-above-warm-target

                                                  +

                                                  nic-max-above-warm-target

                                                  Only when the number of idle ENIs on a node minus the value of nic-warm-target is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. Only numbers are allowed.

                                                  -
                                                  • A large value will accelerate pod startup but slow down the unbinding of idle container ENIs and decrease the IP address usage.
                                                  • A small value will speed up the unbinding of idle container ENIs and increase the IP address usage but will slow down pod startup, especially when a large number of pods increase instantaneously.
                                                  +

                                                  Only when the difference between the number of idle ENIs on a node and the nic-warm-target value is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. The value can only be a number.

                                                  +
                                                  • A large value will accelerate pod startup but slow down the unbinding of idle container ENIs and decrease the IP address usage. Exercise caution when performing this operation.
                                                  • A small value will speed up the unbinding of idle container ENIs and increase the IP address usage but will slow down pod startup, especially when a large number of pods increase instantaneously.

                                                  Default: 2

                                                  +

                                                  Default: 2

                                                  Low threshold of the number of container ENIs bound to a node in a cluster

                                                  +

                                                  Low threshold of the number of container ENIs bound to a node in a cluster

                                                  prebound-subeni-percentage

                                                  +

                                                  prebound-subeni-percentage

                                                  High threshold of the number of bound ENIs

                                                  +

                                                  High threshold of the number of bound ENIs

                                                  NOTE:

                                                  This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.

                                                  Default: 0:0

                                                  +

                                                  Default: 0:0
                                                  -
                                                  Table 5 Extended controller configurations (supported only by clusters of v1.21 and later)

                                                  Item

                                                  +
                                                  - - - - - - + + + +
                                                  Table 5 Networking component configurations (supported only by the clusters using a VPC network)

                                                  Item

                                                  Parameter

                                                  +

                                                  Parameter

                                                  Description

                                                  +

                                                  Description

                                                  Value

                                                  +

                                                  Value

                                                  Enable resource quota management

                                                  +

                                                  Retaining the non-masqueraded CIDR block of the original pod IP address

                                                  enable-resource-quota

                                                  +

                                                  nonMasqueradeCIDRs

                                                  Indicates whether to automatically create a ResourceQuota when creating a namespace. With quota management, you can control the number of workloads of each type and the upper limits of resources in a namespace or related dimensions.

                                                  +

                                                  In a CCE cluster using the VPC network model, if a container in the cluster needs to access externally, the source pod IP address must be masqueraded as the IP address of the node where the pod resides through SNAT. After the configuration, the node will not SNAT the IP addresses in the CIDR block by default. This function is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.

                                                  +

                                                  By default, nodes in a cluster do not perform SNAT on packets destined for 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 that is detected by CCE as a private CIDR block. Instead, these packets are directly transferred using the upper-layer VPC. (The three CIDR blocks are considered as internal networks in the cluster and are reachable at Layer 3 by default.)

                                                  +

                                                  Default: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16

                                                  +
                                                  NOTE:

                                                  To enable cross-node pod access, the CIDR block of the node where the target pod runs must be added.

                                                  +

                                                  Similarly, to enable cross-ECS pod access in a VPC, the CIDR block of the ECS where the target pod runs must be added.

                                                  +
                                                  +
                                                  +
                                                  + +
                                                  + + + + + + + + - diff --git a/docs/cce/umn/cce_10_0214.html b/docs/cce/umn/cce_10_0214.html index 0467ce9d..72e43dd8 100644 --- a/docs/cce/umn/cce_10_0214.html +++ b/docs/cce/umn/cce_10_0214.html @@ -1,11 +1,10 @@ -

                                                  Hibernating and Waking Up a Cluster

                                                  -

                                                  Scenario

                                                  If you do not need to use a cluster temporarily, hibernate the cluster.

                                                  +

                                                  Hibernating or Waking Up a Cluster

                                                  +

                                                  Scenario

                                                  If a pay-per-use cluster is not needed temporarily, hibernate it to reduce costs.

                                                  After a cluster is hibernated, resources such as workloads cannot be created or managed in the cluster.

                                                  -

                                                  A hibernated cluster can be quickly woken up and used properly.

                                                  -

                                                  Constraints

                                                  • During cluster wakeup, the master node may fail to start due to insufficient resources, which leads to a cluster wakeup failure. In this case, wait for a while and try again.
                                                  • After a cluster is woken up, it takes 3 to 5 minutes to initialize data. Deliver services after the cluster runs properly.
                                                  +

                                                  Precautions

                                                  • During cluster wakeup, the master node may fail to start due to insufficient resources, which leads to a cluster wakeup failure. In this case, wait for a while and try again.
                                                  • After a cluster is woken up, it takes 3 to 5 minutes to initialize data. Deliver services after the cluster runs properly.

                                                  Hibernating a Cluster

                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                  2. Locate the cluster to be hibernated, click ... to view more operations on the cluster, and choose Hibernate.
                                                  3. In the dialog box displayed, check the precautions and click Yes. Wait until the cluster is hibernated.
                                                  diff --git a/docs/cce/umn/cce_10_0215.html b/docs/cce/umn/cce_10_0215.html index cd915fbc..b7d6f990 100644 --- a/docs/cce/umn/cce_10_0215.html +++ b/docs/cce/umn/cce_10_0215.html @@ -4,7 +4,7 @@

                                                  Prerequisites

                                                  Before creating a DaemonSet, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Standard/Turbo Cluster.

                                                  -

                                                  Using the CCE Console

                                                  1. Log in to the CCE console.
                                                  2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                  3. Set basic information about the workload.

                                                    Basic Info
                                                    • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                    • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                    • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                    • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                                                    • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                    +

                                                    Using the CCE Console

                                                    1. Log in to the CCE console.
                                                    2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                    3. Set basic information about the workload.

                                                      Basic Info
                                                      • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                      • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                      • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                      • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                                                      • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                      Container Settings
                                                      • Container Information
                                                        Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                        • Basic Info: Configure basic information about the container.
                                                  Table 6 Extended controller configurations (supported only by clusters of v1.21 and later)

                                                  Item

                                                  +

                                                  Parameter

                                                  +

                                                  Description

                                                  +

                                                  Value

                                                  +

                                                  Enable resource quota management

                                                  +

                                                  enable-resource-quota

                                                  +

                                                  Indicates whether to automatically create a ResourceQuota when creating a namespace. With quota management, you can control the number of workloads of each type and the upper limits of resources in a namespace or related dimensions.

                                                  • false: Auto creation is disabled.
                                                  • true: Auto creation is enabled. For details about the resource quota defaults, see Configuring Resource Quotas.
                                                    NOTE:

                                                    In high-concurrency scenarios (for example, creating pods in batches), the resource quota management may cause some requests to fail due to conflicts. Do not enable this function unless necessary. To enable this function, ensure that there is a retry mechanism in the request client.

                                                  Default: false

                                                  +

                                                  Default: false

                                                  Parameter

                                                  @@ -82,17 +82,17 @@

                                                  (Optional) Service Settings

                                                  A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.

                                                  You can also create a Service after creating a workload. For details about Services of different types, see Overview.

                                                  -
                                                  (Optional) Advanced Settings
                                                  • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Workload Upgrade Policies.
                                                  +
                                                  (Optional) Advanced Settings
                                                  • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity is provided.
                                                    • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                                      • Specified node scheduling: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                      • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                      • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                  -
                                                  • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Taints and Tolerations.
                                                  • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                                  • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                  • Network Configuration +
                                                    • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                                                    • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                                    • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                    • Network Configuration

                                                4. Click Create Workload in the lower right corner.

                                                  5. Using kubectl

                                                  The following procedure uses Nginx as an example to describe how to create a workload using kubectl.

                                                  -
                                                  1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                  2. Create and edit the nginx-daemonset.yaml file. nginx-daemonset.yaml is an example file name, and you can change it as required.

                                                    vi nginx-daemonset.yaml

                                                    +
                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                    2. Create and edit the nginx-daemonset.yaml file. nginx-daemonset.yaml is an example file name, and you can change it as required.

                                                      vi nginx-daemonset.yaml

                                                      The content of the description file is as follows: The following provides an example. For more information on DaemonSets, see Kubernetes documents.

                                                      apiVersion: apps/v1
 kind: DaemonSet
diff --git a/docs/cce/umn/cce_10_0222.html b/docs/cce/umn/cce_10_0222.html
index 01dab87f..194c7d97 100644
--- a/docs/cce/umn/cce_10_0222.html
+++ b/docs/cce/umn/cce_10_0222.html
@@ -8,7 +8,9 @@
                                                    3. Updating an AS Configuration
                                                      4. -
                                                    4. Configuring a Node Pool
                                                      +
                                                    5. Modifying Node Pool Configurations
                                                      +
                                                      6. +
                                                    6. Accepting Nodes in a Node Pool
                                                    7. Copying a Node Pool
                                                      8. diff --git a/docs/cce/umn/cce_10_0232.html b/docs/cce/umn/cce_10_0232.html index 7f03e012..738d0ec6 100644 --- a/docs/cce/umn/cce_10_0232.html +++ b/docs/cce/umn/cce_10_0232.html @@ -7,8 +7,8 @@
                                                    8. Workload Affinity (podAffinity)/Workload Anti-affinity (podAntiAffinity): The nodes to which a pod can be scheduled are determined based on the label of the pod running on a node, but not the label of the node. Similar to node affinity, workload affinity and anti-affinity are also of requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution types.

                                                      Workload affinity and anti-affinity require a certain amount of computing time, which significantly slows down scheduling in large-scale clusters. Do not enable workload affinity and anti-affinity in a cluster that contains hundreds of nodes.

                                                      9. -

                                                      You can create the preceding affinity policies on the console. For details, see Configuring Load Affinity on the Console and Configuring Node Affinity on the Console.

                                                      -

                                                      Configuring Load Affinity on the Console

                                                      1. When creating a workload, click Scheduling in the Advanced Settings area. For details about how to create a workload, see Creating a Workload.
                                                      2. Select a load affinity scheduling policy.

                                                        • Not configured: No load affinity policy is configured.
                                                        • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                                                        • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to different AZs and different nodes through pod anti-affinity. When this scheduling policy is used, if there are fewer nodes than pods or node resources are insufficient, the extra pods will fail to run.
                                                        • Custom policies: allow flexible scheduling of workload pods based on pod labels. For details about the supported scheduling policies, see Table 1. Select a proper policy type and click to add a policy. For details about the parameters, see Table 2. +

                                                          You can create the preceding affinity policies on the console. For details, see Configuring Load Affinity on the Console or Configuring Node Affinity on the Console.

                                                          +

                                                          Configuring Load Affinity on the Console

                                                          1. When creating a workload, click Scheduling in the Advanced Settings area. For details about how to create a workload, see Creating a Workload.
                                                          2. Select a load affinity scheduling policy.

                                                            • Not configured: No load affinity policy is configured.
                                                            • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                                                            • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to different AZs and different nodes through pod anti-affinity. When this scheduling policy is used, if there are fewer nodes than pods or node resources are insufficient, the extra pods will fail to run.
                                                            • Custom policies: allow flexible scheduling of workload pods based on pod labels. For details about the supported scheduling policies, see Table 1. Select a proper policy type and click to add a policy. For details about the parameters, see Table 2.
                                                              - - - - - @@ -65,7 +65,7 @@ - -
                                                              Table 1 Load affinity policies

                                                              Policy

                                                              Type

                                                              @@ -17,39 +17,39 @@

                                                              Workload Affinity

                                                              +

                                                              Workload affinity

                                                              Required

                                                              Hard constraint, which is used to configure the conditions that must be met and corresponds to the requiredDuringSchedulingIgnoredDuringExecution field in YAML.

                                                              -

                                                              Select pods that require affinity by label. If such pods have been running on a node in the topology domain, the scheduler will forcibly schedule the created pods to that topology domain.

                                                              -
                                                              NOTE:

                                                              If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods must be affinity with all pods that meet the label filtering conditions. In this way, all pods that meet the label filtering conditions locate in the same topology domain for scheduling.

                                                              +

                                                              Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that must be met.

                                                              +

                                                              Select pods that require affinity by label. If such pods already run on a node in the topology key, the scheduler will forcibly schedule the created pods to that topology key.

                                                              +
                                                              NOTE:

                                                              If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods must be affinity with all pods that meet the label filtering conditions. In this way, all pods that meet the label filtering conditions locate in the same topology key for scheduling.

                                                              Preferred

                                                              Soft constraint, which is used to configure the conditions that preferentially to be met and corresponds to the preferredDuringSchedulingIgnoredDuringExecution field in YAML.

                                                              -

                                                              Select pods that require affinity by label. If such pods have been running on a node in the topology domain, the scheduler will preferentially schedule the created pods to that topology domain.

                                                              -
                                                              NOTE:

                                                              If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods will be preferentially to be affinity with multiple pods that meet the label filtering conditions. However, even if no pod meets the label filter conditions, a topology domain will be selected for scheduling.

                                                              +

                                                              Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that need to be met as much as possible.

                                                              +

                                                              Select pods that require affinity by label. If such pods already run on a node in the topology key, the scheduler will preferentially schedule the created pods to that topology key.

                                                              +
                                                              NOTE:

                                                              If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods will be preferentially to be affinity with multiple pods that meet the label filtering conditions. However, even if no pod meets the label filter conditions, a topology key will be selected for scheduling.

                                                              Workload Anti-Affinity

                                                              +

                                                              Workload anti-affinity

                                                              Required

                                                              Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that must be met.

                                                              -

                                                              Select one or more pods that require anti-affinity by label. If such pods have been running on a node in the topology domain, the scheduler will not schedule the created pods to that topology domain.

                                                              -
                                                              NOTE:

                                                              If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods must be anti-affinity with all pods that meet the label filtering conditions. In this way, all the topology domains where the pods that meet the label filtering conditions locate will not be scheduled.

                                                              +

                                                              Select one or more pods that require anti-affinity by label. If such pods already run on a node in the topology key, the scheduler will not schedule the created pods to that topology key.

                                                              +
                                                              NOTE:

                                                              If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods must be anti-affinity with all pods that meet the label filtering conditions. In this way, all the topology keys where the pods that meet the label filtering conditions locate will not be scheduled.

                                                              Preferred

                                                              Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that are preferentially met.

                                                              -

                                                              Select one or more pods that require anti-affinity by label. If such pods have been running on a node in the topology domain, the scheduler will preferentially schedule the created pods to other topology domains.

                                                              -
                                                              NOTE:

                                                              If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods will be preferentially to be anti-affinity with multiple pods that meet the label filtering conditions. However, even if all topology domains involve the pods that require anti-affinity, a topology domain will be selected for scheduling.

                                                              +

                                                              Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that need to be met as much as possible.

                                                              +

                                                              Select one or more pods that require anti-affinity by label. If such pods already run on a node in the topology key, the scheduler will preferentially schedule the created pods to other topology keys.

                                                              +
                                                              NOTE:

                                                              If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods will be preferentially to be anti-affinity with multiple pods that meet the label filtering conditions. However, even if all topology keys involve the pods that require anti-affinity, a topology key will be selected for scheduling.

                                                              Weight

                                                              This parameter is available only in a Preferred scheduling policy. The weight ranges from 1 to 100. During scheduling, the scheduler adds the weight to the scores of other priority functions and schedules pods to the node with the largest total score.

                                                              +

                                                              This parameter is available only in a preferred scheduling policy. The weight ranges from 1 to 100. During scheduling, the scheduler adds the weight to the scores of other priority functions and schedules pods to the node with the largest total score.

                                                              Namespace

                                                              @@ -75,8 +75,8 @@

                                                              Topology Key

                                                              A topology domain (topologyKey) determines the range of nodes to be scheduled based on node labels. For example, if the node label is kubernetes.io/hostname, the range of nodes is determined by node name. Nodes with different names are in different topology domains. In this case, a topology domain contains only one node. If the specified label is kubernetes.io/os, the range of nodes is determined by node OS. Nodes running different OSs belong to different topology domains. In this case, a topology domain may contain multiple nodes.

                                                              -

                                                              After the node range is determined using the topology domain, configure the policy for scheduling, including the label name, operator, and label value. The minimum unit for scheduling is a topology domain. For example, if a node in a topology domain meets the load affinity policy, all nodes in the topology domain can be scheduled.

                                                              +

                                                              A topology key (topologyKey) determines the range of nodes to be scheduled based on node labels. For example, if the node label is kubernetes.io/hostname, the range of nodes is determined by node name. Nodes with different names are in different topology keys. In this case, a topology key contains only one node. If the specified label is kubernetes.io/os, the range of nodes is determined by node OS. Nodes running different OSs belong to different topology keys. In this case, a topology key may contain multiple nodes.

                                                              +

                                                              After the node range is determined using the topology key, configure the policy for scheduling, including the label key, operator, and label value. The minimum unit for scheduling is a topology key. For example, if a node in a topology key meets the load affinity policy, all nodes in the topology key can be scheduled.

                                                              Label Key

                                                              @@ -88,7 +88,7 @@

                                                              Operator

                                                              The following operators are supported:

                                                              -
                                                              • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                              • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                              • Exists: The affinity or anti-affinity object has a specified label name.
                                                              • DoesNotExist: The affinity or anti-affinity object does not have the specified label name.
                                                              +
                                                              • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                              • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                              • Exists: The affinity or anti-affinity object has a specified label key.
                                                              • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.

                                                              Label Value

                                                              @@ -102,7 +102,7 @@

                                                            • After the scheduling policy is added, click Create Workload.
                                                              • -

                                                              Configuring Node Affinity on the Console

                                                              1. When creating a workload, click Scheduling in the Advanced Settings area. For details about how to create a workload, see Creating a Workload.
                                                              2. Select a node affinity scheduling policy.

                                                                • Not configured: No node affinity policy is configured.
                                                                • Node Affinity: Specify the nodes where workload pods are to be deployed. If no nodes are specified, the pods will be randomly scheduled based on the default cluster scheduling policy.
                                                                • Specified Node Pool Scheduling: Specify the node pools where workload pods are to be deployed. If no node pools are specified, the pods will be randomly scheduled based on the default cluster scheduling policy.
                                                                • Custom policies: allow flexible scheduling of workload pods based on node labels. For details about the supported scheduling policies, see Table 3. Select a proper policy type and click to add a policy. For details about the parameters, see Table 4. You can also click Specify Node or Specify AZ to quickly select a node or AZ on the console for scheduling.

                                                                  Specifying a node or AZ is also implemented through labels. The console frees you from manually entering node labels. The kubernetes.io/hostname label is used when you specify a node, and the failure-domain.beta.kubernetes.io/zone label is used when you specify an AZ.

                                                                  +

                                                                  Configuring Node Affinity on the Console

                                                                  1. When creating a workload, click Scheduling in the Advanced Settings area. For details about how to create a workload, see Creating a Workload.
                                                                  2. Select a node affinity scheduling policy.

                                                                    • Not configured: No node affinity policy is configured.
                                                                    • Node Affinity: Specify the nodes where workload pods are to be deployed. If no nodes are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                    • Specified Node Pool Scheduling: Specify the node pools where workload pods are to be deployed. If no node pools are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                    • Custom policies: allow flexible scheduling of workload pods based on node labels. For details about the supported scheduling policies, see Table 3. Select a proper policy type and click to add a policy. For details about the parameters, see Table 4. You can also click Specify Node or Specify AZ to quickly select a node or AZ on the console for scheduling.

                                                                      Specifying a node or AZ is also implemented through labels. The console frees you from manually entering node labels. The kubernetes.io/hostname label is used when you specify a node, and the failure-domain.beta.kubernetes.io/zone label is used when you specify an AZ.

                                                                      @@ -118,7 +118,7 @@ - @@ -132,7 +132,7 @@ -
                                                                      Table 3 Node affinity settings

                                                                      Parameter

                                                                      Preferred

                                                                      Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution for specifying the conditions that are preferentially met.

                                                                      +

                                                                      Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution for specifying the conditions that need to be met as much as possible.

                                                                      If multiple rules that are preferentially met are added, scheduling will be performed even if one or none of the rules is met.

                                                                      Label

                                                                      +

                                                                      Label Key

                                                                      When configuring node affinity, enter the node label to be matched.

                                                                      Both default labels and custom labels are supported.

                                                                      @@ -141,7 +141,7 @@

                                                                      Operator

                                                                      The following operators are supported:

                                                                      -
                                                                      • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                      • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                      • Exists: The affinity or anti-affinity object has a specified label name.
                                                                      • DoesNotExist: The affinity or anti-affinity object does not have the specified label name.
                                                                      • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                      • Lt: (available only for node affinity) The label value of the scheduled node is less than the list value (string comparison).
                                                                      +
                                                                      • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                      • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                      • Exists: The affinity or anti-affinity object has a specified label key.
                                                                      • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                      • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                      • Lt: (available only for node affinity) The label value of the scheduled node is less than the list value (string comparison).

                                                                      Label Value

                                                                      @@ -174,7 +174,7 @@ Labels: beta.kubernetes.io/arch=amd64 os.name=EulerOS_2.0_SP5 os.version=3.10.0-862.14.1.5.h328.eulerosv2r7.x86_64

                                                                      In workload scheduling, common node labels are as follows:

                                                                      -
                                                                      • failure-domain.beta.kubernetes.io/region: region where the node is located.
                                                                      • failure-domain.beta.kubernetes.io/zone: availability zone to which the node belongs.
                                                                      • kubernetes.io/hostname: host name of the node.
                                                                      +
                                                                      • failure-domain.beta.kubernetes.io/region: region where the node is located
                                                                      • failure-domain.beta.kubernetes.io/zone: availability zone to which the node belongs
                                                                      • kubernetes.io/hostname: hostname of the node

                                                                      Kubernetes provides the nodeSelector field. When creating a workload, you can set this field to specify that the pod can be deployed only on a node with the specific label. The following example shows how to use a nodeSelector to deploy the pod only on the node with the gpu=true label.

                                                                      apiVersion: v1
 kind: Pod
@@ -185,10 +185,10 @@ spec:
     gpu: true
 ...
                                                                      Node affinity rules can achieve the same results. Compared with nodeSelector, node affinity rules seem more complex, but with a more expressive syntax. You can use the spec.affinity.nodeAffinity field to set node affinity. There are two types of node affinity:
                                                                      • requiredDuringSchedulingIgnoredDuringExecution: Kubernetes cannot schedule the pod unless the rule is met.
                                                                      • PreferredDuringSchedulingIgnoredDuringExecution: Kubernetes tries to find a node that meets the rule. If a matching node is not available, Kubernetes still schedules the pod.
                                                                      -

                                                                      In these two types of node affinity, requiredDuringScheduling or preferredDuringScheduling indicates that the pod can be scheduled to a node only when all the defined rules are met (required). IgnoredDuringExecution indicates that if the node label changes after Kubernetes schedules the pod, the pod continues to run and will not be rescheduled. However, if kubelet on the node is restarted, kubelet will recheck the node affinity rule, and the pod will still be scheduled to another node.

                                                                      +

                                                                      In these two types of node affinity, requiredDuringScheduling or preferredDuringScheduling indicates that the pod can be scheduled to a node only when all the defined rules are met (required). IgnoredDuringExecution indicates that any changes to the node label after Kubernetes schedules the pod will not affect the pod's running or cause it to be rescheduled. However, if kubelet on the node is restarted, kubelet will recheck the node affinity rule, and the pod will still be scheduled to another node.

                                                                      -

                                                                      The following is an example of setting node affinity:

                                                                      +

                                                                      The following is an example of configuring node affinity:

                                                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -325,7 +325,7 @@ gpu-585455d466-t56cm   1/1     Running   0          2m29s   172.16.0.64   192.16
 gpu-585455d466-t5w5x   1/1     Running   0          2m29s   172.16.0.41   192.168.0.212

                                                                      In the preceding example, the node scheduling priority is as follows. Nodes with both SSD and gpu=true labels have the highest priority. Nodes with the SSD label but no gpu=true label have the second priority (weight: 80). Nodes with the gpu=true label but no SSD label have the third priority. Nodes without any of these two labels have the lowest priority.

                                                                      -
                                                                      Figure 1 Scheduling priority
                                                                      +
                                                                      Figure 1 Scheduling priority

                                                                      Workload Affinity (podAffinity)

                                                                      Node affinity rules affect only the affinity between pods and nodes. Kubernetes also supports configuring inter-pod affinity rules. For example, the frontend and backend of an application can be deployed together on one node to reduce access latency. There are also two types of inter-pod affinity rules: requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution.

                                                                      For workload affinity, topologyKey cannot be left blank when requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution are used.

                                                                      @@ -382,7 +382,7 @@ backend-658f6cb858-dlrz8 1/1 Running 0 5m38s 172.16.0.67 1 frontend-67ff9b7b97-dsqzn 1/1 Running 0 6s 172.16.0.70 192.168.0.100 frontend-67ff9b7b97-hxm5t 1/1 Running 0 6s 172.16.0.71 192.168.0.100 frontend-67ff9b7b97-z8pdb 1/1 Running 0 6s 172.16.0.72 192.168.0.100 -

                                                                      The topologyKey field is used to divide topology domains to specify the selection range. If the label keys and values of nodes are the same, the nodes are considered to be in the same topology domain. Then, the contents defined in the following rules are selected. The effect of topologyKey is not fully demonstrated in the preceding example because all the nodes have the kubernetes.io/hostname label, that is, all the nodes are within the range.

                                                                      +

                                                                      The topologyKey field is used to divide topology keys to specify the selection range. If the label keys and values of nodes are the same, the nodes are considered to be in the same topology key. Then, the contents defined in the following rules are selected. The effect of topologyKey is not fully demonstrated in the preceding example because all the nodes have the kubernetes.io/hostname label, that is, all the nodes are within the range.

                                                                      To see how topologyKey works, assume that the backend of the application has two pods, which are running on different nodes.

                                                                      $ kubectl get po -o wide
 NAME                       READY   STATUS    RESTARTS   AGE     IP            NODE         
@@ -400,7 +400,7 @@ NAME            STATUS   ROLES    AGE   VERSION                            PREFE
 192.168.0.212   Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
 192.168.0.94    Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
 192.168.0.97    Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
                                                                      -

                                                                      If the topologyKey of podAffinity is set to prefer, the node topology domains are divided as shown in Figure 2.

                                                                      +

                                                                      If the topologyKey of podAffinity is set to prefer, the node topology keys are divided as shown in Figure 2.

                                                                            affinity:
         podAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -411,8 +411,8 @@ NAME            STATUS   ROLES    AGE   VERSION                            PREFE
                 operator: In 
                 values: 
                 - backend
                                                                      -
                                                                      Figure 2 Topology domains
                                                                      -

                                                                      During scheduling, node topology domains are divided based on the prefer label. In this example, 192.168.0.97 and 192.168.0.94 are divided into the same topology domain. If a pod with the app=backend label runs in the topology domain, even if not all nodes in the topology domain run the pod with the app=backend label (in this example, only the 192.168.0.97 node has such a pod), frontend is also deployed in this topology domain (192.168.0.97 or 192.168.0.94).

                                                                      +
                                                                      Figure 2 Topology keys
                                                                      +

                                                                      During scheduling, node topology keys are divided based on the prefer label. In this example, 192.168.0.97 and 192.168.0.94 are divided into the same topology key. If a pod with the app=backend label runs in the topology key, even if not all nodes in the topology key run the pod with the app=backend label (in this example, only the 192.168.0.97 node has such a pod), frontend is also deployed in this topology key (192.168.0.97 or 192.168.0.94).

                                                                      $ kubectl create -f affinity3.yaml 
 deployment.apps/frontend created
 
@@ -427,7 +427,7 @@ frontend-67ff9b7b97-z8pdb   1/1     Running   0          6s      172.16.0.72   1
 
                                                                      Workload Anti-Affinity (podAntiAffinity)
                                                                      Unlike the scenarios in which pods are preferred to be scheduled onto the same node, sometimes, it could be the exact opposite. For example, if certain pods are deployed together, they will affect the performance.
                                                                      
 
                                                                       
                                                                      For workload anti-affinity, when requiredDuringSchedulingIgnoredDuringExecution is used, the default access controller LimitPodHardAntiAffinityTopology of Kubernetes requires that topologyKey can only be kubernetes.io/hostname. To use other custom topology logic, modify or disable the access controller.
                                                                      
 
                                                                      
-
                                                                      The following is an example of defining an anti-affinity rule. This rule divides node topology domains by the kubernetes.io/hostname label. If a pod with the app=frontend label already exists on a node in the topology domain, pods with the same label cannot be scheduled to other nodes in the topology domain.
                                                                      
+
                                                                      The following is an example of defining an anti-affinity rule. This rule divides node topology keys by the kubernetes.io/hostname label. If a pod with the app=frontend label already exists on a node in the topology key, pods with the same label cannot be scheduled to other nodes in the topology key.
                                                                      
 
                                                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -459,14 +459,14 @@ spec:
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: kubernetes.io/hostname   # Topology domain of the node
+          - topologyKey: kubernetes.io/hostname   # Topology key of the node
             labelSelector:    # Pod label matching rule
               matchExpressions: 
               - key: app
                 operator: In 
                 values: 
                 - frontend
                                                                      
-
                                                                      Create an anti-affinity rule and view the deployment result. In the example, node topology domains are divided by the kubernetes.io/hostname label. The label values of nodes with the kubernetes.io/hostname label are different, so there is only one node in a topology domain. If a frontend pod already exists in a topology domain, pods with the same label will not be scheduled to the topology domain. In this example, there are only four nodes. Therefore, there is one pod which is in the Pending state and cannot be scheduled.
                                                                      
+
                                                                      Create an anti-affinity rule and view the deployment result. In the example, node topology keys are divided by the kubernetes.io/hostname label. The label values of nodes with the kubernetes.io/hostname label are different, so there is only one node in a topology key. If a topology key contains only one node where a frontend pod already exists, pods with the same label will not be scheduled to that topology key. In this example, there are only four nodes. Therefore, there is one pod which is in the Pending state and cannot be scheduled.
                                                                      
 
                                                                      $ kubectl create -f affinity4.yaml 
 deployment.apps/frontend created
 
@@ -479,12 +479,12 @@ frontend-6f686d8d87-q7cfq   1/1     Running   0          18s   172.16.0.47   192
 frontend-6f686d8d87-xl8hx   1/1     Running   0          18s   172.16.0.23   192.168.0.94 
                                                                      
 
                                                                      
 
                                                                      Operator Values
                                                                      You can use the operator field to set the logical relationship of the usage rule. The value of operator can be:
                                                                      
-
                                                                      • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                      • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                      • Exists: The affinity or anti-affinity object has a specified label name.
                                                                      • DoesNotExist: The affinity or anti-affinity object does not have the specified label name.
                                                                      • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                      • Lt: (available only for node affinity) The label value of the scheduled node is less than the list value (string comparison).
                                                                      
+
                                                                      • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                      • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                      • Exists: The affinity or anti-affinity object has a specified label key.
                                                                      • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                      • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                      • Lt: (available only for node affinity) The label value of the scheduled node is less than the list value (string comparison).
                                                                      -
                                                                      Parent topic: Configuring a Container
                                                                      +
                                                                      Parent topic: Configuring a Workload
                                                                      diff --git a/docs/cce/umn/cce_10_0240.html b/docs/cce/umn/cce_10_0240.html index 4ac572fa..bb0ef66b 100644 --- a/docs/cce/umn/cce_10_0240.html +++ b/docs/cce/umn/cce_10_0240.html @@ -4,11 +4,12 @@

                                                                      cce-hpa-controller is a CCE-developed add-on, which can be used to flexibly scale in or out Deployments based on metrics such as CPU usage and memory usage.

                                                                      Main Functions

                                                                      • Scaling can be performed based on the percentage of the current number of pods.
                                                                      • The minimum scaling step can be set.
                                                                      • Different scaling operations can be performed based on the actual metric values.
                                                                      -

                                                                      Constraints

                                                                      • This add-on can be installed only in clusters of v1.15 or later.
                                                                      • If the version is 1.2.11 or later, the add-ons that can provide metrics API must be installed.
                                                                        • Kubernetes Metrics Server: provides basic resource usage metrics, such as container CPU and memory usage. It is supported by all cluster versions.
                                                                        +

                                                                        Notes and Constraints

                                                                        Installing the Add-on

                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. Click Add-ons in the navigation pane, locate CCE Advanced HPA on the right, and click Install.
                                                                        2. On the Install Add-on page, configure the specifications.

                                                                          -

                                                                          Table 1 cce-hpa-controller configuration

                                                                          Parameter

                                                                          +
                                                                          @@ -17,7 +18,7 @@ @@ -25,6 +26,7 @@
                                                                          Table 1 Add-on configuration

                                                                          Parameter

                                                                          Description

                                                                          Add-on Specifications

                                                                          Select Single or Custom for Add-on Specifications.

                                                                          -
                                                                          NOTE:

                                                                          Single-instance add-ons are used only for service verification. In commercial deployments, select Custom based on the cluster specifications. The specifications of cce-hpa-controller are decided by the total number of containers in the cluster and the number of scaling policies. You are advised to configure 500m CPU and 1,000 MiB memory for every 5,000 containers, and 100m CPU and 500 MiB memory for every 1,000 scaling policies.

                                                                          +
                                                                          NOTE:

                                                                          A single instance is solely for verification purposes. For commercial situations, you need to choose Custom based on the cluster specifications. The add-on specifications are influenced by the total number of containers in clusters and the number of scaling policies. For typical situations, it is recommended that you configure 500m CPU cores and 1,000 MiB of memory for every 5,000 containers. As for scaling policies, 100m CPU cores and 500 MiB of memory should be configured for every 1,000 of them.

                                                                          Number of pods that will be created to match the selected add-on specifications.

                                                                          If you select Custom, you can adjust the number of pods as required.

                                                                          +

                                                                          High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.

                                                                          Containers

                                                                          @@ -36,32 +38,31 @@
                                                                          -

                                                                        3. Select Single or Custom for Add-on Specifications.

                                                                          • Pods: Set the number of pods based on service requirements.
                                                                          • Containers: Set a proper container quota based on service requirements.

                                                                        4. Configure scheduling policies for the add-on.

                                                                          • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                                          • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                                          -
                                                                          - @@ -232,6 +233,16 @@ spec: + + + + + - @@ -459,7 +470,7 @@ ingress-test * 121.**.**.** 80 10s

                                                                        5. Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).

                                                                          121.**.**.** indicates the IP address of the unified load balancer.

                                                                          6. -

                                                                          Creating an Ingress - Interconnecting with an Existing Load Balancer

                                                                          CCE allows you to connect to an existing load balancer when creating an ingress.
                                                                          • Existing dedicated load balancers must be the application type (HTTP/HTTPS) supporting private networks (with a private IP).
                                                                          +

                                                                          Creating an Ingress - Interconnecting with an Existing Load Balancer

                                                                          CCE allows you to connect to an existing load balancer when creating an ingress.
                                                                          • An existing dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                          If the cluster version is 1.23 or later, the YAML file configuration is as follows:
                                                                          apiVersion: networking.k8s.io/v1
diff --git a/docs/cce/umn/cce_10_0276.html b/docs/cce/umn/cce_10_0276.html
index 8f5f10bb..db27caea 100644
--- a/docs/cce/umn/cce_10_0276.html
+++ b/docs/cce/umn/cce_10_0276.html
@@ -2,9 +2,9 @@
 
 
                                                                          Performing Rolling Upgrade for Nodes
                                                                          
 
                                                                          Scenario
                                                                          In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.
                                                                          
-
                                                                          Figure 1 Workload migration
                                                                          
+
                                                                          Figure 1 Workload migration
                                                                          
 
                                                                          
-
                                                                          Constraints
                                                                          • The original node and the target node to which the workload is to be migrated must be in the same cluster.
                                                                          • The cluster must be of v1.13.10 or later.
                                                                          • The default node pool DefaultPool does not support this configuration.
                                                                          
+
                                                                          Notes and Constraints
                                                                          • The original node and the target node to which the workload is to be migrated must be in the same cluster.
                                                                          • The cluster must be of v1.13.10 or later.
                                                                          • The default node pool does not support this configuration.
                                                                          
 
                                                                          
 
                                                                          Scenario 1: The Original Node Is in DefaultPool
                                                                          1. Create a node pool. For details, see Creating a Node Pool.
                                                                          2. On the node pool list page, click View Node in the Operation column of the target node pool. The IP address of the new node is displayed in the node list.
                                                                          1. Install and configure kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                          1. Migrate the workload.
                                                                            1. Add a taint to the node where the workload needs to be migrated out.
                                                                              kubectl taint node [node] key=value:[effect]
                                                                              
 
                                                                              In the preceding command, [node] indicates the IP address of the node where the workload to be migrated is located. The value of [effect] can be NoSchedule, PreferNoSchedule, or NoExecute. In this example, set this parameter to NoSchedule.
                                                                              
diff --git a/docs/cce/umn/cce_10_0277.html b/docs/cce/umn/cce_10_0277.html
index 9a263b78..3e0efd74 100644
--- a/docs/cce/umn/cce_10_0277.html
+++ b/docs/cce/umn/cce_10_0277.html
@@ -37,7 +37,12 @@
                                                                          - + + + diff --git a/docs/cce/umn/cce_10_0278.html b/docs/cce/umn/cce_10_0278.html index deb5a32c..5d07a477 100644 --- a/docs/cce/umn/cce_10_0278.html +++ b/docs/cce/umn/cce_10_0278.html @@ -6,10 +6,10 @@

                                                                          Prerequisites

                                                                          At least one cluster has been created.

                                                                          -

                                                                          Constraints

                                                                          A maximum of 6000 Services can be created in each namespace. The Services mentioned here indicate the Kubernetes Service resources added for workloads.

                                                                          +

                                                                          Notes and Constraints

                                                                          A maximum of 6000 Services can be created in each namespace. The Services mentioned here indicate the Kubernetes Service resources added for workloads.

                                                                          -

                                                                          Namespace Types

                                                                          Namespaces can be created in either of the following ways:

                                                                          -
                                                                          • Created automatically: When a cluster is up, the default, kube-public, kube-system, and kube-node-lease namespaces are created by default.
                                                                            • default: All objects for which no namespace is specified are allocated to this namespace.
                                                                            • kube-public: Resources in this namespace can be accessed by all users (including unauthenticated users), such as public add-ons and container charts.
                                                                            • kube-system: All resources created by Kubernetes are in this namespace.
                                                                            • kube-node-lease: Each node has an associated Lease object in this namespace. The object is periodically updated by the node. Both NodeStatus and NodeLease are considered as heartbeats from a node. In versions earlier than v1.13, only NodeStatus is available. The NodeLease feature is introduced in v1.13. NodeLease is more lightweight than NodeStatus. This feature significantly improves the cluster scalability and performance.
                                                                            +

                                                                            Namespace Types

                                                                            Namespaces can be created automatically or manually.

                                                                            +
                                                                            • Created automatically: When a cluster is up, the default, kube-public, kube-system, and kube-node-lease namespaces are created by default.
                                                                              • default: All objects for which no namespace is specified are allocated to this namespace.
                                                                              • kube-public: Resources in this namespace can be accessed by all users (including unauthenticated users) so that some resources in the cluster can be readable in the entire cluster. This is a reserved Kubernetes namespace. Its common attributes are only conventions but not requirements.
                                                                              • kube-system: All resources created by Kubernetes are in this namespace.
                                                                              • kube-node-lease: Each node has an associated Lease object in this namespace. The object is periodically updated by the node. Both NodeStatus and NodeLease are considered as heartbeats from a node. In versions earlier than v1.13, only NodeStatus is available. The NodeLease feature is introduced in v1.13. NodeLease is more lightweight than NodeStatus. This feature significantly improves the cluster scalability and performance.
                                                                            • Created manually: You can create namespaces to serve separate purposes. For example, you can create three namespaces, one for a development environment, one for joint debugging environment, and one for test environment. You can also create one namespace for login services and one for game services.

                                                                            Creating a Namespace

                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                            2. Choose Namespaces in the navigation pane and click Create Namespace in the upper right corner.
                                                                            3. Set namespace parameters based on Table 1.

                                                                              diff --git a/docs/cce/umn/cce_10_0279.html b/docs/cce/umn/cce_10_0279.html index cd768839..7163078b 100644 --- a/docs/cce/umn/cce_10_0279.html +++ b/docs/cce/umn/cce_10_0279.html @@ -11,42 +11,42 @@

                                                                            Components

                                                                            -

                                                                            Workload scaling components are described as follows:

                                                                            +

                                                                            Workload Scaling Types

                                                                            -
                                                                          Table 2 Configurations for add-on scheduling

                                                                          Parameter

                                                                          +
                                                                          - - - - - - - @@ -89,10 +90,68 @@
                                                                          Table 2 Configurations for add-on scheduling

                                                                          Parameter

                                                                          Description

                                                                          +

                                                                          Description

                                                                          Multi AZ

                                                                          +

                                                                          Multi AZ

                                                                          • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                          • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                                          • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                                          +
                                                                          • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                          • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                                          • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.

                                                                          Node Affinity

                                                                          +

                                                                          Node Affinity

                                                                          • Not configured: Node affinity is disabled for the add-on.
                                                                          • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                          • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                          • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                                                            If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                                                            +
                                                                          • Not configured: Node affinity is disabled for the add-on.
                                                                          • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                          • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                          • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.

                                                                            If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.

                                                                          Toleration

                                                                          +

                                                                          Toleration

                                                                          Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                                                          +

                                                                          Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.

                                                                          The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.

                                                                          -

                                                                          For details, see Taints and Tolerations.

                                                                          +

                                                                          For details, see Configuring Tolerance Policies.
                                                                          +

                                                                          Change History

                                                                          +
                                                                          + + + + + + + + + + + + + + + + + + + + + +
                                                                          Table 4 Release history

                                                                          Add-on Version

                                                                          +

                                                                          Supported Cluster Version

                                                                          +

                                                                          New Feature

                                                                          +

                                                                          1.4.3

                                                                          +

                                                                          v1.21

                                                                          +

                                                                          v1.23

                                                                          +

                                                                          v1.25

                                                                          +

                                                                          v1.27

                                                                          +

                                                                          v1.28

                                                                          +

                                                                          v1.29

                                                                          +

                                                                          Fixed some issues.

                                                                          +

                                                                          1.3.43

                                                                          +

                                                                          v1.21

                                                                          +

                                                                          v1.23

                                                                          +

                                                                          v1.25

                                                                          +

                                                                          v1.27

                                                                          +

                                                                          v1.28

                                                                          +

                                                                          Fixed some issues.

                                                                          +

                                                                          1.3.42

                                                                          +

                                                                          v1.21

                                                                          +

                                                                          v1.23

                                                                          +

                                                                          v1.25

                                                                          +

                                                                          v1.27

                                                                          +

                                                                          v1.28

                                                                          +

                                                                          CCE clusters 1.28 are supported.

                                                                          +

                                                                          1.3.14

                                                                          +

                                                                          v1.19

                                                                          +

                                                                          v1.21

                                                                          +

                                                                          v1.23

                                                                          +

                                                                          v1.25

                                                                          +

                                                                          v1.27

                                                                          +

                                                                          CCE clusters 1.27 are supported.

                                                                          +
                                                                          +
                                                                          +
                                                                          -
                                                                          Parent topic: Add-ons
                                                                          +
                                                                          Parent topic: Scheduling and Elasticity Add-ons
                                                                          diff --git a/docs/cce/umn/cce_10_0245.html b/docs/cce/umn/cce_10_0245.html index b23b42f3..ea109ec7 100644 --- a/docs/cce/umn/cce_10_0245.html +++ b/docs/cce/umn/cce_10_0245.html @@ -9,7 +9,7 @@

                                                                          Permission Design

                                                                          The following uses company X as an example.

                                                                          Generally, a company has multiple departments or projects, and each department has multiple members. Design how permissions are to be assigned to different groups and projects, and set a user name for each member to facilitate subsequent user group and permissions configuration.

                                                                          The following figure shows the organizational structure of a department in a company and the permissions to be assigned to each member:

                                                                          -

                                                                          +

                                                                          Director: David

                                                                          David is a department director of company X. To assign him all CCE permissions (both cluster and namespace permissions), create the cce-admin user group for David on the IAM console and assign the CCE Administrator role.

                                                                          CCE Administrator: This role has all CCE permissions. You do not need to assign other permissions.

                                                                          diff --git a/docs/cce/umn/cce_10_0249.html b/docs/cce/umn/cce_10_0249.html index d997dfab..fea8a7a2 100644 --- a/docs/cce/umn/cce_10_0249.html +++ b/docs/cce/umn/cce_10_0249.html @@ -55,7 +55,7 @@ spec:

                                                                          This mode applies to scenarios where high performance is not required and the source IP address of the client does not need to be retained. This mode brings more balanced load to each node in the cluster.

                                                                          This mode applies to scenarios where high performance is required and the source IP address of the client need to be retained. However, traffic is forwarded only to the node where the container resides, and source IP address translation is not performed.

                                                                          +

                                                                          This mode applies to scenarios where high performance is required and the source IP address of the client needs to be retained. However, traffic is forwarded only to the node where the container resides, and source IP address translation is not performed.

                                                                          Access mode

                                                                          @@ -234,7 +234,7 @@ spec: selector: app: nginx type: LoadBalancer -
                                                                        6. Leveraging the pass-through feature of the Service, kube-proxy is bypassed when the ELB address is used for access. The ELB load balancer is accessed first, and then the workload. For details, see Enabling Passthrough Networking for LoadBalancer Services.
                                                                          • After passthrough networking is configured for a dedicated load balancer, in a CCE standard cluster, pods that run on the same node as the workload and pods that run on the same node cannot be accessed through the LoadBalancer Service.
                                                                          • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                          • In IPVS network mode, the pass-through settings of Service connected to the same ELB must be the same.
                                                                          • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                          +
                                                                        7. Leveraging the pass-through feature of the Service, kube-proxy is bypassed when the ELB address is used for access. The ELB load balancer is accessed first, and then the workload. For details, see Configuring Passthrough Networking for a LoadBalancer Service.
                                                                          • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                                          • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                          • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                                          • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                          apiVersion: v1 
 kind: Service 
diff --git a/docs/cce/umn/cce_10_0251.html b/docs/cce/umn/cce_10_0251.html
index c4ecc832..81b71391 100644
--- a/docs/cce/umn/cce_10_0251.html
+++ b/docs/cce/umn/cce_10_0251.html
@@ -3,10 +3,10 @@
 
                                                                          Creating a LoadBalancer Ingress on the Console
                                                                          
 
                                                                          Prerequisites
                                                                          
 
                                                                          
-
                                                                          Constraints
                                                                          • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                                          • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                          • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                          • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                          • A dedicated load balancer must be of the application type (HTTP/HTTPS) type and support private networks (with a private IP).
                                                                          • If multiple ingresses access the same ELB port in a cluster, the listener configuration items (such as the certificate associated with the listener and the HTTP2 attribute of the listener) are subject to the configuration of the first ingress.
                                                                          
+
                                                                          Notes and Constraints
                                                                          • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                                          • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                          • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                          • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                          • A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                          • If multiple ingresses access the same ELB port in a cluster, the listener configuration items (such as the certificate associated with the listener and the HTTP/2 attribute of the listener) are subject to the configuration of the first ingress.
                                                                          
 
                                                                          
 
                                                                          Adding a LoadBalancer Ingress
                                                                          This section uses an Nginx workload as an example to describe how to add a LoadBalancer ingress.
                                                                          
-
                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                          2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                          3. Configure ingress parameters.
                                                                            • Name: specifies a name of an ingress, for example, ingress-demo.
                                                                            • Load Balancer: Select a load balancer type and creation mode.
                                                                              A load balancer can be dedicated or shared. A dedicated load balancer must be of the application (HTTP/HTTPS) type and support private networks.
                                                                              
+
                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                              2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                              3. Configure ingress parameters.
                                                                                • Name: Customize the name of an ingress, for example, ingress-demo.
                                                                                • Load Balancer: Select a load balancer type and creation mode.
                                                                                  A load balancer can be dedicated or shared. A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks.
                                                                                  
 
                                                                                  You can select Use existing or Auto create to obtain a load balancer. For details about the configuration of different creation modes, see Table 1.
 
                                                                                  
@@ -21,18 +21,19 @@
 
-
                                                                                  Table 1 Load balancer configurations
                                                                                  How to Create
                                                                                  
 
                                                                                  
 
                                                                                  Auto create
                                                                                  
 
                                                                                  • Instance Name: Enter a load balancer name.
                                                                                  • Public Access: If enabled, an EIP with 5 Mbit/s bandwidth will be created.
                                                                                  • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                  • Specifications (available only to dedicated load balancers)
                                                                                    • Fixed: applies to stable traffic, billed based on specifications.
                                                                                    
-
                                                                                  
+
                                                                                  • Instance Name: Enter a load balancer name.
                                                                                  • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                  • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                  • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                  • Network/Application-oriented Specifications (available only to dedicated load balancers)
                                                                                    • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                    • Fixed: applies to stable traffic, billed based on specifications.
                                                                                    
+
                                                                                  • EIP: If you select Auto create, you can configure the billing mode and size of the public network bandwidth.
                                                                                  • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.
                                                                                  
                                                                                   		
 
                                                                                  
 
 
                                                                                  
 
                                                                                  
 
                                                                                  
-
                                                                                • Listener: An ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                                                  • External Protocol: HTTP or HTTPS
                                                                                  • External Port: port number that is open to the ELB service address. The port number can be specified randomly.
                                                                                  • Certificate Source: TLS secret and ELB server certificate are supported.
                                                                                  • Server Certificate: When an HTTPS listener is created for a load balancer, bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                                    • TLS secret: For details about how to create a secret certificate, see Creating a Secret.
                                                                                    • ELB server certificate: Use the certificate created in the ELB service.
                                                                                    
+
                                                                                  • Listener: An ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                                                    • External Protocol: HTTP and HTTPS are available.
                                                                                    • External Port: port number that is open to the ELB service address. The port number is configurable.
                                                                                    • Access Control
                                                                                      • Allow all IP addresses: No access control is configured.
                                                                                      • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                      • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                      
+
                                                                                    • Certificate Source: TLS secret and ELB server certificate are supported.
                                                                                    • Server Certificate: When an HTTPS listener is created for a load balancer, bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                                      • TLS secret: For details about how to create a secret certificate, see Creating a Secret.
                                                                                      • ELB server certificate: Use the certificate created in the ELB service.
                                                                                      
 
                                                                                       
                                                                                      If there is already an HTTPS ingress for the chosen port on the load balancer, the certificate of the new HTTPS ingress must be the same as the certificate of the existing ingress. This means that a listener has only one certificate. If two certificates, each with a different ingress, are added to the same listener of the same load balancer, only the certificate added earliest takes effect on the load balancer.
                                                                                      
 
                                                                                      
-
                                                                                    • SNI: Server Name Indication (SNI) is an extended protocol of TLS. It allows multiple TLS-based access domain names to be provided for external systems using the same IP address and port. Different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                                       
                                                                                      • The SNI option is available only when HTTPS is used.
                                                                                      
+
                                                                                    • SNI: stands for Server Name Indication (SNI), which is an extended protocol of TLS. SNI allows multiple TLS-compliant domain names for external access using the same IP address and port number, and different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                                       
                                                                                      • The SNI option is available only when HTTPS is used.
                                                                                      
 
                                                                                      • This function is supported only in clusters of v1.15.11 and later.
                                                                                      • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                      • For ingresses connected to the same ELB port, do not configure SNIs with the same domain name but different certificates. Otherwise, the SNIs will be overwritten.
                                                                                      
 
                                                                                      
 
                                                                                    • Security Policy: combinations of different TLS versions and supported cipher suites available to HTTPS listeners.
                                                                                      For details about security policies, see ELB User Guide.
                                                                                      
@@ -40,14 +41,55 @@
                                                                        8. Backend Protocol:

                                                                          When the listener is HTTP-compliant, only HTTP can be selected.

                                                                          If it is an HTTPS listener, this parameter can be set to HTTP or HTTPS.

                                                                          +
                                                                        9. Advanced Options +
                                                                          + + + + + + + + + + + + + + + + + + + + + +

                                                                          Configuration

                                                                          +

                                                                          Description

                                                                          +

                                                                          Restrictions

                                                                          +

                                                                          Idle Timeout

                                                                          +

                                                                          Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.

                                                                          +

                                                                          None

                                                                          +

                                                                          Request Timeout

                                                                          +

                                                                          Timeout for waiting for a request from a client. There are two cases:

                                                                          +
                                                                          • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                          • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                          +

                                                                          None

                                                                          +

                                                                          Response Timeout

                                                                          +

                                                                          Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.

                                                                          +

                                                                          None

                                                                          +

                                                                          HTTP2

                                                                          +

                                                                          Whether to use HTTP/2 for a client to communicate with a load balancer. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.

                                                                          +

                                                                          This function is available only when the listener is HTTPS-compliant.

                                                                          +
                                                                          +
                                                                          10. -
                                                                        10. Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the corresponding target Service for processing. You can click to add multiple forwarding policies.
                                                                          • Domain Name: actual domain name. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                          • URL Matching Rule
                                                                            • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                            • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                            • RegEX match: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                            +
                                                                          • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the corresponding target Service for processing. You can click to add multiple forwarding policies.
                                                                            • Domain Name: actual domain name. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                            • URL Matching Rule
                                                                              • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                              • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                              • RegEX match: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                            • URL: access path to be registered, for example, /healthz.

                                                                              The access path added here must exist in the backend application. Otherwise, the forwarding fails.

                                                                              For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.

                                                                            • Destination Service: Select an existing Service or create a Service. Services that do not meet search criteria are automatically filtered out.
                                                                            • Destination Service Port: Select the access port of the destination Service.
                                                                            • Set ELB:
                                                                              • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                -
                                                                              • Sticky Session: This function is disabled by default. Options are as follows:
                                                                                • Load balancer cookie: Enter the Stickiness Duration , which ranges from 1 to 1,440 minutes.
                                                                                +
                                                                              • Sticky Session: This function is disabled by default. Options are as follows:
                                                                                • Load balancer cookie: Enter the Stickiness Duration , which ranges from 1 to 1440 minutes.
                                                                                • When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                • Dedicated load balancers in the clusters of a version earlier than v1.21 do not support sticky sessions. If sticky sessions are required, use shared load balancers.
                                                                              • Health Check: Set the health check configuration of the load balancer. If this function is enabled, the following configurations are supported: @@ -90,10 +132,10 @@
                                                                            • Operation: Click Delete to delete the configuration.
                                                                          • Annotation: Ingresses provide some advanced CCE functions, which are implemented by annotations. When you use kubectl to create a container, annotations will be used. For details, see Creating an Ingress - Automatically Creating a Load Balancer or Creating an Ingress - Interconnecting with an Existing Load Balancer.
                                                                          -

                                                                        11. After the configuration is complete, click OK. After the ingress is created, it is displayed in the ingress list.

                                                                          On the ELB console, you can view the ELB automatically created through CCE. The default name is cce-lb-ingress.UID. Click the ELB name to access its details page. On the Listeners tab page, view the route settings of the ingress, including the URL, listener port, and backend server group port.

                                                                          +

                                                                        12. Click OK. After the ingress is created, it is displayed in the ingress list.

                                                                          On the ELB console, you can check the load balancer automatically created through CCE. The default name is cce-lb-<ingress.UID>. Click the load balancer name to go to the details page. On the Listeners tab page, check the listener and forwarding policy of the target ingress.

                                                                          After an ingress is created, upgrade and maintain the selected load balancer on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.

                                                                          -

                                                                        13. Access the /healthz interface of the workload, for example, workload defaultbackend.

                                                                          1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                          2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                            Figure 1 Accessing the /healthz interface of defaultbackend
                                                                            +

                                                                          3. Access the /healthz interface of the workload, for example, workload defaultbackend.

                                                                            1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                            2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                              Figure 1 Accessing the /healthz interface of defaultbackend

                                                                          diff --git a/docs/cce/umn/cce_10_0252.html b/docs/cce/umn/cce_10_0252.html index 4da8558f..7c1f8de7 100644 --- a/docs/cce/umn/cce_10_0252.html +++ b/docs/cce/umn/cce_10_0252.html @@ -4,16 +4,16 @@

                                                                          Scenario

                                                                          This section uses an Nginx workload as an example to describe how to create a LoadBalancer ingress using kubectl.

                                                                          -

                                                                          Prerequisites

                                                                          +

                                                                          Prerequisites

                                                                          • An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a sample Nginx workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                          • Services Supported by Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                          • A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).

                                                                          Ingress Description of networking.k8s.io/v1

                                                                          In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.

                                                                          Compared with v1beta1, v1 has the following differences in parameters:

                                                                          • The ingress type is changed from kubernetes.io/ingress.class in annotations to spec.ingressClassName.
                                                                          • The format of backend is changed.
                                                                          • The pathType parameter must be specified for each path. The options are as follows:
                                                                            • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                            • Exact: exact matching of the URL, which is case-sensitive.
                                                                            • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                          -

                                                                          +

                                                                          Creating an Ingress - Automatically Creating a Load Balancer

                                                                          The following describes how to run the kubectl command to automatically create a load balancer when creating an ingress.

                                                                          -
                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.

                                                                            vi ingress-test.yaml

                                                                            +
                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                            2. Create a YAML file named ingress-test.yaml. The file name can be customized.

                                                                              vi ingress-test.yaml

                                                                              Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress Description of networking.k8s.io/v1.

                                                                              Example of a shared load balancer (public network access) for clusters of v1.23 or later:
                                                                              apiVersion: networking.k8s.io/v1
@@ -27,7 +27,7 @@ metadata:
       '{
           "type":"public",
           "bandwidth_name":"cce-bandwidth-******",
-          "bandwidth_chargemode":"traffic",
+          "bandwidth_chargemode":"traffic",
           "bandwidth_size":5,
           "bandwidth_sharetype":"PER",
           "vip_subnet_cidr_id": "*****",
@@ -62,7 +62,7 @@ metadata:
       '{
           "type":"public",
           "bandwidth_name":"cce-bandwidth-******",
-          "bandwidth_chargemode":"traffic",
+          "bandwidth_chargemode":"traffic",
           "bandwidth_size":5,
           "bandwidth_sharetype":"PER",
           "eip_type":"5_bgp"
@@ -91,7 +91,7 @@ metadata:
       '{
           "type": "public",
           "bandwidth_name": "cce-bandwidth-******",
-          "bandwidth_chargemode": "traffic",
+          "bandwidth_chargemode": "traffic",
           "bandwidth_size": 5,
           "bandwidth_sharetype": "PER",
           "eip_type": "5_bgp",
@@ -119,7 +119,7 @@ spec:
         pathType: ImplementationSpecific
   ingressClassName: cce
                                                                              -
                                                                              Example of a dedicated load balancer (public network access) for clusters of version 1.21 or earlier:
                                                                              apiVersion: networking.k8s.io/v1beta1
+
                                                                              Example of a dedicated load balancer (public network access) for clusters of v1.21 or earlier:
                                                                              apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: ingress-test
@@ -132,7 +132,7 @@ metadata:
       '{
           "type": "public",
           "bandwidth_name": "cce-bandwidth-******",
-          "bandwidth_chargemode": "traffic",
+          "bandwidth_chargemode": "traffic",
           "bandwidth_size": 5,
           "bandwidth_sharetype": "PER",
           "eip_type": "5_bgp",
@@ -142,6 +142,7 @@ metadata:
           ],
           "l7_flavor_name": "L7_flavor.elb.s1.small"
        }'
+    kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
 spec:
   rules:
   - host: ''
@@ -172,7 +173,7 @@ spec:

                                                                          14. String

                                                                          Select a proper load balancer type.

                                                                          -
                                                                          • union: shared load balancer
                                                                          • performance: dedicated load balancer
                                                                          +
                                                                          • union: shared load balancer
                                                                          • performance: dedicated load balancer..

                                                                          kubernetes.io/ingress.class

                                                                          @@ -204,7 +205,7 @@ spec:

                                                                          String

                                                                          This parameter indicates the external port registered with the address of the LoadBalancer Service.

                                                                          -

                                                                          Supported range: 1 to 65535

                                                                          +

                                                                          The value ranges from 1 to 65535.

                                                                          NOTE:

                                                                          Some ports are high-risk ports and are blocked by default, for example, port 21.

                                                                          kubernetes.io/elb.tags

                                                                          +

                                                                          No

                                                                          +

                                                                          String

                                                                          +

                                                                          Whether to add resource tags to a load balancer. This function is available only when the load balancer is automatically created, and the cluster is of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later.

                                                                          +

                                                                          A tag is in the format of "key=value". Use commas (,) to separate multiple tags.

                                                                          +

                                                                          host

                                                                          No

                                                                          @@ -332,7 +343,7 @@ spec:

                                                                          Bandwidth mode.

                                                                          • traffic: billed by traffic
                                                                          -

                                                                          Default: traffic

                                                                          +

                                                                          Default: traffic

                                                                          bandwidth_size

                                                                          @@ -341,7 +352,7 @@ spec:

                                                                          Integer

                                                                          Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.

                                                                          +

                                                                          Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.

                                                                          The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                          • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                          • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                          • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.

                                                                          CCE Node Problem Detector

                                                                          +

                                                                          Cloud Native Cluster Monitoring

                                                                          +

                                                                          This add-on uses Prometheus-operator and Prometheus to provide easy-to-use, end-to-end Kubernetes cluster monitoring.

                                                                          +

                                                                          CCE Node Problem Detector

                                                                          This add-on monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. It can run as a DaemonSet or a daemon.
                                                                          Table 1 Workload scaling components

                                                                          Type

                                                                          +
                                                                          - - - - - - - - - - -
                                                                          Table 1 Workload scaling types

                                                                          Type

                                                                          Component Name

                                                                          +

                                                                          Component

                                                                          Component Description

                                                                          +

                                                                          Component Description

                                                                          Reference

                                                                          +

                                                                          Reference

                                                                          HPA

                                                                          +

                                                                          HPA

                                                                          Kubernetes Metrics Server

                                                                          +

                                                                          HorizontalPodAutoscaler (built-in Kubernetes component)

                                                                          A built-in component of Kubernetes, which enables horizontal scaling of pods. It adds the application-level cooldown time window and scaling threshold functions based on the HPA.

                                                                          +

                                                                          HorizontalPodAutoscaler is a built-in component of Kubernetes for Horizontal Pod Autoscaling (HPA). CCE incorporates the application-level cooldown time window and scaling threshold functions into Kubernetes HPA.

                                                                          HPA Policies

                                                                          +

                                                                          Creating an HPA Policy

                                                                          CronHPA

                                                                          +

                                                                          CronHPA

                                                                          CCE Advanced HPA

                                                                          +

                                                                          CCE Advanced HPA

                                                                          CronHPA can scale in or out a cluster at a fixed time. It can work with HPA policies to periodically adjust the HPA scaling scope, implementing workload scaling in complex scenarios.

                                                                          +

                                                                          CronHPA can scale in or out a cluster at a fixed time. It can work with HPA policies to periodically adjust the HPA scaling scope, implementing workload scaling in complex scenarios.

                                                                          CronHPA Policies

                                                                          +

                                                                          Creating a Scheduled CronHPA Policy
                                                                          -

                                                                          Node scaling components are described as follows:

                                                                          +

                                                                          Node Scaling Types

                                                                          -
                                                                          Table 2 Node scaling components

                                                                          Component Name

                                                                          +
                                                                          diff --git a/docs/cce/umn/cce_10_0280.html b/docs/cce/umn/cce_10_0280.html index 639d9065..a72650a0 100644 --- a/docs/cce/umn/cce_10_0280.html +++ b/docs/cce/umn/cce_10_0280.html @@ -1,16 +1,18 @@ -

                                                                          Container Network Models

                                                                          +

                                                                          Container Network

                                                                          diff --git a/docs/cce/umn/cce_10_0281.html b/docs/cce/umn/cce_10_0281.html index 4414779c..de3196e5 100644 --- a/docs/cce/umn/cce_10_0281.html +++ b/docs/cce/umn/cce_10_0281.html @@ -2,7 +2,7 @@

                                                                          Overview

                                                                          The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:

                                                                          - +

                                                                          Network Model Comparison

                                                                          Table 1 describes the differences of network models supported by CCE.

                                                                          After a cluster is created, the network model cannot be changed.

                                                                          @@ -20,11 +20,11 @@
                                                                          - - - - @@ -54,31 +54,32 @@ - - - - - - - - - -
                                                                          Table 2 Node scaling types

                                                                          Component Name

                                                                          Component Description

                                                                          Application scenarios

                                                                          • Common container service scenarios
                                                                          • Scenarios that do not have high requirements on network latency and bandwidth
                                                                          +
                                                                          • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                          • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                          • Scenarios that have high requirements on network latency and bandwidth
                                                                          • Containers can communicate with VMs using a microservice registration framework, such as Dubbo and CSE.
                                                                          +
                                                                          • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                          • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                          • Scenarios that have high requirements on network latency, bandwidth, and performance
                                                                          • Containers can communicate with VMs using a microservice registration framework, such as Dubbo and CSE.
                                                                          +
                                                                          • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                          • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.

                                                                          Core technology

                                                                          @@ -45,7 +45,7 @@

                                                                          CCE Turbo cluster

                                                                          Network isolation

                                                                          +

                                                                          Container network isolation

                                                                          Kubernetes native NetworkPolicy for pods

                                                                          Pods support security group isolation.

                                                                          Passthrough networking

                                                                          +

                                                                          Interconnecting pods to a load balancer

                                                                          No

                                                                          +

                                                                          Interconnected through a NodePort

                                                                          No

                                                                          +

                                                                          Interconnected through a NodePort

                                                                          Yes

                                                                          +

                                                                          Directly interconnected using a dedicated load balancer

                                                                          +

                                                                          Interconnected using a shared load balancer through a NodePort

                                                                          IP address management

                                                                          +

                                                                          Managing container IP addresses

                                                                          • The container CIDR block is allocated separately.
                                                                          • CIDR blocks are divided by node and can be dynamically allocated (CIDR blocks can be dynamically added after being allocated.)
                                                                          +
                                                                          • Separate container CIDR blocks needed
                                                                          • Container CIDR blocks divided by node and dynamically added after being allocated
                                                                          • The container CIDR block is allocated separately.
                                                                          • CIDR blocks are divided by node and statically allocated (the CIDR block cannot be changed after a node is created).
                                                                          +
                                                                          • Separate container CIDR blocks needed
                                                                          • Container CIDR blocks divided by node and statically allocated (the allocated CIDR blocks cannot be changed after a node is created)

                                                                          The container CIDR block is divided from the VPC subnet and does not need to be allocated separately.

                                                                          +

                                                                          Container CIDR blocks divided from a VPC subnet (You do not need to configure separate container CIDR blocks.)

                                                                          Network performance

                                                                          Performance loss due to VXLAN encapsulation

                                                                          No tunnel encapsulation. Cross-node packets are forwarded through VPC routers, delivering performance equivalent to that of the host network.

                                                                          +

                                                                          No tunnel encapsulation, and cross-node traffic forwarded through VPC routers (The performance is so good that is comparable to that of the host network, but there is a loss caused by NAT.)

                                                                          The container network is integrated with the VPC network, eliminating performance loss.

                                                                          +

                                                                          Container network integrated with VPC network, eliminating performance loss

                                                                          Networking scale

                                                                          @@ -86,20 +87,19 @@

                                                                          A maximum of 2000 nodes are supported.

                                                                          Suitable for small- and medium-scale networks due to the limitation on VPC routing tables. It is recommended that the number of nodes be less than or equal to 1000.

                                                                          -

                                                                          Each time a node is added to the cluster, a route is added to the VPC routing tables. Therefore, the cluster scale is limited by the VPC routing tables.

                                                                          +

                                                                          Each time a node is added to the cluster, a route is added to the VPC routing tables. Evaluate the cluster scale that is limited by the VPC routing tables before creating the cluster.

                                                                          A maximum of 2000 nodes are supported.

                                                                          +

                                                                          In a cloud-native network 2.0 cluster, containers' IP addresses are assigned from VPC CIDR blocks, and the number of containers supported is restricted by these blocks. Evaluate the cluster's scale limitations before creating it.
                                                                          -
                                                                          1. The scale of a cluster that uses the VPC network model is limited by the custom routes of the VPC. Therefore, estimate the number of required nodes before creating a cluster.
                                                                          2. The scale of a cluster that uses the Cloud Native Network 2.0 model depends on the size of the VPC subnet CIDR block selected for the network attachment definition. Before creating a cluster, evaluate the scale of your cluster.
                                                                          3. By default, VPC routing network supports direct communication between containers and hosts in the same VPC. If a peering connection policy is configured between the VPC and another VPC, the containers can directly communicate with hosts on the peer VPC. In addition, in hybrid networking scenarios such as Direct Connect and VPN, communication between containers and hosts on the peer end can also be achieved with proper planning.
                                                                          4. Do not change the mask of the primary CIDR block on the VPC after a cluster is created. Otherwise, the network will be abnormal.
                                                                          -
                                                                          -
                                                                          Parent topic: Container Network Models
                                                                          +
                                                                          Parent topic: Container Network
                                                                          diff --git a/docs/cce/umn/cce_10_0282.html b/docs/cce/umn/cce_10_0282.html index 219db235..b123737c 100644 --- a/docs/cce/umn/cce_10_0282.html +++ b/docs/cce/umn/cce_10_0282.html @@ -1,30 +1,32 @@ -

                                                                          Container Tunnel Network

                                                                          -

                                                                          Container Tunnel Network Model

                                                                          The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch. Though at some costs of performance, packet encapsulation and tunnel transmission enable higher interoperability and compatibility with advanced features (such as network policy-based isolation) for most common scenarios.
                                                                          Figure 1 Container tunnel network
                                                                          +

                                                                          Tunnel Network Model

                                                                          +

                                                                          Model Definition

                                                                          A container tunnel network creates a separate network plane for containers by using tunnel encapsulation on the host network plane. The container tunnel network of a CCE cluster uses VXLAN for tunnel encapsulation and Open vSwitch as the virtual switch backend. VXLAN is a protocol that encapsulates Ethernet packets into UDP packets to transmit them through tunnels. Open vSwitch is an open-source virtual switch software that provides functions such as network isolation and data forwarding.

                                                                          +
                                                                          While there may be some performance costs, packet encapsulation and tunnel transmission allow for greater interoperability and compatibility with advanced features, such as network policy-based isolation, in most common scenarios.
                                                                          Figure 1 Container tunnel network
                                                                          -

                                                                          Pod-to-pod communication

                                                                          -
                                                                          • On the same node: Packets are directly forwarded via the OVS bridge on the node.
                                                                          • Across nodes: Packets are encapsulated in the OVS bridge and then forwarded to the peer node.
                                                                          +

                                                                          In a cluster using the container tunnel model, the communication paths between pods on the same node and between pods on different nodes are different.

                                                                          +
                                                                          • Inter-pod communication on the same node: Packets are directly forwarded via the OVS bridge on the node.
                                                                          • Inter-pod communication on different nodes: Packets are encapsulated in the OVS bridge and then forwarded to the target pod on the peer node through the host NIC.

                                                                          Advantages and Disadvantages

                                                                          Advantages

                                                                          -
                                                                          • The container network is decoupled from the node network and is not limited by the VPC quotas and response speed (such as the number of VPC routes, number of elastic ENIs, and creation speed).
                                                                          • Network isolation is supported. For details, see Network Policies.
                                                                          • Bandwidth limits are supported.
                                                                          • Large-scale networking is supported.
                                                                          +
                                                                          • The container network is decoupled from the node network and is not limited by the VPC quotas and response speed (such as the number of VPC routes, number of ENIs, and creation speed).
                                                                          • Network isolation is supported. For details, see Configuring Network Policies to Restrict Pod Access.
                                                                          • Bandwidth limits are supported.
                                                                          • Large-scale networking with a maximum of 2000 nodes is supported.

                                                                          Disadvantages

                                                                          -
                                                                          • High encapsulation overhead, complex networking, and low performance
                                                                          • Pods cannot directly use functionalities such as EIPs and security groups.
                                                                          • External networks cannot be directly connected to container IP addresses.
                                                                          +
                                                                          • High encapsulation overhead results in poor performance and makes it difficult to locate network faults.
                                                                          • Pods cannot directly use features like EIPs and security groups.
                                                                          • Container IP addresses cannot be directly accessed by external networks.
                                                                          -

                                                                          Applicable Scenarios

                                                                          • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                          • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                          +

                                                                          Application Scenarios

                                                                          • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                          • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.

                                                                          Container IP Address Management

                                                                          The container tunnel network allocates container IP addresses according to the following rules:

                                                                          -
                                                                          • The container CIDR block is allocated separately, which is irrelevant to the node CIDR block.
                                                                          • IP addresses are allocated by node. One or more CIDR blocks with a fixed size (16 by default) are allocated to each node in a cluster from the container CIDR block.
                                                                          • When the IP addresses on a node are used up, you can apply for a new CIDR block.
                                                                          • The container CIDR block cyclically allocates CIDR blocks to new nodes or existing nodes in sequence.
                                                                          • Pods scheduled to a node are cyclically allocated IP addresses from one or more CIDR blocks allocated to the node.
                                                                          -
                                                                          Figure 2 IP address allocation of the container tunnel network
                                                                          -

                                                                          Maximum number of nodes that can be created in the cluster using the container tunnel network = Number of IP addresses in the container CIDR block / Size of the IP CIDR block allocated to the node by the container CIDR block at a time (16 by default)

                                                                          -

                                                                          For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. If 16 IP addresses are allocated to a node at a time, a maximum of 4096 (65536/16) nodes can be created in the cluster. This is an extreme case. If 4096 nodes are created, a maximum of 16 pods can be created for each node because only 16 IP CIDR block\s are allocated to each node. In addition, the number of nodes that can be created in a cluster also depends on the node network and cluster scale.

                                                                          +
                                                                          • Container CIDR blocks are separate from node CIDR blocks.
                                                                          • IP addresses are allocated by node. One or more CIDR blocks with a fixed size (16 by default) are allocated to each node in a cluster from the container CIDR block.
                                                                          • When the IP addresses on a node are used up, you can apply for a new CIDR block.
                                                                          • A container CIDR block assigns CIDR blocks to new nodes or existing nodes in a cyclical sequence.
                                                                          • IP addresses from one or more CIDR blocks assigned to a node are allocated to pods scheduled to that node in a cyclical manner.
                                                                          +
                                                                          Figure 2 IP address allocation of the container tunnel network
                                                                          +

                                                                          Maximum number of nodes that can be created in the cluster using the container tunnel network = Number of IP addresses in the container CIDR block/Size of the IP CIDR block allocated to the node by the container CIDR block at a time (16 by default)

                                                                          +

                                                                          For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to a node is 28. That is, a total of 16 container IP addresses are allocated each time. Therefore, a maximum of 4096 (65536/16) nodes can be created. This is an extreme case. If 4096 nodes are created, a maximum of 16 pods can be created for each node because only a CIDR block with 16 IP addresses is allocated to each node. The number of nodes that can be added to a cluster is also determined by the available IP addresses in the node subnet and the scale of the cluster.

                                                                          -

                                                                          Recommendation for CIDR Block Planning

                                                                          As described in Cluster Network Structure, network addresses in a cluster can be divided into three parts: node network, container network, and service network. When planning network addresses, consider the following aspects:

                                                                          -
                                                                          • The three CIDR blocks cannot overlap. Otherwise, a conflict occurs.
                                                                          • Ensure that each CIDR block has sufficient IP addresses.
                                                                            • The IP addresses in the node CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                            • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses. The number of pods that can be created on each node also depends on other parameter settings.
                                                                            +

                                                                            Recommendation for CIDR Block Planning

                                                                            As explained in Cluster Network Structure, network addresses in a cluster are divided into the cluster network, container network, and service network. When planning network addresses, consider the following factors:

                                                                            +
                                                                            • The three CIDR blocks cannot overlap. Otherwise, a conflict occurs.
                                                                            • Ensure that each CIDR block has sufficient IP addresses.
                                                                              • The IP addresses in the cluster CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                              • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses. The number of pods that can be created on each node also depends on other parameter settings.
                                                                            -

                                                                            Example of Container Tunnel Network Access

                                                                            Create a cluster that uses the container tunnel network model. Create a Deployment in the cluster.

                                                                            -
                                                                            kind: Deployment
+
                                                                            Example of Container Tunnel Network Access
                                                                            The following is an example of creating a workload in a cluster using the container tunnel network model:
                                                                            
+
                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                            2. Create a Deployment in the cluster.
                                                                              Create the deployment.yaml file. The following shows an example:
                                                                              
+
                                                                              kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: example
@@ -51,17 +53,19 @@ spec:
               memory: 512Mi
       imagePullSecrets:
         - name: default-secret
                                                                              
-
                                                                              View the created pod.
                                                                              
-
                                                                              $ kubectl get pod -owide
-NAME                       READY   STATUS    RESTARTS   AGE     IP          NODE           NOMINATED NODE   READINESS GATES
+
                                                                              Create the workload.
                                                                              
+
                                                                              kubectl apply -f deployment.yaml
                                                                              
+
                                                                            3. Check the running pods.
                                                                              kubectl get pod -owide
                                                                              
+
                                                                              Command output:
                                                                              
+
                                                                              NAME                       READY   STATUS    RESTARTS   AGE     IP          NODE           NOMINATED NODE   READINESS GATES
 example-5bdc5699b7-5rvq4   1/1     Running   0          3m28s   10.0.0.20   192.168.0.42   <none>           <none>
 example-5bdc5699b7-984j9   1/1     Running   0          3m28s   10.0.0.21   192.168.0.42   <none>           <none>
 example-5bdc5699b7-lfxkm   1/1     Running   0          3m28s   10.0.0.22   192.168.0.42   <none>           <none>
 example-5bdc5699b7-wjcmg   1/1     Running   0          3m28s   10.0.0.52   192.168.0.64   <none>           <none>
                                                                              
-
                                                                              In this case, the IP address of the pod cannot be directly accessed outside the cluster in the same VPC. This is a feature of the container tunnel network.
                                                                              
-
                                                                              However, the pod can be accessed from a node in the cluster or in the pod. As shown in the following figure, the pod can be accessed directly from the container.
                                                                              
-
                                                                              $ kubectl exec -it example-5bdc5699b7-5rvq4 -- curl 10.0.0.21
-<!DOCTYPE html>
+
                                                                            4. Use a cloud server in the same VPC to directly access a pod's IP address from outside the cluster. The access failed.
                                                                              You can access a pod using its IP address within the pod or from a node in the cluster. In the following example, access a pod's IP address within the pod. example-5bdc5699b7-5rvq4 is the pod name, and 10.0.0.21 is the pod IP address.
                                                                              kubectl exec -it example-5bdc5699b7-5rvq4 -- curl 10.0.0.21
                                                                              
+
                                                                              
+
                                                                              If the following information is displayed, the workload can be properly accessed:
                                                                              
+
                                                                              <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>
@@ -86,11 +90,12 @@ Commercial support is available at
 <p><em>Thank you for using nginx.</em></p>
 </body>
 </html>
                                                                              
+
                                                                            -
                                                                            Parent topic: Container Network Models
                                                                            +
                                                                            Parent topic: Tunnel Network Settings
                                                                            diff --git a/docs/cce/umn/cce_10_0283.html b/docs/cce/umn/cce_10_0283.html index 5b74890f..29edb9e7 100644 --- a/docs/cce/umn/cce_10_0283.html +++ b/docs/cce/umn/cce_10_0283.html @@ -1,38 +1,38 @@ -

                                                                            VPC Network

                                                                            -

                                                                            Model Definition

                                                                            The VPC network uses VPC routing to integrate with the underlying network. This network model is suitable for performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the VPC route quota. Each node is assigned a CIDR block of a fixed size. This networking model is free from tunnel encapsulation overhead and outperforms the container tunnel network model. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from ECSs in the same VPC outside the cluster.
                                                                            Figure 1 VPC network model
                                                                            +

                                                                            VPC Network Model

                                                                            +

                                                                            Model Definition

                                                                            The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. In the VPC network model, container CIDR blocks are separate from node CIDR blocks. To allocate IP addresses to containers running on a node in a cluster, each node in the cluster is allocated with a container CIDR block for a fixed number of IP addresses. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. When using the VPC network model in a cluster, the VPC routing table automatically configures the routes between container CIDR blocks and VPC CIDR blocks. This means that pods within the cluster can be accessed directly from cloud servers in the same VPC, even if they are outside the cluster.
                                                                            Figure 1 VPC network model
                                                                            -

                                                                            Pod-to-pod communication

                                                                            -
                                                                            • On the same node: Packets are directly forwarded through IPvlan.
                                                                            • Across nodes: Packets are forwarded to the default gateway through default routes, and then to the peer node via the VPC routes.
                                                                            +

                                                                            In a cluster using the VPC network model, network communication paths are as follows:

                                                                            +
                                                                            • Inter-pod communication on the same node: Packets are directly forwarded through IPvlan.
                                                                            • Inter-pod communication on different nodes: The traffic accesses the default gateway by following the route specified in the VPC routing table and then is forwarded to the target pod on another node using VPC routing.
                                                                            • Pod communication outside a cluster: When a container in a cluster needs to access a network outside of the cluster, CCE uses NAT to translate the container's IP address into the node IP address so that the pod communicates externally using the node IP address.

                                                                            Advantages and Disadvantages

                                                                            Advantages

                                                                            -
                                                                            • No tunnel encapsulation is required, so network problems are easy to locate and the performance is high.
                                                                            • In the same VPC, the external network of the cluster can be directly connected to the container IP address.
                                                                            +
                                                                            • High performance and simplified network fault locating are achieved by eliminating the need for tunnel encapsulation.
                                                                            • A VPC routing table automatically configures routes between container CIDR blocks and VPC CIDR blocks. This enables resources in the VPC to directly communicate with containers in the cluster.

                                                                              Similarly, if the VPC is accessible to other VPCs or data centers and the VPC routing table includes routes to the container CIDR blocks, resources in other VPCs or data centers can directly communicate with containers in the cluster, provided there are no conflicts between the network CIDR blocks.

                                                                              +
                                                                              +

                                                                            Disadvantages

                                                                            -
                                                                            • The number of nodes is limited by the VPC route quota.
                                                                            • Each node is assigned a CIDR block of a fixed size, which leads to a waste of IP addresses in the container CIDR block.
                                                                            • Pods cannot directly use functionalities such as EIPs and security groups.
                                                                            +
                                                                            • The number of nodes is limited by the VPC route quota.
                                                                            • Each node is assigned a CIDR block with a fixed size, which results in IP address wastage in the container CIDR block.
                                                                            • Pods cannot directly use features like EIPs and security groups.
                                                                            -

                                                                            Applicable Scenarios

                                                                            • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                            • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                            +

                                                                            Application Scenarios

                                                                            • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                            • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                            -

                                                                            Container IP Address Management

                                                                            The VPC network allocates container IP addresses according to the following rules:

                                                                            -
                                                                            • The container CIDR block is allocated separately.
                                                                            • IP addresses are allocated by node. One CIDR block with a fixed size (which is configurable) is allocated to each node in a cluster from the container CIDR block.
                                                                            • The container CIDR block cyclically allocates CIDR blocks to new nodes in sequence.
                                                                            • Pods scheduled to a node are cyclically allocated IP addresses from CIDR blocks allocated to the node.
                                                                            -
                                                                            Figure 2 IP address management of the VPC network
                                                                            +

                                                                            Container IP Address Management

                                                                            The VPC network model assigns container IP addresses based on the following guidelines:

                                                                            +
                                                                            • Container CIDR blocks are separate from node CIDR blocks.
                                                                            • IP addresses are allocated by node. One CIDR block with a fixed size (configurable) is allocated to each node in a cluster from the container CIDR block.
                                                                            • A container CIDR block assigns CIDR blocks to new nodes in a cyclical sequence.
                                                                            • IP addresses from the CIDR blocks assigned to a node are allocated to pods scheduled to that node in a cyclical manner.
                                                                            +
                                                                            Figure 2 IP address management of the VPC network

                                                                            Maximum number of nodes that can be created in the cluster using the VPC network = Number of IP addresses in the container CIDR block /Number of IP addresses in the CIDR block allocated to the node by the container CIDR block

                                                                            -

                                                                            For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to the node is 25. That is, the number of container IP addresses on each node is 128. Therefore, a maximum of 512 (65536/128) nodes can be created. In addition, the number of nodes that can be created in a cluster also depends on the node network and cluster scale.

                                                                            +

                                                                            For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to a node is 25. That is, the number of container IP addresses on each node is 128. Therefore, a maximum of 512 (65536/128) nodes can be created. The number of nodes that can be added to a cluster is also determined by the available IP addresses in the node subnet and the scale of the cluster. For details, see Recommendation for CIDR Block Planning.

                                                                            -

                                                                            Recommendation for CIDR Block Planning

                                                                            As described in Cluster Network Structure, network addresses in a cluster can be divided into three parts: node network, container network, and service network. When planning network addresses, consider the following aspects:

                                                                            -
                                                                            • The three CIDR blocks cannot overlap. Otherwise, a conflict occurs.
                                                                            • Ensure that each CIDR block has sufficient IP addresses.
                                                                              • The IP addresses in the node CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                              • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses. The number of pods that can be created on each node also depends on other parameter settings.
                                                                              +

                                                                              Recommendation for CIDR Block Planning

                                                                              As explained in Cluster Network Structure, network addresses in a cluster are divided into the cluster network, container network, and service network. When planning network addresses, consider the following factors:

                                                                              +
                                                                              • The three CIDR blocks cannot overlap. Otherwise, a conflict occurs.
                                                                              • Ensure that each CIDR block has sufficient IP addresses.
                                                                                • The IP addresses in the cluster CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                                • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses. The number of pods that can be created on each node also depends on other parameter settings.

                                                                              Assume that a cluster contains 200 nodes and the network model is VPC network.

                                                                              -

                                                                              In this case, the number of available IP addresses in the selected node subnet must be greater than 200. Otherwise, nodes cannot be created due to insufficient IP addresses.

                                                                              -

                                                                              The container CIDR block is 10.0.0.0/16, and the number of available IP addresses is 65536. As described in Container IP Address Management, the VPC network is allocated a CIDR block with the fixed size (using the mask to determine the maximum number of container IP addresses allocated to each node). For example, if the upper limit is 128, the cluster supports a maximum of 512 (65536/128) nodes, including the three master nodes.

                                                                              +

                                                                              In this case, the number of available IP addresses in the selected subnet must be greater than 200. Otherwise, nodes cannot be created due to insufficient IP addresses.

                                                                              +

                                                                              The container CIDR block is 172.16.0.0/16, and the number of available IP addresses is 65536. As described in Container IP Address Management, the VPC network is allocated a CIDR block with a fixed size (using the mask to determine the maximum number of container IP addresses allocated to each node). For example, if the upper limit is 128, the cluster supports a maximum of 512 (65536/128) nodes.

                                                                              -

                                                                              Example of VPC Network Access

                                                                              Create a cluster using the VPC network model. The cluster contains one node.

                                                                              -
                                                                              $ kubectl get node
-NAME           STATUS   ROLES    AGE   VERSION
-192.168.0.99   Ready    <none>   9d    v1.17.17-r0-CCE21.6.1.B004-17.37.5
                                                                              -

                                                                              Check the VPC routing table. The destination address 172.16.0.0/25 is the container CIDR block allocated to the node, and the next hop is the corresponding node. When the container IP address is accessed, the VPC route forwards the access request to the next-hop node. This indicates that the VPC network model uses VPC routes.

                                                                              -

                                                                              Create a Deployment in the cluster.

                                                                              -
                                                                              kind: Deployment
+
                                                                              Example of VPC Network Access
                                                                              In this example, a cluster using the VPC network model is created, and the cluster contains one node.
                                                                              
+
                                                                              On the VPC console, locate the VPC to which the cluster belongs and check the VPC routing table.
                                                                              
+
                                                                              You can find that CCE has created a custom route in the routing table. This route has a destination address corresponding to the container CIDR block assigned to the node, and the next hop is directed towards the target node. In the example, the container CIDR block for the cluster is 172.16.0.0/16, with 128 container IP addresses assigned to each node. Therefore, the node's container CIDR block is 172.16.0.0/25, providing a total of 128 container IP addresses.
                                                                              
+
                                                                              When a container IP address is accessed, the VPC route will forward the traffic to the next-hop node that corresponds to the destination address. The following is an example:
                                                                              
+
                                                                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                              2. Create a Deployment in the cluster.
                                                                                Create the deployment.yaml file. The following shows an example:
                                                                                kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: example
@@ -52,17 +52,19 @@ spec:
           image: 'nginx:perl'
       imagePullSecrets:
         - name: default-secret
                                                                                
-
                                                                                Check the pod.
                                                                                
-
                                                                                $ kubectl get pod -owide
-NAME                       READY   STATUS    RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
+
                                                                                
+
                                                                                Create the workload.
                                                                                
+
                                                                                kubectl apply -f deployment.yaml
                                                                                
+
                                                                              3. Check the running pods.
                                                                                kubectl get pod -owide
                                                                                
+
                                                                                Command output:
                                                                                NAME                       READY   STATUS    RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
 example-86b9779494-l8qrw   1/1     Running   0          14s   172.16.0.6   192.168.0.99   <none>           <none>
 example-86b9779494-svs8t   1/1     Running   0          14s   172.16.0.7   192.168.0.99   <none>           <none>
 example-86b9779494-x8kl5   1/1     Running   0          14s   172.16.0.5   192.168.0.99   <none>           <none>
 example-86b9779494-zt627   1/1     Running   0          14s   172.16.0.8   192.168.0.99   <none>           <none>
                                                                                
-
                                                                                In this case, if you access the IP address of the pod from an ECS (outside the cluster) in the same VPC, the access is successful. This is a feature of VPC networking. Pods can be directly accessed from any node locating outside of the cluster and in the same VPC as that of the pods using the pods' IP addresses.
                                                                                
-
                                                                                Pods can be accessed from nodes or pods in the same cluster. In the following example, you can directly access the pods in the container.
                                                                                
-
                                                                                $ kubectl exec -it example-86b9779494-l8qrw -- curl 172.16.0.7
-<!DOCTYPE html>
+
                                                                                
+
                                                                              4. Use a cloud server in the same VPC to directly access a pod's IP address from outside the cluster. You can also access a pod using its IP address within the pod or from a node in the cluster. In the following example, access a pod's IP address within the pod. example-86b9779494-l8qrw is the pod name, and 172.16.0.7 is the pod IP address.
                                                                                kubectl exec -it example-86b9779494-l8qrw -- curl 172.16.0.7
                                                                                
+
                                                                                If the following information is displayed, the workload can be properly accessed:
                                                                                
+
                                                                                <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome to nginx!</title>
@@ -87,11 +89,12 @@ Commercial support is available at
 <p><em>Thank you for using nginx.</em></p>
 </body>
 </html>
                                                                                
+
                                                                              -
                                                                              Parent topic: Container Network Models
                                                                              +
                                                                              Parent topic: VPC Network Settings
                                                                              diff --git a/docs/cce/umn/cce_10_0284.html b/docs/cce/umn/cce_10_0284.html index c4bb178d..7339f8bf 100644 --- a/docs/cce/umn/cce_10_0284.html +++ b/docs/cce/umn/cce_10_0284.html @@ -1,19 +1,21 @@ -

                                                                              Cloud Native 2.0 Network

                                                                              -

                                                                              Model Definition

                                                                              Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and EIPs are bound to deliver high performance.

                                                                              -
                                                                              Figure 1 Cloud Native 2.0 network
                                                                              -

                                                                              Pod-to-pod communication

                                                                              -
                                                                              • Pods on BMS nodes use ENIs, whereas pods on ECS nodes use Sub-ENIs. Sub-ENIs are attached to ENIs through VLAN sub-interfaces.
                                                                              • On the same node: Packets are forwarded through the VPC ENI or sub-ENI.
                                                                              • Across nodes: Packets are forwarded through the VPC ENI or sub-ENI.
                                                                              +

                                                                              Cloud Native 2.0 Network Model

                                                                              +

                                                                              Model Definition

                                                                              Cloud Native 2.0 network model is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network interfaces (sub-ENIs) of the Virtual Private Cloud (VPC). This allows ENIs or sub-ENIs to be directly bound to pods, giving each pod its own unique IP address within the VPC. Furthermore, it supports additional features like ELB passthrough container, pod binding to a security group, and pod binding to an EIP. Because container tunnel encapsulation and NAT are not required, the Cloud Native 2.0 network model enables higher network performance than the container tunnel network model and VPC network model.

                                                                              +
                                                                              Figure 1 Cloud Native 2.0 network model
                                                                              +

                                                                              In a cluster using the Cloud Native 2.0 network model, pods rely on ENIs or sub-ENIs to connect to external networks.

                                                                              +
                                                                              • Pods running on BMS nodes use ENIs.
                                                                              • Pods running on ECS nodes use sub-ENIs that are bound to the ECS' ENIs through VLAN sub-interfaces.
                                                                              • To run a pod, it is necessary to bind ENIs to it. The number of pods that can run on a node depends on the number of ENIs that can be bound to the node and the number of ENI ports available on the node.
                                                                              • Traffic for communications between pods on a node, communications between pods on different nodes, and access to networks outside a cluster is forwarded through the ENI or sub-ENI of the VPC.

                                                                              Constraints

                                                                              This network model is available only to CCE Turbo clusters.

                                                                              Advantages and Disadvantages

                                                                              Advantages

                                                                              -
                                                                              • As the container network directly uses VPC, it is easy to locate network problems and provide the highest performance.
                                                                              • External networks in a VPC can be directly connected to container IP addresses.
                                                                              • The load balancing, security group, and EIP capabilities provided by VPC can be directly used by pods.
                                                                              +
                                                                              • VPCs serve as the foundation for constructing container networks. Every pod has its own network interface and IP address, which simplifies network problem-solving and enhances performance.
                                                                              • In the same VPC, ENIs are directly bound to pods in a cluster, so that resources outside the cluster can directly communicate with containers within the cluster.

                                                                                Similarly, if the VPC is accessible to other VPCs or data centers, resources in other VPCs or data centers can directly communicate with containers in the cluster, provided there are no conflicts between the network CIDR blocks.

                                                                                +
                                                                                +
                                                                              • The load balancing, security group, and EIP capabilities provided by VPC can be directly used by pods.

                                                                              Disadvantages

                                                                              -

                                                                              The container network directly uses VPC, which occupies the VPC address space. Therefore, you must properly plan the container CIDR block before creating a cluster.

                                                                              +

                                                                              Container networks are built on VPCs, with each pod receiving an IP address from the VPC CIDR block. As a result, it is crucial to plan the container CIDR block carefully before creating a cluster.

                                                                              -

                                                                              Application Scenarios

                                                                              • High performance requirements and use of other VPC network capabilities: Cloud Native Network 2.0 directly uses VPC, which delivers almost the same performance as the VPC network. Therefore, it applies to scenarios that have high requirements on bandwidth and latency.
                                                                              • Large-scale networking: Cloud Native Network 2.0 supports a maximum of 2000 ECS nodes and 100,000 containers.
                                                                              +

                                                                              Application Scenarios

                                                                              • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                              • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.

                                                                              Container IP Address Management

                                                                              In the Cloud Native Network 2.0 model, ECS nodes use sub-ENIs.

                                                                              • The IP address of the pod is directly allocated from the VPC subnet configured for the container network. You do not need to allocate an independent small network segment to the node.
                                                                              • To add an ECS node to a cluster, bind the ENI that carries the sub-ENI first. After the ENI is bound, you can bind the sub-ENI.
                                                                              • Number of ENIs bound to an ECS node: For clusters of v1.19.16-r40, v1.21.11-r0, v1.23.9-r0, v1.25.4-r0, v1.27.1-r0, and later versions, the value is 1. For clusters of earlier versions, the value is the maximum number of sub-ENIs that can be bound to the node divided by 64 (rounded up).
                                                                              • ENIs bound to an ECS node = Number of ENIs used to bear sub-ENIs + Number of sub-ENIs currently used by pods + Number of pre-bound sub-ENIs
                                                                              • When a pod is created, an available ENI is randomly allocated from the prebinding ENI pool of the node.
                                                                              • When the pod is deleted, the ENI is released back to the ENI pool of the node.
                                                                              • When a node is deleted, the ENIs are released back to the pool, and the sub-ENIs are deleted.
                                                                              @@ -105,19 +107,20 @@
                                                                              The number of pre-binding ENIs on the node remains in the following range:
                                                                              • Minimum number of ENIs to be pre-bound = min(max(nic-minimum-target – Number of bound ENIs, nic-warm-target), nic-maximum-target – Number of bound ENIs)
                                                                              • Maximum number of ENIs to be pre-bound = max(nic-warm-target + nic-max-above-warm-target, Number of bound ENIs – nic-minimum-target)
                                                                              -

                                                                              When a pod is created, an idle ENI (the earliest unused one) is preferentially allocated from the pool. If no idle ENI is available, a newsub-ENI is bound to the pod.

                                                                              +

                                                                              When a pod is created, an idle ENI (the earliest unused one) is preferentially allocated from the pool. If no idle ENI is available, a new sub-ENI is bound to the pod.

                                                                              When the pod is deleted, the corresponding ENI is released back to the pre-bound ENI pool of the node, enters a 2 minutes cooldown period, and can be bind to another pod. If the ENI is not bound to any pod within 2 minutes, it will be released.

                                                                              -

                                                                              Recommendation for CIDR Block Planning

                                                                              As described in Cluster Network Structure, network addresses in a cluster can be divided into three parts: node network, container network, and service network. When planning network addresses, consider the following aspects:

                                                                              -
                                                                              • The three CIDR blocks cannot overlap. Otherwise, a conflict occurs. All subnets (including those created from the secondary CIDR block) in the VPC where the cluster resides cannot conflict with the container and Service CIDR blocks.
                                                                              • Ensure that each CIDR block has sufficient IP addresses.
                                                                                • The IP addresses in the node CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                                • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses.
                                                                                +

                                                                                Recommendation for CIDR Block Planning

                                                                                As explained in Cluster Network Structure, network addresses in a cluster are divided into the cluster network, container network, and service network. When planning network addresses, consider the following factors:

                                                                                +
                                                                                • All subnets (including extended subnets) in the VPC where the cluster resides cannot conflict with the Service CIDR blocks.
                                                                                • Ensure that each CIDR block has sufficient IP addresses.
                                                                                  • The IP addresses in the cluster CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                                  • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses.
                                                                                -

                                                                                In the Cloud Native Network 2.0 model, the container CIDR block and node CIDR block share the network addresses in a VPC. It is recommended that the container subnet and node subnet not use the same subnet. Otherwise, containers or nodes may fail to be created due to insufficient IP resources.

                                                                                +

                                                                                In the Cloud Native 2.0 network model, the container CIDR block and node CIDR block share the network IP addresses in a VPC. It is recommended that the container subnet and node subnet not use the same subnet. Otherwise, containers or nodes may fail to be created due to insufficient IP addresses.

                                                                                In addition, a subnet can be added to the container CIDR block after a cluster is created to increase the number of available IP addresses. In this case, ensure that the added subnet does not conflict with other subnets in the container CIDR block.

                                                                                -
                                                                                Figure 2 Configuring CIDR blocks
                                                                                +
                                                                                Figure 2 Configuring CIDR blocks
                                                                                -

                                                                                Example of Cloud Native Network 2.0 Access

                                                                                Create a CCE Turbo cluster, which contains three ECS nodes.

                                                                                -

                                                                                Access the details page of one node. You can see that the node has one primary ENI and one extended ENI, and both of them are ENIs. The extended ENI belongs to the container CIDR block and is used to mount a sub-ENI to the pod.

                                                                                -

                                                                                Create a Deployment in the cluster.

                                                                                +

                                                                                Example of Cloud Native Network 2.0 Access

                                                                                In this example, a CCE Turbo cluster is created, and the cluster contains three ECS nodes.

                                                                                +

                                                                                You can check the basic information about a node on the ECS console. You can see that a primary network interface and an extended network interface are bound to the node. Both of them are ENIs. The IP address of the extended network interface belongs to the container CIDR block and is used to bind sub-ENIs to pods on the node.

                                                                                +

                                                                                The following is an example of creating a workload in a cluster using the Cloud Native 2.0 network model:

                                                                                +
                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                2. Create a Deployment in the cluster.

                                                                                  Create the deployment.yaml file. The following shows an example:

                                                                                  kind: Deployment
 apiVersion: apps/v1
 metadata:
@@ -145,23 +148,53 @@ spec:
               memory: 512Mi
       imagePullSecrets:
         - name: default-secret
                                                                                  -

                                                                                  View the created pod.

                                                                                  -
                                                                                  $ kubectl get pod -owide
-NAME                       READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   READINESS GATES
+
                                                                                  Create the workload.
                                                                                  
+
                                                                                  kubectl apply -f deployment.yaml
                                                                                  
+
                                                                                3. Check the running pods.

                                                                                  kubectl get pod -owide
                                                                                  +

                                                                                  Command output:

                                                                                  +
                                                                                  NAME                       READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   READINESS GATES
 example-5bdc5699b7-54v7g   1/1     Running   0          7s    10.1.18.2     10.1.0.167   <none>           <none>
 example-5bdc5699b7-6dzx5   1/1     Running   0          7s    10.1.18.216   10.1.0.186   <none>           <none>
 example-5bdc5699b7-gq7xs   1/1     Running   0          7s    10.1.16.63    10.1.0.144   <none>           <none>
 example-5bdc5699b7-h9rvb   1/1     Running   0          7s    10.1.16.125   10.1.0.167   <none>           <none>
 example-5bdc5699b7-s9fts   1/1     Running   0          7s    10.1.16.89    10.1.0.144   <none>           <none>
 example-5bdc5699b7-swq6q   1/1     Running   0          7s    10.1.17.111   10.1.0.167   <none>           <none>
                                                                                  -

                                                                                  The IP addresses of all pods are sub-ENIs, which are mounted to the ENI (extended ENI) of the node.

                                                                                  -

                                                                                  For example, the extended ENI of node 10.1.0.167 is 10.1.17.172. On the Network Interfaces page of the Network Console, you can see that three sub-ENIs are mounted to the extended ENI 10.1.17.172, which is the IP address of the pod.

                                                                                  -

                                                                                  In the VPC, the IP address of the pod can be successfully accessed.

                                                                                  +

                                                                                  The IP addresses of all pods are sub-ENIs, which are bound to the ENI (extended network interface) of the node.

                                                                                  +

                                                                                  For example, the IP address of the extended network interface of node 10.1.0.167 is 10.1.17.172. On the network interfaces console, you can see that there are three sub-ENIs bound to the extended network interface whose IP address is 10.1.17.172. These sub-ENIs are the IP addresses of the pods running on the node.

                                                                                  +

                                                                                4. Log in to an ECS in the same VPC and access the IP address of a pod from outside the cluster.

                                                                                  In this example, the accessed pod IP address is 10.1.18.2.

                                                                                  +
                                                                                  curl 10.1.18.2
                                                                                  +

                                                                                  If the following information is displayed, the workload can be properly accessed:

                                                                                  +
                                                                                  <!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
                                                                                  +

                                                                                diff --git a/docs/cce/umn/cce_10_0285.html b/docs/cce/umn/cce_10_0285.html index 2dca2f3f..28c69a83 100644 --- a/docs/cce/umn/cce_10_0285.html +++ b/docs/cce/umn/cce_10_0285.html @@ -7,18 +7,18 @@
                                                                                • Group them in different clusters for different environments.

                                                                                  Resources cannot be shared among different clusters. In addition, services in different environments can access each other only through load balancing.

                                                                                • Group them in different namespaces for different environments.

                                                                                  Workloads in the same namespace can be mutually accessed by using the Service name. Cross-namespace access can be implemented by using the Service name or namespace name.

                                                                                  The following figure shows namespaces created for the development, joint debugging, and testing environments, respectively.

                                                                                  -
                                                                                  Figure 1 One namespace for one environment
                                                                                  +
                                                                                  Figure 1 One namespace for one environment
                                                                              • Isolating namespaces by application

                                                                                You are advised to use this method if a large number of workloads are deployed in the same environment. For example, in the following figure, different namespaces (APP1 and APP2) are created to logically manage workloads as different groups. Workloads in the same namespace access each other using the Service name, and workloads in different namespaces access each other using the Service name or namespace name.

                                                                                -
                                                                                Figure 2 Grouping workloads into different namespaces
                                                                                +
                                                                                Figure 2 Grouping workloads into different namespaces

                                                                              Managing Namespace Labels

                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                              2. Locate the row containing the target namespace and choose More > Manage Label in the Operation column.
                                                                              3. In the dialog box that is displayed, the existing labels of the namespace are displayed. Modify the labels as needed.

                                                                                • Adding a label: Click the add icon, enter the key and value of the label to be added, and click OK.

                                                                                  For example, the key is project and the value is cicd, indicating that the namespace is used to deploy CICD.

                                                                                  -
                                                                                • Deleting a label: Click next the label to be deleted and then OK.
                                                                                +
                                                                              4. Deleting a label: Click next the label to be deleted and then OK.

                                                                          • Switch to the Manage Label dialog box again and check the modified labels.

                                                                          Enabling Node Affinity in a Namespace

                                                                          After node affinity is enabled in a namespace, the workloads newly created in the namespace can be scheduled only to nodes with specific labels. For details, see PodNodeSelector.

                                                                          -
                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                          2. Locate the target namespace and click in the Node Affinity column.
                                                                          3. In the displayed dialog box, select Enable and click OK.

                                                                            After node affinity is enabled, new workloads in the current namespace will be scheduled only to nodes with specified labels. For example, in namespace test, the workloads in the namespace can be scheduled only to the node whose label key is kubelet.kubernetes.io/namespace and label value is test.

                                                                            +
                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                            2. Locate the target namespace and click in the Node Affinity column.
                                                                            3. In the displayed dialog box, select Enable and click OK.

                                                                              After node affinity is enabled, new workloads in the current namespace will be scheduled only to nodes with specified labels. For example, in namespace test, the workloads in the namespace can be scheduled only to the node whose label key is kubelet.kubernetes.io/namespace and label value is test.

                                                                            4. You can add specified labels to a node in Labels and Taints on the Nodes page. For details, see Managing Node Labels.

                                                                          Deleting a Namespace

                                                                          If a namespace is deleted, all resources (such as workloads, jobs, and ConfigMaps) in this namespace will also be deleted. Exercise caution when deleting a namespace.

                                                                          diff --git a/docs/cce/umn/cce_10_0287.html b/docs/cce/umn/cce_10_0287.html index fb3e8a8e..3dc2af4a 100644 --- a/docs/cce/umn/cce_10_0287.html +++ b/docs/cce/umn/cce_10_0287.html @@ -108,7 +108,7 @@
                                                                          -

                                                                          Constraints

                                                                          Kubernetes provides optimistic concurrency control (OCC), also known as optimistic locking, for frequent data updates. You can use optimistic locking by defining the resourceVersion field. This field is in the object metadata. This field identifies the internal version number of the object. When the object is modified, this field is modified accordingly. You can use kube-apiserver to check whether an object has been modified. When the API server receives an update request containing the resourceVersion field, the server compares the requested data with the resource version number of the server. If they are different, the object on the server has been modified when the update is submitted. In this case, the API server returns a conflict error (409). Obtain the server data, modify the data, and submit the data to the server again. The resource quota limits the total resource consumption of each namespace and records the resource information in the cluster. Therefore, after the enable-resource-quota option is enabled, the probability of resource creation conflicts increases in large-scale concurrency scenarios, affecting the performance of batch resource creation.

                                                                          +

                                                                          Notes and Constraints

                                                                          Kubernetes provides optimistic concurrency control (OCC), also known as optimistic locking, for frequent data updates. You can use optimistic locking by defining the resourceVersion field. This field is in the object metadata. This field identifies the internal version number of the object. When the object is modified, this field is modified accordingly. You can use kube-apiserver to check whether an object has been modified. When the API server receives an update request containing the resourceVersion field, the server compares the requested data with the resource version number of the server. If they are different, the object on the server has been modified when the update is submitted. In this case, the API server returns a conflict error (409). Obtain the server data, modify the data, and submit the data to the server again. The resource quota limits the total resource consumption of each namespace and records the resource information in the cluster. Therefore, after the enable-resource-quota option is enabled, the probability of resource creation conflicts increases in large-scale concurrency scenarios, affecting the performance of batch resource creation.

                                                                          Procedure

                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                          2. In the navigation pane, click Namespaces.
                                                                          3. Click Quota Management next to the target namespace.

                                                                            This operation cannot be performed on system namespaces kube-system and kube-public.

                                                                          4. Set the resource quotas and click OK.

                                                                            • After setting CPU and memory quotas for a namespace, you must specify the request and limit values of CPU and memory resources when creating a workload. Otherwise, the workload cannot be created. If the quota of a resource is set to 0, the resource usage is not limited.
                                                                            • Accumulated quota usage includes the resources used by CCE to create default components, such as the Kubernetes Services (which can be viewed using kubectl) created under the default namespace. Therefore, you are advised to set a resource quota greater than expected to reserve resource for creating default components.
                                                                            diff --git a/docs/cce/umn/cce_10_0288.html b/docs/cce/umn/cce_10_0288.html index c9f1e86e..454fd1d8 100644 --- a/docs/cce/umn/cce_10_0288.html +++ b/docs/cce/umn/cce_10_0288.html @@ -1,10 +1,10 @@ -

                                                                            Binding a Custom Security Group to a Workload

                                                                            +

                                                                            Binding a Security Group to a Workload Using a Security Group Policy

                                                                            In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. To bind CCE pods with security groups, CCE provides a custom resource object named SecurityGroup. Using this resource object, you can customize security isolation for workloads.

                                                                            The priority of the security group bound to pods using the security group policy is higher than that of the security group in the NetworkAttachmentDefinition.

                                                                            -

                                                                            Constraints

                                                                            • This function is supported for CCE Turbo clusters of v1.19 and later. Upgrade your CCE Turbo clusters if their versions are earlier than v1.19.
                                                                            • A workload can be bound to a maximum of five security groups.
                                                                            +

                                                                            Notes and Constraints

                                                                            • This function is supported for CCE Turbo clusters of v1.19 and later. Upgrade your CCE Turbo clusters if their versions are earlier than v1.19.
                                                                            • A workload can be bound to a maximum of five security groups.

                                                                            Using the Console

                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                            2. In the navigation pane, choose Workloads. On the displayed page, click the desired workload name.
                                                                            3. Switch to the SecurityGroups tab and click Create.

                                                                            4. Set the parameters as described in Table 1.

                                                                              @@ -28,7 +28,7 @@

                                                                          The selected security group will be bound to the ENI or supplementary ENI of the selected workload. A maximum of five security groups can be selected from the drop-down list. You must select one or multiple security groups to create a SecurityGroup.

                                                                          If no security group has not been created, click Create Security Group. After the security group is created, click the refresh button.

                                                                          -
                                                                          NOTICE:
                                                                          • A maximum of five security groups can be selected.
                                                                          • Hover the cursor on next to the security group name, and you can view details about the security group.
                                                                          +
                                                                          NOTICE:
                                                                          • A maximum of five security groups can be selected.
                                                                          • Hover the cursor on the security group name, and you can obtain details about the security group.

                                                                          64566556-bd6f-48fb-b2c6-df8f44617953

                                                                          @@ -41,7 +41,7 @@

                                                                        14. After setting the parameters, click OK.

                                                                          After the security group is created, the system automatically returns to the security group list page where you can see the new security group.

                                                                          15. -

                                                                          Using kubectl

                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                          2. Create a description file named securitygroup-demo.yaml.

                                                                            vi securitygroup-demo.yaml

                                                                            +

                                                                            Using kubectl

                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                            2. Create a description file named securitygroup-demo.yaml.

                                                                              vi securitygroup-demo.yaml

                                                                              For example, create the following SecurityGroup to bind all nginx workloads with two security groups 64566556-bd6f-48fb-b2c6-df8f44617953 and 5451f1b0-bd6f-48fb-b2c6-df8f44617953 that have been created in advance. An example is as follows:

                                                                              apiVersion: crd.yangtse.cni/v1
 kind: SecurityGroup
@@ -127,7 +127,7 @@ spec:
                                                                            3. Run the following command to create the SecurityGroup:

                                                                              kubectl create -f securitygroup-demo.yaml

                                                                              If the following information is displayed, the SecurityGroup is being created.

                                                                              securitygroup.crd.yangtse.cni/demo created
                                                                              -

                                                                            4. Run the following command to view the SecurityGroup:

                                                                              kubectl get sg

                                                                              +

                                                                            5. Run the following command to check the SecurityGroup:

                                                                              kubectl get sg

                                                                              If the name of the created SecurityGroup is demo in the command output, the SecurityGroup is created successfully.

                                                                              NAME                       POD-SELECTOR                      AGE
 all-no                     map[matchLabels:map[app:nginx]]   4h1m
diff --git a/docs/cce/umn/cce_10_0290.html b/docs/cce/umn/cce_10_0290.html
index 938a6842..4d5079b2 100644
--- a/docs/cce/umn/cce_10_0290.html
+++ b/docs/cce/umn/cce_10_0290.html
@@ -2,12 +2,14 @@
 
 
                                                                              Workload Scaling Rules
                                                                              
 
                                                                              How HPA Works
                                                                              HPA is a controller that controls horizontal pod scaling. HPA periodically checks the pod metrics, calculates the number of replicas required to meet the target values configured for HPA resources, and then adjusts the value of the replicas field in the target resource object (such as a Deployment).
                                                                              
-
                                                                              A prerequisite for auto scaling is that your container running data can be collected, such as number of cluster nodes/pods, and CPU and memory usage of containers. Kubernetes does not provide such monitoring capabilities itself. You can use extensions to monitor and collect your data. CCE integrates Metrics Server to realize such capabilities:
                                                                              
-
                                                                              • Metrics Server is a cluster-wide aggregator of resource utilization data. Metrics Server collects metrics from the Summary API exposed by kubelet. These metrics are set for core Kubernetes resources, such as pods, nodes, containers, and Services. Metrics Server provides a set of standard APIs for external systems to collect these metrics.
                                                                              
+
                                                                              A prerequisite for auto scaling is that your container running data can be collected, such as number of cluster nodes/pods, and CPU and memory usage of containers. Kubernetes does not have built-in monitoring capabilities, but you can use extensions like Prometheus and Metrics Server to monitor and collect data.
                                                                              
+
                                                                              • Prometheus is an open-source monitoring and alarming framework that can collect multiple types of metrics. Prometheus has been a standard monitoring solution of Kubernetes.
                                                                              • Metrics Server is a cluster-wide aggregator of resource utilization data. Metrics Server collects metrics from the Summary API exposed by kubelet. These metrics are set for core Kubernetes resources, such as pods, nodes, containers, and Services. Metrics Server provides a set of standard APIs for external systems to collect these metrics.
                                                                              
 
                                                                              HPA can work with Metrics Server to implement auto scaling based on the CPU and memory usage.
                                                                              
+
                                                                              Figure 1 shows how HPA works.
                                                                              
+
                                                                              Figure 1 HPA working process
                                                                              
 
                                                                              
 
                                                                              Two core modules of HPA:
                                                                              
-
                                                                              • Data Source Monitoring
                                                                                The community provided only CPU- and memory-based HPA at the early stage. With the population of Kubernetes, developers need more custom metrics or monitoring information at the access layer for their own applications, for example, the QPS of the load balancer and the number of online users of the website. In response, the community defines a set of standard metric APIs to provide services externally through these aggregated APIs.
                                                                                
+
                                                                                • Data Source Monitoring
                                                                                  The community provided only CPU- and memory-based HPA at the early stage. With the population of Kubernetes and Prometheus, developers need more custom metrics or monitoring information at the access layer for their own applications, for example, the QPS of the load balancer and the number of online users of the website. In response, the community defines a set of standard metric APIs to provide services externally through these aggregated APIs.
                                                                                  
 
                                                                                  • metrics.k8s.io provides monitoring metrics related to the CPU and memory of pods and nodes.
                                                                                  • custom.metrics.k8s.io provides custom monitoring metrics related to Kubernetes objects.
                                                                                  • external.metrics.k8s.io provides metrics that come from external systems and are irrelevant to any Kubernetes resource metrics.
                                                                                  
 
                                                                                • Scaling Decision-Making Algorithms
                                                                                  The HPA controller calculates the scaling ratio based on the current metric values and desired metric values using the following formula:
                                                                                  
 
                                                                                  desiredReplicas = ceil[currentReplicas x (currentMetricValue/desiredMetricValue)]
                                                                                  
diff --git a/docs/cce/umn/cce_10_0291.html b/docs/cce/umn/cce_10_0291.html
index 1507770a..48e412c9 100644
--- a/docs/cce/umn/cce_10_0291.html
+++ b/docs/cce/umn/cce_10_0291.html
@@ -7,6 +7,8 @@
 
                                                                                    
 
                                                                                  • Node Scaling Rules
                                                                                    
 
                                                                                    • 
+
                                                                                  • Priorities for Scaling Node Pools
                                                                                    
+
                                                                                    • 
 
                                                                                  • Creating a Node Scaling Policy
                                                                                    
 
                                                                                    • 
 
                                                                                  • Managing Node Scaling Policies
                                                                                    
diff --git a/docs/cce/umn/cce_10_0293.html b/docs/cce/umn/cce_10_0293.html
index 6ef66a10..6bf7a38c 100644
--- a/docs/cce/umn/cce_10_0293.html
+++ b/docs/cce/umn/cce_10_0293.html
@@ -7,9 +7,9 @@
 
                                                                                      
 
                                                                                    • Workload Scaling Rules
                                                                                      
 
                                                                                      • 
-
                                                                                    • HPA Policies
                                                                                      
+
                                                                                    • Creating an HPA Policy
                                                                                      
 
                                                                                      • 
-
                                                                                    • CronHPA Policies
                                                                                      
+
                                                                                    • Creating a Scheduled CronHPA Policy
                                                                                      
 
                                                                                      • 
 
                                                                                    • Managing Workload Scaling Policies
                                                                                      
 
                                                                                      • 
diff --git a/docs/cce/umn/cce_10_0296.html b/docs/cce/umn/cce_10_0296.html
index d0c6a3a6..bc63250f 100644
--- a/docs/cce/umn/cce_10_0296.html
+++ b/docs/cce/umn/cce_10_0296.html
@@ -8,79 +8,79 @@
 
                                                                                      How Cluster Autoscaler Works
                                                                                      Cluster Autoscaler goes through two processes.
                                                                                      
 
                                                                                      • Scale-out: Autoscaler checks all unscheduled pods every 10 seconds and selects a node pool that meets the requirements for scale-out based on the policy you set.
                                                                                         
                                                                                        When Autoscaler checks unscheduled pods for scale outs, it uses the scheduling algorithm consistent with the Kubernetes community version for simulated scheduling calculation. If non-built-in kube-schedulers or other non-Kubernetes community scheduling policies are used for application scheduling, when Autoscaler is used to expand the capacity for such applications, the capacity may fail to be expanded or may be expanded more than expected due to inconsistent scheduling algorithms.
                                                                                        
 
                                                                                        
-
                                                                                      • Scale-in: Autoscaler scans all nodes every 10 seconds. If the number of pod requests on a node is less than the user-defined percentage for scale-in, Autoscaler simulates whether the pods on the node can be migrated to other nodes. If yes, the node will be removed after an idle time window.
                                                                                        When a cluster node is idle for a period of time (10 minutes by default), cluster scale-in is triggered, and the node is automatically deleted. However, a node cannot be deleted from a cluster if the following pods exist:
                                                                                        • Pods that do not meet specific requirements set in Pod Disruption Budgets (PodDisruptionBudget)
                                                                                        • Pods that cannot be scheduled to other nodes due to constraints such as affinity and anti-affinity policies
                                                                                        • Pods that have the cluster-autoscaler.kubernetes.io/safe-to-evict: 'false' annotation
                                                                                        • Pods (except those created by DaemonSets in the kube-system namespace) that exist in the kube-system namespace on the node
                                                                                        • Pods that are not created by the controller (Deployment/ReplicaSet/job/StatefulSet)
                                                                                        
+
                                                                                      • Scale-in: Autoscaler scans all nodes every 10 seconds. If the number of pod requests on a node is less than the custom scale-in threshold (in percentage), Autoscaler will check whether pods on the current node can be migrated to other nodes.
                                                                                        When a cluster node is idle for a period of time (10 minutes by default), cluster scale-in is triggered, and the node is automatically deleted. However, a node cannot be deleted from a cluster if the following pods exist:
                                                                                        • Pods that do not meet specific requirements set in Pod Disruption Budgets (PodDisruptionBudget)
                                                                                        • Pods that cannot be scheduled to other nodes due to constraints such as affinity and anti-affinity policies
                                                                                        • Pods that have the cluster-autoscaler.kubernetes.io/safe-to-evict: 'false' annotation
                                                                                        • Pods (except those created by DaemonSets in the kube-system namespace) that exist in the kube-system namespace on the node
                                                                                        • Pods that are not created by the controller (Deployment/ReplicaSet/job/StatefulSet)
                                                                                        
 
                                                                                         
                                                                                        When a node meets the scale-in conditions, Autoscaler adds the DeletionCandidateOfClusterAutoscaler taint to the node in advance to prevent pods from being scheduled to the node. After the Autoscaler add-on is uninstalled, if the taint still exists on the node, manually delete it.
                                                                                        
 
                                                                                        
 
                                                                                        
 
                                                                                      
 
                                                                                      
 
                                                                                      Cluster Autoscaler Architecture
                                                                                      Figure 1 shows the Cluster Autoscaler architecture and its core modules.
                                                                                      
-
                                                                                      Figure 1 Cluster Autoscaler architecture
                                                                                      
-
                                                                                      Description
                                                                                      
-
                                                                                      • Estimator: Evaluates the number of nodes to be added to each node pool to host unschedulable pods.
                                                                                      • Simulator: Finds the nodes that meet the scale-in conditions in the scale-in scenario.
                                                                                      • Expander: Selects an optimal node from the node pool picked out by the Estimator based on the user-defined policy in the scale-out scenario. Currently, the Expander has the following policies:
-
                                                                                        Table 1 Expander policies supported by CCE
                                                                                        Policy
                                                                                        
+
                                                                                        Figure 1 Cluster Autoscaler architecture
                                                                                        
+
                                                                                        Description
                                                                                        
+
                                                                                        • Estimator: Evaluates the number of nodes to be added to each node pool to host unschedulable pods.
                                                                                        • Simulator: Finds the nodes that meet the scale-in conditions in the scale-in scenario.
                                                                                        • Expander: Selects an optimal node from the node pool picked out by the Estimator based on the user-defined policy in the scale-out scenario. Table 1 lists the Expander policies.
+
                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0300.html b/docs/cce/umn/cce_10_0300.html
index 98a23704..eb7df8cf 100644
--- a/docs/cce/umn/cce_10_0300.html
+++ b/docs/cce/umn/cce_10_0300.html
@@ -2,11 +2,11 @@
 
 
                                                                                          Using HPA and CA for Auto Scaling of Workloads and Nodes
                                                                                          Application Scenarios
                                                                                          The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                          
-
                                                                                          When pods or containers are used for deploying applications, the upper limit of available resources is typically required to set for pods or containers to prevent unlimited usage of node resources during peak hours. However, after the upper limit is reached, an application error may occur. To resolve this issue, scale in the number of pods to share workloads. If the node resource usage increases to a certain extent that newly added pods cannot be scheduled, scale in the number of nodes based on the node resource usage.
                                                                                          
+
                                                                                          When deploying applications in pods, you can configure requested resources and resource limits for the pods to prevent unlimited usage of resources during peak hours. However, after the upper limit is reached, an application error may occur. Pod scaling can effectively resolve this issue. If the resource usage on the node increases to a certain extent, newly added pods cannot be scheduled to this node. In this case, CCE will add nodes accordingly.
                                                                                          
 
                                                                                          
 
                                                                                          Solution
                                                                                          Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                          
 
                                                                                          HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                          
-
                                                                                          As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                          Figure 1 HPA and CA working flows
                                                                                          
+
                                                                                          As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                          Figure 1 HPA and CA working flows
                                                                                          
 
                                                                                          
 
                                                                                          Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                          
 
                                                                                          This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                          
@@ -28,8 +28,8 @@ COPY index.php /var/www/html/index.php
 RUN chmod a+rx index.php
 
                                                                                          
 
                                                                                        • Run the following command to build an image named hpa-example with the tag latest.
                                                                                          docker build -t hpa-example:latest .
                                                                                          
-
                                                                                        • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner to create an organization.
                                                                                          Skip this step if you already have an organization.
                                                                                          
-
                                                                                        • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                        • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                        • Tag the hpa-example image.
                                                                                          docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                          
+
                                                                                        • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner.
                                                                                          Skip this step if you already have an organization.
                                                                                          
+
                                                                                        • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                        • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                        • Tag the hpa-example image.
                                                                                          docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                          
 
                                                                                          • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                          • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                          • {Organization name}: name of the created organization.
                                                                                          • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                          
 
                                                                                          The following is an example:
                                                                                          
 
                                                                                          docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                          
@@ -119,7 +119,7 @@ spec:
           averageUtilization: 50
 
                                                                                          Configure the parameters as follows if you are using the console.
                                                                                          
 
                                                                                          
-
                                                                                          
+
                                                                                          
 
                                                                                          • 
 
                                                                                          Observing the Auto Scaling Process
                                                                                          1. Check the cluster node status. In the following example, there are two nodes.
                                                                                            # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -130,7 +130,7 @@ NAME            STATUS   ROLES    AGE     VERSION
 NAME         REFERENCE                TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
 hpa-policy   Deployment/hpa-example   0%/50%    1         100       1          4m
                                                                                            
 
                                                                                          2. Run the following command to access the workload. In the following command, {ip:port} indicates the access address of the workload, which can be queried on the workload details page.
                                                                                            while true;do wget -q -O- http://{ip:port}; done
                                                                                            
-
                                                                                             
                                                                                            If no EIP is displayed, the cluster node has not been assigned any EIP. Allocate one, bind it to the node, and synchronize node data. .
                                                                                            
+
                                                                                             
                                                                                            If no EIP is displayed, the cluster node has not been assigned any EIP. Allocate one, bind it to the node, and synchronize node data. 
                                                                                            
 
                                                                                            
 
                                                                                            Observe the scaling process of the workload.
                                                                                            
 
                                                                                            # kubectl get hpa hpa-policy --watch
diff --git a/docs/cce/umn/cce_10_0302.html b/docs/cce/umn/cce_10_0302.html
index 27f01ecb..8f2c4661 100644
--- a/docs/cce/umn/cce_10_0302.html
+++ b/docs/cce/umn/cce_10_0302.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                            Before You Start
                                                                                            
-
                                                                                            Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.
                                                                                            
+
                                                                                            Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Process and Method of Upgrading a Cluster.
                                                                                            
 
                                                                                            Precautions
                                                                                            Before upgrading a cluster, pay attention to the following points:
                                                                                            
 
                                                                                            • Perform an upgrade during off-peak hours to minimize the impact on your services.
                                                                                            • Before upgrading a cluster, learn about the features and differences of each cluster version in Kubernetes Release Notes to prevent exceptions due to the use of an incompatible cluster version. For example, check whether any APIs deprecated in the target version are used in the cluster. Otherwise, calling the APIs may fail after the upgrade. For details, see Deprecated APIs.
                                                                                            
 
                                                                                            During a cluster upgrade, pay attention to the following points that may affect your services:
                                                                                            
-
                                                                                            • During a cluster upgrade, do not perform any operation on the cluster. Do not stop, restart, or delete nodes during cluster upgrade. Otherwise, the upgrade will fail.
                                                                                            • Before upgrading a cluster, ensure no high-risk operations are performed in the cluster. Otherwise, the cluster upgrade may fail or the configuration may be lost after the upgrade. Common high-risk operations include modifying cluster node configurations locally and modifying the configurations of the listeners managed by CCE on the ELB console. Instead, modify configurations on the CCE console so that the modifications can be automatically inherited during the upgrade.
                                                                                            • During a cluster upgrade, the running workloads will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                            • By default, application scheduling is not restricted during a cluster upgrade. During an upgrade of the following early cluster versions, the node.kubernetes.io/upgrade taint (equivalent to NoSchedule) will be added to the nodes in the cluster. The taint will be removed after the cluster is upgraded:
                                                                                              • All v1.15 clusters
                                                                                              • All v1.17 clusters
                                                                                              • v1.19 clusters with patch versions earlier than or equal to v1.19.16-r4
                                                                                              • v1.21 clusters with patch versions earlier than or equal to v1.21.7-r0
                                                                                              • v1.23 clusters with patch versions earlier than or equal to v1.23.5-r0
                                                                                              
-
                                                                                            • Clusters of version 1.27 or later do not support nodes running EulerOS 2.5 or CentOS 7.7. If a node running EulerOS 2.5 or CentOS 7.7 is used, migrate the node OS to EulerOS release 2.9, Ubuntu 22.04, or HCE OS 2.0 before the cluster upgrade. For details, see Resetting a Node.
                                                                                            
+
                                                                                            • During a cluster upgrade, do not perform any operation on the cluster. Do not stop, restart, or delete nodes during cluster upgrade. Otherwise, the upgrade will fail.
                                                                                            • Before upgrading a cluster, ensure no high-risk operations are performed in the cluster. Otherwise, the cluster upgrade may fail or the configuration may be lost after the upgrade. Common high-risk operations include modifying cluster node configurations locally and modifying the configurations of the listeners managed by CCE on the ELB console. Instead, modify configurations on the CCE console so that the modifications can be automatically inherited during the upgrade.
                                                                                            • During a cluster upgrade, the running workloads will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                            • By default, application scheduling is not restricted during a cluster upgrade. During an upgrade of the following early cluster versions, the node.kubernetes.io/upgrade taint (equivalent to NoSchedule) will be added to the nodes in the cluster and removed after the cluster is upgraded:
                                                                                              • All v1.15 clusters
                                                                                              • All v1.17 clusters
                                                                                              • v1.19 clusters with patch versions earlier than or equal to v1.19.16-r4
                                                                                              • v1.21 clusters with patch versions earlier than or equal to v1.21.7-r0
                                                                                              • v1.23 clusters with patch versions earlier than or equal to v1.23.5-r0
                                                                                              
+
                                                                                            • Clusters of version 1.27 or later do not support nodes running EulerOS 2.5 or CentOS 7.7. If a node running EulerOS 2.5 or CentOS 7.7 is used, migrate the node OS to EulerOS release 2.9, Ubuntu 22.04, or HCE OS 2.0 before the cluster upgrade. For details, see Resetting a Node.
                                                                                            
 
                                                                                            
-
                                                                                            Constraints
                                                                                            • If an error occurred during a cluster upgrade, the cluster can be rolled back using the backup data. If you perform other operations (for example, modifying cluster specifications) after a successful cluster upgrade, the cluster cannot be rolled back using the backup data.
                                                                                            • When clusters using the tunnel network model are upgraded to v1.19.16-r4, v1.21.7-r0, v1.23.5-r0, v1.25.1-r0, or later, the SNAT rule whose destination address is the container CIDR block but the source address is not the container CIDR block will be removed. If you have configured VPC routes to directly access all pods outside the cluster, only the pods on the corresponding nodes can be directly accessed after the upgrade.
                                                                                            • For more details, see Version Differences.
                                                                                            
+
                                                                                            Notes and Constraints
                                                                                            • If an error occurred during a cluster upgrade, the cluster can be rolled back using the backup data. If you perform other operations (for example, modifying cluster specifications) after a successful cluster upgrade, the cluster cannot be rolled back using the backup data.
                                                                                            • When clusters using the tunnel network model are upgraded to v1.19.16-r4, v1.21.7-r0, v1.23.5-r0, v1.25.1-r0, or later, the SNAT rule whose destination address is the container CIDR block but the source address is not the container CIDR block will be removed. If you have configured VPC routes to directly access all pods outside the cluster, only the pods on the corresponding nodes can be directly accessed after the upgrade.
                                                                                            • For more details, see Version Differences.
                                                                                            
 
                                                                                            
 
                                                                                            Version Differences
                                                                                            
 
                                                                                          Table 1 Expander policies supported by CCE
                                                                                          Policy
                                                                                          
 
                                                                                          Description
                                                                                          
+
                                                                                          Description
                                                                                          
 
                                                                                          Application Scenario
                                                                                          
+
                                                                                          Application Scenario
                                                                                          
 
                                                                                          Example
                                                                                          
+
                                                                                          Example
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          Random
                                                                                          
+
                                                                                          Random
                                                                                          
 
                                                                                          Randomly selects a schedulable node pool to perform the scale-out.
                                                                                          
+
                                                                                          Randomly selects a schedulable node pool to perform the scale-out.
                                                                                          
 
                                                                                          This policy is typically used as a basic backup for other complex policies. Only use this policy if the other policies cannot be used.
                                                                                          
+
                                                                                          This policy is typically used as a basic backup for other complex policies. Only use this policy if the other policies cannot be used.
                                                                                          
 
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
+
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
 
                                                                                          1. Pending pods trigger the Autoscaler to determine the scale-out process.
                                                                                          2. Autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                          3. Autoscaler randomly selects node pool 1 or node pool 2 for scale-out.
                                                                                          
                                                                                           		
 
                                                                                          most-pods
                                                                                          
+
                                                                                          most-pods
                                                                                          
 
                                                                                          A combined policy. It takes precedence over the random policy.
                                                                                          
+
                                                                                          A combined policy. It takes precedence over the random policy.
                                                                                          
 
                                                                                          Preferentially selects the node pool that can schedule the most pods after scale-out. If multiple node pools meet the condition, the random policy is used for further decision-making.
                                                                                          
 
                                                                                          This policy is based on the maximum number of pods that can be scheduled.
                                                                                          
+
                                                                                          This policy is based on the maximum number of pods that can be scheduled.
                                                                                          
 
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
+
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
 
                                                                                          1. Pending pods trigger the Autoscaler to determine the scale-out process.
                                                                                          2. Autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                          3. Autoscaler evaluates that node pool 1 can schedule 20 new pods and node pool 2 can schedule only 10 new pods after scale-out. Therefore, Autoscaler selects node pool 1 for scale-out.
                                                                                          
                                                                                           		
 
                                                                                          least-waste
                                                                                          
+
                                                                                          least-waste
                                                                                          
 
                                                                                          A combined policy. It takes precedence over the random policy.
                                                                                          
+
                                                                                          A combined policy. It takes precedence over the random policy.
                                                                                          
 
                                                                                          Autoscaler evaluates the overall CPU or memory allocation rate of the node pools and selects the node pool with the minimum CPU or memory waste. If multiple node pools meet the condition, the random policy is used for further decision-making.
                                                                                          
 
                                                                                          This policy uses the minimum waste score of CPU or memory resources as the selection criteria.
                                                                                          
+
                                                                                          This policy uses the minimum waste score of CPU or memory resources as the selection criteria.
                                                                                          
 
                                                                                          The formula for calculating the minimum waste score (wastedScore) is as follows:
                                                                                          
 
                                                                                          • wastedCPU = (Total number of CPUs of the nodes to be scaled out – Total number of CPUs of the pods to be scheduled)/Total number of CPUs of the nodes to be scaled out
                                                                                          • wastedMemory = (Total memory size of nodes to be scaled out – Total memory size of pods to be scheduled)/Total memory size of nodes to be scaled out
                                                                                          • wastedScore = wastedCPU + wastedMemory
                                                                                          
 
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
+
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
 
                                                                                          1. Pending pods trigger the Autoscaler to determine the scale-out process.
                                                                                          2. Autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                          3. Autoscaler evaluates that the minimum waste score of node pool 1 after scale-out is smaller than that of node pool 2. Therefore, Autoscaler selects node pool 1 for scale-out.
                                                                                          
                                                                                           		
 
                                                                                          priority
                                                                                          
+
                                                                                          priority
                                                                                          
 
                                                                                          A combined policy. The priorities for the policies are as follows: priority > least-waste > random.
                                                                                          
+
                                                                                          A combined policy. The priorities for the policies are as follows: priority > least-waste > random.
                                                                                          
 
                                                                                          It is an enhanced least-waste policy configured based on the node pool or scaling group priority. If multiple node pools meet the condition, the least-waste policy is used for further decision-making.
                                                                                          
 
                                                                                          This policy allows you to configure and manage the priorities of node pools or scaling groups through the console or API, while the least-waste policy can reduce the resource waste ratio in common scenarios. This policy has wider applicability and is used as the default selection policy.
                                                                                          
+
                                                                                          This policy allows you to configure the priorities of node pools or scaling groups through the console or API, while the least-waste policy can effectively minimize resource waste in various scenarios. The priority policy is used as the default preferred policy thanks to its good universality.
                                                                                          
 
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
+
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
 
                                                                                          1. Pending pods trigger the Autoscaler to determine the scale-out process.
                                                                                          2. Autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                          3. Autoscaler evaluates that node pool 1 has a higher priority than node pool 2. Therefore, Autoscaler selects node pool 1 for scale-out.
                                                                                          
                                                                                           		
 
                                                                                          priority-ratio
                                                                                          
+
                                                                                          priority-ratio
                                                                                          
 
                                                                                          A combined policy. The priorities for the policies are as follows: priority > priority-ratio > least-waste > random.
                                                                                          
+
                                                                                          A combined policy. The priorities for the policies are as follows: priority > priority-ratio > least-waste > random.
                                                                                          
 
                                                                                          If there are multiple node pools with the same priority, evaluate the CPU to memory ratios for the nodes in the cluster. Then compare that ratio, for what was allocated to what had been requested. Finally, you should preferentially select the node pools where these two ratios are the closest.
                                                                                          
 
                                                                                          This policy is used for rescheduling global resources for pods or nodes (instead of only adding nodes) to reduce the overall resource fragmentation rate of the cluster. Use this policy only in rescheduling scenarios.
                                                                                          
+
                                                                                          This policy is used for rescheduling global resources for pods or nodes (instead of only adding nodes) to reduce the overall resource fragmentation rate of the cluster. Use this policy only in rescheduling scenarios.
                                                                                          
 
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
+
                                                                                          Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of pods for a workload is as follows:
                                                                                          
 
                                                                                          1. Pending pods trigger the Autoscaler to determine the scale-out process.
                                                                                          2. Autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                          3. Autoscaler determines a preferentially selected node pool and evaluates that the CPU/memory ratio of pods is 1:4. The node flavor in node pool 1 is 2 vCPUs and 8 GiB of memory (the CPU/memory ratio is 1:4), and the node flavor in node pool 2 is 2 vCPUs and 4 GiB of memory (the CPU/memory ratio is 1:2). Therefore, node pool 1 is preferred for this scale-out.
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          
-
@@ -42,8 +42,8 @@
 
-
                                                                                          Upgrade Path
                                                                                          
@@ -22,7 +22,7 @@
 
                                                                                          v1.23 or v1.25
                                                                                          
 
                                                                                          Upgraded to v1.27
                                                                                          
 
                                                                                          Docker is no longer recommended. Use containerd instead. For details, see Container Engine.
                                                                                          
+
                                                                                          Docker is no longer recommended. Use containerd instead. For details, see Container Engines.
                                                                                          
                                                                                           		
 
                                                                                          This item has been included in the pre-upgrade check.
                                                                                          
 
                                                                                          Before the upgrade, check whether the timeout is properly set for the exec probe.
                                                                                          
                                                                                           		
 
                                                                                          kube-apiserver of CCE 1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                          
-
                                                                                          Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                          
+
                                                                                          kube-apiserver of CCE v1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                          
+
                                                                                          Root cause: X.509 CommonName is discarded in Go v1.15. kube-apiserver of CCE v1.19 is compiled using Go v1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                          
                                                                                           		
 
                                                                                          Before the upgrade, check whether the SAN field is configured in the certificate of your webhook server.
                                                                                          
 
                                                                                          • If you do not have your own webhook server, you can skip this check.
                                                                                          • If the field is not set, use the SAN field to specify the IP address and domain name supported by the certificate.
                                                                                          
@@ -53,102 +53,102 @@
 
                                                                                          
 
                                                                                          
 
-
                                                                                          Table 1 QoS class changes before and after the upgrade
                                                                                          Init Container (Calculated Based on spec.initContainers)
                                                                                          
+
                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                          Table 1 QoS class changes before and after the upgrade
                                                                                          Init Container (Calculated Based on spec.initContainers)
                                                                                          
 
                                                                                          Service Container (Calculated Based on spec.containers)
                                                                                          
+
                                                                                          Service Container (Calculated Based on spec.containers)
                                                                                          
 
                                                                                          Pod (Calculated Based on spec.containers and spec.initContainers)
                                                                                          
+
                                                                                          Pod (Calculated Based on spec.containers and spec.initContainers)
                                                                                          
 
                                                                                          Impacted or Not
                                                                                          
+
                                                                                          Impacted or Not
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Yes
                                                                                          
+
                                                                                          Yes
                                                                                          
                                                                                           		
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          No
                                                                                          
+
                                                                                          No
                                                                                          
                                                                                           		
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          No
                                                                                          
+
                                                                                          No
                                                                                          
                                                                                           		
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          No
                                                                                          
+
                                                                                          No
                                                                                          
                                                                                           		
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          No
                                                                                          
+
                                                                                          No
                                                                                          
                                                                                           		
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Yes
                                                                                          
+
                                                                                          Yes
                                                                                          
                                                                                           		
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Besteffort
                                                                                          
+
                                                                                          Besteffort
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Yes
                                                                                          
+
                                                                                          Yes
                                                                                          
                                                                                           		
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          No
                                                                                          
+
                                                                                          No
                                                                                          
                                                                                           		
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Guaranteed
                                                                                          
+
                                                                                          Guaranteed
                                                                                          
 
                                                                                          Burstable
                                                                                          
+
                                                                                          Burstable
                                                                                          
 
                                                                                          Yes
                                                                                          
+
                                                                                          Yes
                                                                                          
                                                                                           		
 
                                                                                          
                                                                                           
 
                                                                                          
 
                                                                                          
 
-
                                                                                          Deprecated APIs
                                                                                          With the evolution of Kubernetes APIs, APIs are periodically reorganized or upgraded, and old APIs are deprecated and finally deleted. The following tables list the deprecated APIs in each Kubernetes community version. For details about more deprecated APIs, see Deprecated API Migration Guide.
                                                                                          
+
                                                                                          Deprecated APIs
                                                                                          With the evolution of Kubernetes APIs, APIs are periodically reorganized or upgraded, and certain APIs are deprecated and finally deleted. The following tables list the deprecated APIs in each Kubernetes community version. For details about more deprecated APIs, see Deprecated API Migration Guide.
                                                                                          
 
 
                                                                                           
                                                                                          When an API is deprecated, the existing resources are not affected. However, when you create or edit the resources, the API version will be intercepted.
                                                                                          
 
                                                                                          
@@ -510,46 +510,46 @@
 
                                                                                          
 
                                                                                          
 
-
                                                                                          Upgrade Backup
                                                                                          How to back up a node:
                                                                                          
+
                                                                                          Upgrade Backup
                                                                                          The following table lists how to back up cluster data.
                                                                                          
 
-
                                                                                          Backup Type
                                                                                          
+
                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0307.html b/docs/cce/umn/cce_10_0307.html
index f0c8adad..435e09cd 100644
--- a/docs/cce/umn/cce_10_0307.html
+++ b/docs/cce/umn/cce_10_0307.html
@@ -2,7 +2,7 @@
 
 
                                                                                          Overview
                                                                                          Container Storage
                                                                                          CCE container storage is implemented based on Kubernetes container storage APIs (CSI). CCE integrates multiple types of cloud storage and covers different application scenarios. CCE is fully compatible with Kubernetes native storage services, such as emptyDir, hostPath, secret, and ConfigMap.
                                                                                          
-
                                                                                          Figure 1 Container storage types
                                                                                          
+
                                                                                          Figure 1 Container storage types
                                                                                          
 
                                                                                          
 
                                                                                          CCE allows workload pods to use multiple types of storage:
                                                                                          
 
                                                                                          • In terms of implementation, storage supports Container Storage Interface (CSI) and Kubernetes native storage.
@@ -44,7 +44,7 @@
 
 
                                                                                          
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0336.html b/docs/cce/umn/cce_10_0336.html
index 3b273939..4b6bf8cb 100644
--- a/docs/cce/umn/cce_10_0336.html
+++ b/docs/cce/umn/cce_10_0336.html
@@ -3,9 +3,9 @@
 
                                                                                          Using a Custom Access Key (AK/SK) to Mount an OBS Volume
                                                                                          Scenario
                                                                                          CCE Container Storage (Everest) of version 1.2.8 or later supports custom access keys. In this way, IAM users can use their own custom access keys to mount an OBS volume. 
                                                                                          
 
                                                                                          
-
                                                                                          Prerequisites
                                                                                          
+
                                                                                          Prerequisites
                                                                                          
 
                                                                                          
-
                                                                                          Constraints
                                                                                          • When an OBS volume is mounted using a custom access key (AK/SK), the access key cannot be deleted or disabled. Otherwise, the service container cannot access the mounted OBS volume.
                                                                                          • Custom access keys cannot be configured for Kata containers.
                                                                                          
+
                                                                                          Notes and Constraints
                                                                                          • When an OBS volume is mounted using a custom access key (AK/SK), the access key cannot be deleted or disabled. Otherwise, the service container cannot access the mounted OBS volume.
                                                                                          • Custom access keys cannot be configured for Kata containers.
                                                                                          
 
                                                                                          
 
                                                                                          Disabling Auto Key Mounting
                                                                                          The key you uploaded is used by default when mounting an OBS volume. That is, all IAM users under your account will use the same key to mount OBS buckets, and they have the same permissions on buckets. This setting does not allow you to configure differentiated permissions for different IAM users.
                                                                                          
 
                                                                                          If you have uploaded the AK/SK, disable the automatic mounting of access keys by enabling the disable_auto_mount_secret parameter in the Everest add-on to prevent IAM users from performing unauthorized operations. In this way, the access keys uploaded on the console will not be used when creating OBS volumes.
                                                                                          
@@ -13,7 +13,7 @@
 
                                                                                          
 
                                                                                          kubectl edit ds everest-csi-driver -nkube-system
                                                                                          
 
                                                                                          Search for disable-auto-mount-secret and set it to true.
                                                                                          
-
                                                                                          
+
                                                                                          
 
                                                                                          Run :wq to save the settings and exit. Wait until the pod is restarted.
                                                                                          
 
                                                                                          
 
                                                                                          Obtaining an Access Key
                                                                                          1. Log in to the console.
                                                                                          2. Hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
                                                                                          3. In the navigation pane, choose Access Keys.
                                                                                          4. Click Create Access Key. The Create Access Key dialog box is displayed.
                                                                                          5. Click OK to download the access key.
                                                                                          
@@ -118,7 +118,7 @@ spec:
 
                                                                                          
-
                                                                                          Backup Type
                                                                                          
 
                                                                                          Backup Object
                                                                                          
+
                                                                                          Backup Object
                                                                                          
 
                                                                                          Backup Mode
                                                                                          
+
                                                                                          Backup Method
                                                                                          
 
                                                                                          Backup Time
                                                                                          
+
                                                                                          Backup Duration
                                                                                          
 
                                                                                          Rollback Time
                                                                                          
+
                                                                                          Rollback Duration
                                                                                          
 
                                                                                          Description
                                                                                          
+
                                                                                          Description
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          etcd data backup
                                                                                          
+
                                                                                          etcd data backup
                                                                                          
 
                                                                                          etcd data
                                                                                          
+
                                                                                          etcd data
                                                                                          
 
                                                                                          Automatic backup during an upgrade
                                                                                          
+
                                                                                          Automatic backup during an upgrade
                                                                                          
 
                                                                                          1-5min
                                                                                          
+
                                                                                          1-5 minutes
                                                                                          
 
                                                                                          2h
                                                                                          
+
                                                                                          2 hours
                                                                                          
 
                                                                                          Mandatory. The backup is automatically performed during the upgrade.
                                                                                          
+
                                                                                          Mandatory. The data is automatically backed up during an upgrade.
                                                                                          
                                                                                           		
 
                                                                                          CBR cloud server backup
                                                                                          
+
                                                                                          CBR cloud server backup
                                                                                          
 
                                                                                          Master node disks, including component images, configurations, logs, and etcd data
                                                                                          
+
                                                                                          Master node disks, including component images, configurations, logs, and etcd data
                                                                                          
 
                                                                                          One-click backup on web pages (manually triggered)
                                                                                          
+
                                                                                          One-click backup on a web page (manually triggered)
                                                                                          
 
                                                                                          20 minutes to 2 hours (based on the cloud backup tasks in the current region)
                                                                                          
+
                                                                                          20 minutes to 2 hours (based on the cloud backup tasks in the current region)
                                                                                          
 
                                                                                          20min
                                                                                          
+
                                                                                          20 minutes
                                                                                          
 
                                                                                          This function is gradually replaced by EVS snapshot backup.
                                                                                          
+
                                                                                          This function is gradually replaced by EVS snapshot backup.
                                                                                          
                                                                                           		
 
                                                                                          
                                                                                           
 
                                                                                          Local storage
                                                                                          
 
                                                                                          The storage media is the local data disk or memory of the node. The local persistent volume is a customized storage type provided by CCE and mounted using PVCs and PVs through the CSI. Other storage types are Kubernetes native storage.
                                                                                          
+
                                                                                          The storage media is the local data disk or memory of the node. The local PV is a customized storage type provided by CCE and mounted using PVCs and PVs through the CSI. Other storage types are Kubernetes native storage.
                                                                                          
                                                                                           		
 
                                                                                          Non-HA data requires high I/O and low latency.
                                                                                          
 
                                                                                          Select a proper local storage type based on the application scenario. For details, see Local Storage Comparison.
                                                                                          
@@ -222,21 +222,21 @@
                                                                                           		
 
                                                                                          Node's local disks form a storage pool (VolumeGroup) through LVM. LVM divides them into logical volumes (LVs) and mounts them to pods.
                                                                                          
 
                                                                                          Kubernetes native emptyDir, where node's local disks form a storage pool (VolumeGroup) through LVM. LVs are created as the storage media of emptyDir and mounted to pods. LVs deliver better performance than the default storage medium of emptyDir.
                                                                                          
+
                                                                                          Kubernetes native emptyDir, where node's local disks form a storage pool (VolumeGroup) through LVM. LVs are created as the storage medium of emptyDir and mounted to pods. LVs deliver better performance than the default storage medium of emptyDir.
                                                                                          
 
                                                                                          Kubernetes native emptyDir. Its lifecycle is the same as that of a pod. Memory can be specified as the storage media. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                          
+
                                                                                          Kubernetes native emptyDir. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                          
                                                                                           		
 
                                                                                          Used to mount a file directory of the host where a pod is located to a specified mount point of the pod.
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          Features
                                                                                          
 
                                                                                          Low-latency, high-I/O, and non-HA persistent volume.
                                                                                          
+
                                                                                          Low-latency, high-I/O, and non-HA PV.
                                                                                          
 
                                                                                          Storage volumes are non-shared storage and bound to nodes through labels. Therefore, storage volumes can be mounted only to a single pod.
                                                                                          
 
                                                                                          Local temporary volume. The storage space is from local LVs.
                                                                                          
+
                                                                                          Local ephemeral volume. The storage space is from local LVs.
                                                                                          
 
                                                                                          Local temporary volume. The storage space comes from the local kubelet root directory or memory.
                                                                                          
+
                                                                                          Local ephemeral volume. The storage space comes from the local kubelet root directory or memory.
                                                                                          
                                                                                           		
 
                                                                                          Used to mount files or directories of the host file system. Host directories can be automatically created. Pods can be migrated (not bound to nodes).
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          fsType
                                                                                          
 
                                                                                          File type. The value can be obsfs or s3fs. If the value is s3fs, an OBS bucket is created and mounted using s3fs. If the value is obsfs, an OBS parallel file system is created and mounted using obsfs. You are advised to set this field to obsfs.
                                                                                          
+
                                                                                          File type, which can be s3fs or obsfs. If the value is s3fs, an OBS bucket is created. If the value is obsfs, an OBS parallel file system is created.
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          volumeHandle
                                                                                          
@@ -226,7 +226,7 @@ spec:
 
                                                                                          touch: setting times of '/temp/test': No such file or directory
 command terminated with exit code 1
                                                                                          
 
                                                                                        • Set the read/write permissions for the IAM user who mounted the OBS volume by referring to the bucket policy configuration.
                                                                                          
-
                                                                                          
+
                                                                                          
 
                                                                                        • Write data into the mount path again. In this example, the write operation succeeded.
                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                          
 
                                                                                        • Check the mount path in the container to see whether the data is successfully written.
                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- ls -l /temp/
                                                                                          
 
                                                                                          Expected outputs:
                                                                                          
diff --git a/docs/cce/umn/cce_10_0337.html b/docs/cce/umn/cce_10_0337.html
index 0521a8e2..4588c23f 100644
--- a/docs/cce/umn/cce_10_0337.html
+++ b/docs/cce/umn/cce_10_0337.html
@@ -1,65 +1,65 @@
 
 
 
                                                                                          Configuring SFS Volume Mount Options
                                                                                          
-
                                                                                          This section describes how to configure SFS volume mount options. You can configure mount options in a PV and bind the PV to a PVC. Alternatively, configure mount options in a StorageClass and use the StorageClass to create a PVC. In this way, PVs can be dynamically created and inherit mount options configured in the StorageClass by default.
                                                                                          
-
                                                                                          Prerequisites
                                                                                          The CCE Container Storage (Everest) add-on version must be 1.2.8 or later. This add-on identifies the mount options and transfers them to the underlying storage resources. The parameter settings take effect only if the underlying storage resources support the specified options.
                                                                                          
+
                                                                                          This section describes how to configure SFS mount options. You can configure mount options in a PV and bind the PV to a PVC. Alternatively, configure mount options in a StorageClass and use the StorageClass to create a PVC. In this way, PVs can be dynamically created and inherit mount options configured in the StorageClass by default.
                                                                                          
+
                                                                                          Prerequisites
                                                                                          The CCE Container Storage (Everest) version must be 1.2.8 or later. This add-on identifies the mount options and transfers them to the underlying storage resources. The parameter settings take effect only if the underlying storage resources support the specified options.
                                                                                          
 
                                                                                          
-
                                                                                          Constraints
                                                                                          • Mount options cannot be configured for Kata containers.
                                                                                          • Due to the restrictions of the NFS protocol, if an SFS volume is mounted to a node for multiple times, link-related mounting parameters (such as timeo) take effect only when the SFS volume is mounted for the first time by default. For example, if the same SFS file system is mounted to multiple pods running on a node, the mounting parameter set later does not overwrite the existing parameter value. If you want to configure different mounting parameters in the preceding scenario, additionally configure the nosharecache parameter.
                                                                                          
+
                                                                                          Notes and Constraints
                                                                                          • Mount options cannot be configured for Kata containers.
                                                                                          • Due to the restrictions of the NFS protocol, if an SFS volume is mounted to a node for multiple times, link-related mounting parameters (such as timeo) take effect only when the SFS volume is mounted for the first time by default. For example, if the same SFS file system is mounted to multiple pods running on a node, the mounting parameter set later does not overwrite the existing parameter value. If you want to configure different mounting parameters in the preceding scenario, additionally configure the nosharecache parameter.
                                                                                          
 
                                                                                          
 
                                                                                          SFS Volume Mount Options
                                                                                          The Everest add-on in CCE presets the options described in Table 1 for mounting SFS volumes.
                                                                                          
 
-
                                                                                          Table 1 SFS volume mount options
                                                                                          Parameter
                                                                                          
+
                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -69,29 +69,29 @@
 
                                                                                          You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                          
-
                                                                                          Setting Mount Options in a PV
                                                                                          You can use the mountOptions field to set mount options in a PV. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                          
-
                                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                          2. Set mount options in a PV. Example:
                                                                                            apiVersion: v1
+
                                                                                            Configuring Mount Options in a PV
                                                                                            You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                            
+
                                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                            2. Configure mount options in a PV. Example:
                                                                                              apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The underlying volume is retained when the PV is deleted.
   name: pv-sfs
 spec:
   accessModes:
   - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
   capacity:
-    storage: 1Gi     # SFS volume capacity.
+    storage: 1Gi     # SFS volume capacity
   csi:
-    driver: disk.csi.everest.io   # Dependent storage driver for the mounting.
+    driver: nas.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
     volumeHandle: <your_volume_id>   # ID of the SFS Capacity-Oriented volume
     volumeAttributes:
-      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume.
+      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-nas                # Storage class name. 
-  mountOptions:                            # Mount options.
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy
+  storageClassName: csi-nas                # StorageClass name. 
+  mountOptions:                            # Mount options
   - vers=3
   - nolock
   - timeo=600
@@ -100,14 +100,14 @@ spec:
 
                                                                                              Command output:
                                                                                              
 
                                                                                              web-sfs-***   1/1     Running   0             23m
                                                                                              
 
                                                                                            3. Run the following command to check the mount options (web-sfs-*** is an example pod):
                                                                                              kubectl exec -it web-sfs-*** -- mount -l | grep nfs
                                                                                              
-
                                                                                              If the mounting information in the command output is consistent with the configured mount options, the mount options are set successfully.
                                                                                              
+
                                                                                              If the mounting information in the command output is consistent with the configured mount options, the mount options have been configured.
                                                                                              
 
                                                                                              <Your shared path> on /data type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,nolock,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=**.**.**.**,mountvers=3,mountport=2050,mountproto=tcp,local_lock=all,addr=**.**.**.**)
                                                                                              
 
                                                                                            
 
                                                                                            
 
                                                                                          
 
                                                                                          
-
                                                                                          Setting Mount Options in a StorageClass
                                                                                          You can use the mountOptions field to set mount options in a StorageClass. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                          
-
                                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                          2. Create a customized StorageClass. Example:
                                                                                            apiVersion: storage.k8s.io/v1
+
                                                                                            Configuring Mount Options in a StorageClass
                                                                                            You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                            
+
                                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                            2. Create a custom StorageClass. Example:
                                                                                              apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: csi-sfs-mount-option
@@ -115,8 +115,8 @@ provisioner: everest-csi-provisioner
 parameters:
   csi.storage.k8s.io/csi-driver-name: nas.csi.everest.io
   csi.storage.k8s.io/fstype: nfs
-everest.io/share-access-to: <your_vpc_id> # VPC ID of the cluster.
-reclaimPolicy: Delete
+everest.io/share-access-to: <your_vpc_id> # VPC ID of the cluster
+ reclaimPolicy: Delete
 volumeBindingMode: Immediate
 mountOptions:                            # Mount options
 - vers=3
@@ -127,7 +127,7 @@ volumeBindingMode: Immediate
 
                                                                                              Command output:
                                                                                              
 
                                                                                              web-sfs-***   1/1     Running   0             23m
                                                                                              
 
                                                                                            3. Run the following command to check the mount options (web-sfs-*** is an example pod):
                                                                                              kubectl exec -it web-sfs-*** -- mount -l | grep nfs
                                                                                              
-
                                                                                              If the mounting information in the command output is consistent with the configured mount options, the mount options are set successfully.
                                                                                              
+
                                                                                              If the mounting information in the command output is consistent with the configured mount options, the mount options have been configured.
                                                                                              
 
                                                                                              <Your shared path> on /data type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,nolock,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=**.**.**.**,mountvers=3,mountport=2050,mountproto=tcp,local_lock=all,addr=**.**.**.**)
                                                                                              
 
                                                                                            
 
                                                                                            
diff --git a/docs/cce/umn/cce_10_0338.html b/docs/cce/umn/cce_10_0338.html
index 7da353c6..d8fa00f7 100644
--- a/docs/cce/umn/cce_10_0338.html
+++ b/docs/cce/umn/cce_10_0338.html
@@ -5,9 +5,9 @@
 
                                                                                            Removing a node will not delete the server corresponding to the node. You are advised to remove nodes at off-peak hours to avoid impacts on your services.
                                                                                            
 
                                                                                            After a node is removed from the cluster, the node is still running.
                                                                                            
 
                                                                                          
-
                                                                                          Constraints
                                                                                          • Nodes can be removed only when the cluster is in the Available or Unavailable status.
                                                                                          • A CCE node can be removed only when it is in the Active, Abnormal, or Error status.
                                                                                          • A CCE node in the Active status can have its OS re-installed and CCE components cleared after it is removed.
                                                                                          • If the OS fails to be re-installed after the node is removed, manually re-install the OS. After the re-installation, log in to the node and run the clearance script to clear CCE components. For details, see Handling Failed OS Reinstallation.
                                                                                          • Removing a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                                                          
+
                                                                                          Notes and Constraints
                                                                                          • If the OS fails to be re-installed after the node is removed, manually re-install the OS. After the re-installation, log in to the node and run the clearance script to clear CCE components. For details, see Handling Failed OS Reinstallation.
                                                                                          • Removing a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                                                          
 
                                                                                          
-
                                                                                          Precautions
                                                                                          • Removing a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                                                                                          • Unexpected risks may occur during the operation. Back up data in advance.
                                                                                          • While the node is being deleted, the backend will set the node to the unschedulable state.
                                                                                          • After you remove the node and re-install the OS, the original LVM partitions will be cleared and the data managed by LVM will be cleared. Therefore, back up data in advance.
                                                                                          
+
                                                                                          Precautions
                                                                                          • Removing a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                                                                                          • Unexpected risks may occur during the operation. Back up data beforehand.
                                                                                          • While the node is being deleted, the backend will set the node to the unschedulable state.
                                                                                          • After you remove the node and re-install the OS, the original LVM partitions will be cleared and the data managed by LVM will be cleared. Therefore, back up data in advance.
                                                                                          
 
                                                                                          
 
                                                                                          Procedure
                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                          2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                          3. Locate the target node and choose More > Remove in the Operation column.
                                                                                          4. In the dialog box displayed, configure the login information required for re-installing the OS and click Yes. Wait until the node is removed.
                                                                                            After the node is removed, workload pods on the node are automatically migrated to other available nodes.
                                                                                            
 
                                                                                          
diff --git a/docs/cce/umn/cce_10_0341.html b/docs/cce/umn/cce_10_0341.html
index 4a934beb..b58b0bb1 100644
--- a/docs/cce/umn/cce_10_0341.html
+++ b/docs/cce/umn/cce_10_0341.html
@@ -4,6 +4,8 @@
 
                                                                                          This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.
                                                                                          
 
                                                                                          Allocating Data Disk Space
                                                                                          When creating a node, configure data disks for the node. You can also click Expand and customize the data disk space allocation for the node.
                                                                                          
 
                                                                                          • Space Allocation for Container Engines
                                                                                            • Specified disk space: CCE divides the data disk space for two parts by default. One part is used to store the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. The available container engine space affects image pulls and container startup and running.
                                                                                              • Container engine and container image space (90% by default): stores the container runtime working directories, container image data, and image metadata.
                                                                                              • kubelet and emptyDir space (10% by default): stores pod configuration files, secrets, and mounted storage such as emptyDir volumes.
                                                                                              
+
                                                                                               
                                                                                              If the sum of the container engine and container image space and the kubelet and emptyDir space is less than 100%, the remaining space will be allocated for user data. You can mount the storage volume to a service path. Do not leave the path empty or set it to a key OS path such as the root directory.
                                                                                              
+
                                                                                              
 
                                                                                            
 
                                                                                          • Space Allocation for Pods: indicates the basesize of a pod. You can set an upper limit for the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios. For details, see Mapping Between OS and Container Storage Rootfs.
                                                                                          • Write Mode
                                                                                            • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                            • Striped: available only if there are at least two data disks. A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out.
                                                                                            
 
                                                                                          
@@ -12,17 +14,17 @@
 
                                                                                          • Rootfs (Device Mapper)
                                                                                            By default, the container engine and image space, occupying 90% of the data disk, can be divided into the following two parts:
                                                                                            • The /var/lib/docker directory is used as the Docker working directory and occupies 20% of the container engine and container image space by default. (Space size of the /var/lib/docker directory = Data disk space x 90% x 20%)
                                                                                            • The thin pool is used to store container image data, image metadata, and container data, and occupies 80% of the container engine and container image space by default. (Thin pool space = Data disk space x 90% x 80%)
                                                                                              The thin pool is dynamically mounted. You can view it by running the lsblk command on a node, but not the df -h command.
                                                                                              
 
                                                                                            
 
                                                                                            
-
                                                                                            Figure 1 Space allocation for container engines of Device Mapper
                                                                                            
+
                                                                                            Figure 1 Space allocation for container engines of Device Mapper
                                                                                            
 
                                                                                          
 
                                                                                          • Rootfs (OverlayFS)
                                                                                            No separate thin pool. The entire container engine and container image space (90% of the data disk by default) are in the /var/lib/docker directory.
                                                                                            
-
                                                                                            Figure 2 Space allocation for container engines of OverlayFS
                                                                                            
+
                                                                                            Figure 2 Space allocation for container engines of OverlayFS
                                                                                            
 
                                                                                          
 
                                                                                          
 
                                                                                          Space Allocation for Pods
                                                                                          The customized pod container space (basesize) is related to the node OS and container storage Rootfs. For details about the container storage Rootfs, see Mapping Between OS and Container Storage Rootfs.
                                                                                          
 
                                                                                          • Device Mapper supports custom pod basesize. The default value is 10 GiB.
                                                                                          • In OverlayFS mode, the pod container space is not limited by default.
                                                                                          
-
                                                                                          When configuring basesize, consider the maximum number of pods on a node. The container engine space should be greater than the total disk space used by containers. Formula: the container engine space and container image space (90% by default) > Number of containers x basesize. Otherwise, the container engine space allocated to the node may be insufficient and the container cannot be started.
                                                                                          
-
                                                                                          For nodes that support basesize, when Device Mapper is used, although you can limit the size of the /home directory of a single container (to 10 GB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                          
-
                                                                                          In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GB, the thin pool space occupied by files keeps increasing until 10 GB when files are created in the container. The space released after file deletion will be reused but after a while. If the number of containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                          
+
                                                                                          When configuring basesize, you need to consider the maximum number of pods during node creation. The container engine space should be greater than the total disk space used by containers. Formula: Container engine space and container image space (90% by default) > Number of containers x basesize. Otherwise, the container engine space allocated to the node may be insufficient and the container cannot be started.
                                                                                          
+
                                                                                          For nodes that support basesize, when Device Mapper is used, although you can limit the size of the /home directory of a single container (to 10 GiB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                          
+
                                                                                          In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GiB, the thin pool space occupied by files keeps increasing until 10 GiB when files are created in the container. The space released after file deletion will be reused but after a while. If the number of containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                          
 
                                                                                          
 
                                                                                          Mapping Between OS and Container Storage Rootfs
                                                                                          
 
                                                                                          Table 1 SFS volume mount options
                                                                                          Parameter
                                                                                          
 
                                                                                          Value
                                                                                          
+
                                                                                          Value
                                                                                          
 
                                                                                          Description
                                                                                          
+
                                                                                          Description
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          keep-original-ownership
                                                                                          
+
                                                                                          keep-original-ownership
                                                                                          
 
                                                                                          Blank
                                                                                          
+
                                                                                          Blank
                                                                                          
 
                                                                                          Whether to retain the ownership of the file mount point. If this option is used, the Everest add-on must be v1.2.63 or v2.1.2 or later.
                                                                                          
+
                                                                                          Whether to retain the ownership of the file mount point. If this option is used, the Everest add-on must be v1.2.63 or v2.1.2 or later.
                                                                                          
 
                                                                                          • By default, this option is not added, and the mount point ownership is root:root when SFS is mounted.
                                                                                          
 
                                                                                          • If this option is added, the original ownership of the file system is retained when SFS is mounted.
                                                                                          
                                                                                           		
 
                                                                                          vers
                                                                                          
+
                                                                                          vers
                                                                                          
 
                                                                                          3
                                                                                          
+
                                                                                          3
                                                                                          
 
                                                                                          File system version. Currently, only NFSv3 is supported. Value: 3
                                                                                          
+
                                                                                          File system version. Currently, only NFSv3 is supported. Value: 3
                                                                                          
                                                                                           		
 
                                                                                          nolock
                                                                                          
+
                                                                                          nolock
                                                                                          
 
                                                                                          Blank
                                                                                          
+
                                                                                          Blank
                                                                                          
 
                                                                                          Whether to lock files on the server using the NLM protocol. If nolock is selected, the lock is valid for applications on one host. For applications on another host, the lock is invalid.
                                                                                          
+
                                                                                          Whether to lock files on the server using the NLM protocol. If nolock is selected, the lock is valid for applications on one host. For applications on another host, the lock is invalid.
                                                                                          
                                                                                           		
 
                                                                                          timeo
                                                                                          
+
                                                                                          timeo
                                                                                          
 
                                                                                          600
                                                                                          
+
                                                                                          600
                                                                                          
 
                                                                                          Waiting time before the NFS client retransmits a request. The unit is 0.1 seconds. Recommended value: 600
                                                                                          
+
                                                                                          Waiting time before the NFS client retransmits a request. The unit is 0.1 seconds. Recommended value: 600
                                                                                          
                                                                                           		
 
                                                                                          hard/soft
                                                                                          
+
                                                                                          hard/soft
                                                                                          
 
                                                                                          Blank
                                                                                          
+
                                                                                          Blank
                                                                                          
 
                                                                                          Mounting mode.
                                                                                          
+
                                                                                          Mount mode.
                                                                                          
 
                                                                                          • hard: If the NFS request times out, the client keeps resending the request until the request is successful.
                                                                                          • soft: If the NFS request times out, the client returns an error to the invoking program.
                                                                                          
 
                                                                                          The default value is hard.
                                                                                          
                                                                                           		
 
                                                                                          sharecache/nosharecache
                                                                                          
+
                                                                                          sharecache/nosharecache
                                                                                          
 
                                                                                          Blank
                                                                                          
+
                                                                                          Blank
                                                                                          
 
                                                                                          How the data cache and attribute cache are shared when one file system is concurrently mounted to different clients. If this parameter is set to sharecache, the caches are shared between the mountings. If this parameter is set to nosharecache, the caches are not shared, and one cache is configured for each client mounting. The default value is sharecache.
                                                                                          
+
                                                                                          How the data cache and attribute cache are shared when one file system is concurrently mounted to different clients. If this parameter is set to sharecache, the caches are shared between the mountings. If this parameter is set to nosharecache, the caches are not shared, and one cache is configured for each client mounting. The default value is sharecache.
                                                                                          
 
                                                                                           NOTE: 
                                                                                          The nosharecache setting will affect the performance. The mounting information must be obtained for each mounting, which increases the communication overhead with the NFS server and the memory consumption of the NFS clients. In addition, the nosharecache setting on the NFS clients may lead to inconsistent caches. Determine whether to use nosharecache based on site requirements.
                                                                                          
 
                                                                                          
                                                                                           		
 
 
                                                                                          
-
@@ -78,7 +80,7 @@
 
-
                                                                                          Table 1 Node OSs and container engines in CCE clusters
                                                                                          OS
                                                                                          
@@ -37,7 +39,7 @@
 
 
                                                                                          OverlayFS
                                                                                          
 
                                                                                          Supported only by clusters of v1.19.16, v1.21.3, v1.23.3, or later. There are no limits by default.
                                                                                          
+
                                                                                          Supported by clusters of v1.19.16, v1.21.3, v1.23.3, or later. Both Docker and containerd are supported. There are no limits by default.
                                                                                          
 
                                                                                          Not supported if the cluster versions are earlier than v1.19.16, v1.21.3, or v1.23.3.
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          ECS VMs use OverlayFS.
                                                                                          
 
                                                                                          Supported only when Rootfs is set to OverlayFS and the container engine is Docker. The container basesize is not limited by default. 
                                                                                          
+
                                                                                          Supported only when Rootfs is set to OverlayFS and the container engine is Docker. There are no limits by default. 
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          HCE OS 2.0
                                                                                          
diff --git a/docs/cce/umn/cce_10_0342.html b/docs/cce/umn/cce_10_0342.html
index 3077df30..aa660d9f 100644
--- a/docs/cce/umn/cce_10_0342.html
+++ b/docs/cce/umn/cce_10_0342.html
@@ -3,71 +3,71 @@
 
                                                                                          Comparison Between Cluster Types
                                                                                          
 
                                                                                          Comparison
                                                                                          CCE provides different types of clusters for you to select. The following table lists the differences between them.
                                                                                          
 
-
                                                                                          Category
                                                                                          
+
                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0345.html b/docs/cce/umn/cce_10_0345.html
index 6c03f9d0..0af4a1da 100644
--- a/docs/cce/umn/cce_10_0345.html
+++ b/docs/cce/umn/cce_10_0345.html
@@ -2,15 +2,15 @@
 
 
                                                                                          Default GPU Scheduling in Kubernetes
                                                                                          You can use GPUs in CCE containers.
                                                                                          
-
                                                                                          Prerequisites
                                                                                          • A GPU node has been created. For details, see Creating a Node.
                                                                                          • The gpu-device-plugin (previously gpu-beta add-on) has been installed. During the installation, select the GPU driver on the node. For details, see CCE AI Suite (NVIDIA GPU).
                                                                                          • gpu-device-plugin mounts the driver directory to /usr/local/nvidia/lib64. To use GPU resources in a container, add /usr/local/nvidia/lib64 to the LD_LIBRARY_PATH environment variable.
                                                                                            Generally, you can use any of the following methods to add a file:
                                                                                            
-
                                                                                            1. Configure the LD_LIBRARY_PATH environment variable in the Dockerfile used for creating an image. (Recommended)
                                                                                              ENV LD_LIBRARY_PATH /usr/local/nvidia/lib64:$LD_LIBRARY_PATH
                                                                                              
-
                                                                                            2. Configure the LD_LIBRARY_PATH environment variable in the image startup command.
                                                                                              /bin/bash -c "export LD_LIBRARY_PATH=/usr/local/nvidia/lib64:$LD_LIBRARY_PATH && ..."
                                                                                              
-
                                                                                            3. Define the LD_LIBRARY_PATH environment variable when creating a workload. (Ensure that this variable is not configured in the container. Otherwise, it will be overwritten.)
                                                                                              ...
+
                                                                                              Prerequisites
                                                                                              • A GPU node has been created. For details, see Creating a Node.
                                                                                              • The CCE AI Suite (NVIDIA GPU) add-on has been installed. During the installation, select the driver corresponding to the GPU model on the node. For details, see CCE AI Suite (NVIDIA GPU).
                                                                                              • When the default GPU scheduling is used in clusters of v1.27 or earlier, the CCE AI Suite (NVIDIA GPU) add-on mounts the driver directory to /usr/local/nvidia/lib64, so you need to add /usr/local/nvidia/lib64 to the LD_LIBRARY_PATH environment variable to use GPUs in a container. You can skip this step for clusters of v1.28 or later.
                                                                                                You can add environment variables in any of the following ways:
                                                                                                
+
                                                                                                • Configure the LD_LIBRARY_PATH environment variable in the Dockerfile used for creating an image. (Recommended)
                                                                                                  ENV LD_LIBRARY_PATH /usr/local/nvidia/lib64:$LD_LIBRARY_PATH
                                                                                                  
+
                                                                                                • Configure the LD_LIBRARY_PATH environment variable in the image startup command.
                                                                                                  /bin/bash -c "export LD_LIBRARY_PATH=/usr/local/nvidia/lib64:$LD_LIBRARY_PATH && ..."
                                                                                                  
+
                                                                                                • Define the LD_LIBRARY_PATH environment variable when creating a workload. (Ensure that this variable is not configured in the container. Otherwise, it will be overwritten.)
                                                                                                  ...
           env:
             - name: LD_LIBRARY_PATH
               value: /usr/local/nvidia/lib64
 ...
                                                                                                  
-
                                                                                            
+
                                                                                          
 
 
                                                                                          
 
                                                                                          Using GPUs
                                                                                          Create a workload and request GPUs. You can specify the number of GPUs as follows:
                                                                                          
diff --git a/docs/cce/umn/cce_10_0348.html b/docs/cce/umn/cce_10_0348.html
index 47955aba..81fe3ad1 100644
--- a/docs/cce/umn/cce_10_0348.html
+++ b/docs/cce/umn/cce_10_0348.html
@@ -2,10 +2,42 @@
 
 
                                                                                          Maximum Number of Pods That Can Be Created on a Node
                                                                                          
 
                                                                                          Calculation of the Maximum Number of Pods on a Node
                                                                                          The maximum number of pods that can be created on a node is calculated based on the cluster type:
                                                                                          
-
+
+
                                                                                          Category
                                                                                          
 
                                                                                          Subcategory
                                                                                          
+
                                                                                          Subcategory
                                                                                          
 
                                                                                          CCE Standard
                                                                                          
+
                                                                                          CCE Standard
                                                                                          
 
                                                                                          CCE Turbo
                                                                                          
+
                                                                                          CCE Turbo
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          Positioning
                                                                                          
+
                                                                                          Positioning
                                                                                          
 
                                                                                          -
                                                                                          
+
                                                                                          -
                                                                                          
 
                                                                                          Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                          
+
                                                                                          Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                          
 
                                                                                          Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                          
+
                                                                                          Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                          
                                                                                           		
 
                                                                                          Application scenario
                                                                                          
+
                                                                                          Application scenario
                                                                                          
 
                                                                                          -
                                                                                          
+
                                                                                          -
                                                                                          
 
                                                                                          For users who expect to use container clusters to manage applications, obtain elastic computing resources, and enable simplified management on computing, network, and storage resources
                                                                                          
+
                                                                                          For users who expect to use container clusters to manage applications, obtain elastic computing resources, and enable simplified management on computing, network, and storage resources
                                                                                          
 
                                                                                          For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                          
+
                                                                                          For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                          
                                                                                           		
 
                                                                                          Specification difference
                                                                                          
+
                                                                                          Specification difference
                                                                                          
 
                                                                                          Network model
                                                                                          
+
                                                                                          Network model
                                                                                          
 
                                                                                          Cloud-native network 1.0: applies to common, smaller-scale scenarios.
                                                                                          
-
                                                                                          • Tunnel network
                                                                                          • Virtual Private Cloud (VPC) network
                                                                                          
+
                                                                                          Cloud native 1.0 network: applies to common, smaller-scale scenarios.
                                                                                          
+
                                                                                          • Tunnel network
                                                                                          • Virtual Private Cloud (VPC) network
                                                                                          
 
                                                                                          Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                          
-
                                                                                          Max networking scale: 2,000 nodes
                                                                                          
+
                                                                                          Cloud Native 2.0 network: applies to large-scale and high-performance scenarios.
                                                                                          
+
                                                                                          Max networking scale: 2,000 nodes
                                                                                          
                                                                                           		
 
                                                                                          Network performance
                                                                                          
+
                                                                                          Network performance
                                                                                          
 
                                                                                          Overlays the VPC network with the container network, causing certain performance loss.
                                                                                          
+
                                                                                          Overlays the VPC network with the container network, causing certain performance loss.
                                                                                          
 
                                                                                          Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                          
+
                                                                                          Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                          
                                                                                           		
 
                                                                                          Network isolation
                                                                                          
+
                                                                                          Network isolation
                                                                                          
 
                                                                                          • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                          • VPC network model: supports no isolation.
                                                                                          
+
                                                                                          • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                          • VPC network model: supports no isolation.
                                                                                          
 
                                                                                          Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                          
+
                                                                                          Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                          
                                                                                           		
 
                                                                                          Security isolation
                                                                                          
+
                                                                                          Security isolation
                                                                                          
 
                                                                                          Runs common containers, isolated by cgroups.
                                                                                          
+
                                                                                          Runs common containers, isolated by cgroups.
                                                                                          
 
                                                                                          • Physical machine: runs Kuasar containers, allowing VM-level isolation.
                                                                                          • Runs common containers, isolated by cgroups.
                                                                                          
+
                                                                                          • Physical machine: runs secure containers, allowing VM-level isolation.
                                                                                          • Runs common containers, isolated by cgroups.
                                                                                          
                                                                                           		
 
                                                                                          Edge infrastructure management
                                                                                          
+
                                                                                          Edge infrastructure management
                                                                                          
 
                                                                                          Not supported
                                                                                          
+
                                                                                          None
                                                                                          
 
                                                                                          Supports management of Intelligent EdgeSite (IES).
                                                                                          
+
                                                                                          Supports management of Intelligent EdgeSite (IES).
                                                                                          
                                                                                           		
 
                                                                                          
                                                                                           
 
                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                          Network Model
                                                                                          
+
                                                                                          Calculation of the Maximum Number of Pods That Can Be Created on a Node
                                                                                          
+
                                                                                          Suggestions
                                                                                          
+
                                                                                          Container tunnel network
                                                                                          
+
                                                                                          Depends on maximum number of pods on a node.
                                                                                          
+
                                                                                          None
                                                                                          
+
                                                                                          VPC network
                                                                                          
+
                                                                                          Depends on the smaller value between the maximum number of pods on a node and the number of container IP addresses that can be allocated on a node.
                                                                                          
+
                                                                                          To ensure proper functioning of new pods on a node, it is recommended that you limit maximum number of pods on the node to the number of container IP addresses that can be allocated on the node. If the number of container IP addresses on the node is insufficient, new pods may not run properly.
                                                                                          
+
                                                                                          Cloud Native 2.0 network (for CCE Turbo clusters)
                                                                                          
+
                                                                                          Depends on the smaller value between maximum number of pods on a node and the number of ENIs on a node in a CCE Turbo cluster.
                                                                                          
+
                                                                                          To ensure proper functioning of new pods on a node, it is recommended that you limit the maximum number of pods on the node to the number of ENIs available on it. If the available ENIs on the node are insufficient, new pods may not run properly.
                                                                                          
+
                                                                                          
 
                                                                                          
-
                                                                                          Number of Container IP Addresses That Can Be Allocated on a Node
                                                                                          If you select VPC network for Network Model when creating a CCE cluster, you also need to set the number of container IP addresses that can be allocated to each node (alpha.cce/fixPoolMask). If the pod uses the host network (hostNetwork: true), the pod does not occupy the IP address of the allocatable container network. For details, see Container Network vs. Host Network.
                                                                                          
-
                                                                                          This parameter affects the maximum number of pods that can be created on a node. Each pod occupies an IP address (when the container network is used). If the number of available IP addresses is insufficient, pods cannot be created. If the pod uses the host network (hostNetwork: true), the pod does not occupy the IP address of the allocatable container network.
                                                                                          
+
                                                                                          
+
                                                                                          Number of Container IP Addresses That Can Be Allocated on a Node
                                                                                          When creating a cluster using a VPC network, you need to configure the number of container IP addresses that can be allocated on each node (that is, the alpha.cce/fixPoolMask parameter) based on the allocation rules. For details about the VPC network's IP address allocation rules, see Container IP Address Management.
                                                                                          
+
                                                                                          This parameter affects the maximum number of pods that can be created on a node. When container network is used, an IP address is allocated to every pod. If the container IP addresses pre-allocated on the node are insufficient, pods cannot be created. If pods use the host network (hostNetwork: true configured in the YAML file), the pods do not occupy the allocatable container IP addresses. For details, see Pod IP Address Allocation Differences Between the Container Network and Host Network.
                                                                                          
 
                                                                                          By default, a node occupies three container IP addresses (network address, gateway address, and broadcast address). Therefore, the number of container IP addresses that can be allocated to a node equals the number of selected container IP addresses minus 3. 
                                                                                          
 
                                                                                          
 
                                                                                          Maximum Number of Pods on a Node
                                                                                          When creating a node, you can configure the maximum number of pods (maxPods) that can be created on the node. This parameter is a configuration item of kubelet and determines the maximum number of pods that can be created by kubelet.
                                                                                          
@@ -51,8 +83,8 @@
 
                                                                                          
 
                                                                                          Number of Node ENIs (CCE Turbo Clusters)
                                                                                          In a CCE Turbo cluster, ECS nodes use sub-ENIs. The maximum number of pods that can be created on a node depends on the number of ENIs that can be used by the node.
                                                                                          
 
                                                                                          
-
                                                                                          Container Network vs. Host Network
                                                                                          When creating a pod, you can select the container network or host network for the pod.
                                                                                          
-
                                                                                          • Container network (default): Each pod is assigned an IP address by the cluster networking add-ons, which occupies the IP addresses of the container network.
                                                                                          • Host network: The pod uses the host network (hostNetwork: true needs to be configured for the pod) and occupies the host port. The pod IP address is the host IP address. The pod does not occupy the IP addresses of the container network. To use the host network, you must confirm whether the container ports conflict with the host ports. Do not use the host network unless you know exactly which host port is used by which container.
                                                                                          
+
                                                                                          Pod IP Address Allocation Differences Between the Container Network and Host Network
                                                                                          When creating a pod, you can select the container network or host network for the pod.
                                                                                          
+
                                                                                          • Container network (default): Each pod is assigned an IP address by the cluster networking add-ons, which occupies the IP addresses of the container network.
                                                                                          • Host network: The pod uses the host network (hostNetwork: true needs to be configured for the pod) and occupies the host port. The pod IP address is the host IP address. The pod does not occupy the IP addresses of the container network. To use the host network, you must confirm whether the container ports conflict with the host ports. Do not use the host network unless a specific application must use a specific port on the host.
                                                                                          
 
                                                                                          
 
                                                                                          
 
                                                                                          
diff --git a/docs/cce/umn/cce_10_0349.html b/docs/cce/umn/cce_10_0349.html
index 99f7f06d..4b48c83c 100644
--- a/docs/cce/umn/cce_10_0349.html
+++ b/docs/cce/umn/cce_10_0349.html
@@ -4,62 +4,62 @@
 
                                                                                          kube-proxy is a key component of a Kubernetes cluster. It is used for load balancing and forwarding data between a Service and its backend pods.
                                                                                          
 
                                                                                          CCE supports the iptables and IP Virtual Server (IPVS) forwarding modes.
                                                                                          
 
-
                                                                                          Feature Difference
                                                                                          
+
                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                          Feature Difference
                                                                                          
 
                                                                                          iptables
                                                                                          
+
                                                                                          iptables
                                                                                          
 
                                                                                          IPVS
                                                                                          
+
                                                                                          IPVS
                                                                                          
                                                                                           		
 
                                                                                          
 
                                                                                          Positioning
                                                                                          
+
                                                                                          Positioning
                                                                                          
 
                                                                                          iptables is a mature and stable kube-proxy mode, but its performance is average. It applies to scenarios where the number of services is small (less than 1000) or there are a large number of short concurrent connections on the client. For details, see iptables.
                                                                                          
+
                                                                                          A mature, stable kube-proxy mode, but its performance is average. It applies to scenarios where the number of Services is small (less than 3000) or there are a large number of short concurrent connections on the client. For details, see iptables.
                                                                                          
 
                                                                                          IPVS is a high-performance kube-proxy mode. It applies to scenarios where the cluster scale is large or the number of Services is large. For details, see IPVS.
                                                                                          
+
                                                                                          A high-performance kube-proxy mode. It applies to scenarios where the cluster scale is large or the number of Services is large. For details, see IPVS.
                                                                                          
                                                                                           		
 
                                                                                          Throughput
                                                                                          
+
                                                                                          Throughput
                                                                                          
 
                                                                                          Relatively low
                                                                                          
+
                                                                                          Relatively low
                                                                                          
 
                                                                                          Relatively high
                                                                                          
+
                                                                                          Relatively high
                                                                                          
                                                                                           		
 
                                                                                          Complexity
                                                                                          
+
                                                                                          Complexity
                                                                                          
 
                                                                                          O(n). n increases with the number of Services and backend pods in the cluster.
                                                                                          
+
                                                                                          O(n). n increases with the number of Services and backend pods in the cluster.
                                                                                          
 
                                                                                          O(1). In most cases, the connection processing efficiency is irrelevant to the cluster scale.
                                                                                          
+
                                                                                          O(1). In most cases, the connection processing efficiency is irrelevant to the cluster scale.
                                                                                          
                                                                                           		
 
                                                                                          Load balancing algorithm
                                                                                          
+
                                                                                          Load balancing algorithm
                                                                                          
 
                                                                                          iptables has only one algorithm for random selection.
                                                                                          
+
                                                                                          iptables has only one algorithm for random selection.
                                                                                          
 
                                                                                          IPVS involves multiple load balancing algorithms, such as round-robin, shortest expected delay, least connections, and various hashing methods.
                                                                                          
+
                                                                                          IPVS involves multiple load balancing algorithms, such as round-robin, shortest expected delay, least connections, and various hashing methods.
                                                                                          
                                                                                           		
 
                                                                                          ClusterIP connectivity
                                                                                          
+
                                                                                          ClusterIP connectivity
                                                                                          
 
                                                                                          The internal IP address in the cluster cannot be pinged.
                                                                                          
+
                                                                                          The internal IP address in the cluster cannot be pinged.
                                                                                          
 
                                                                                          The internal IP address in the cluster can be pinged.
                                                                                          
+
                                                                                          The internal IP address in the cluster can be pinged.
                                                                                          
 
                                                                                           NOTE: 
                                                                                          The IP address in clusters of v1.27 or later cannot be pinged due to security hardening.
                                                                                          
 
                                                                                          
                                                                                           		
 
                                                                                          Additional restrictions
                                                                                          
+
                                                                                          Additional restrictions
                                                                                          
 
                                                                                          When there are more than 1000 Services in the cluster, network delay may occur.
                                                                                          
+
                                                                                          When there are more than 3000 Services in a cluster, network delay may occur.
                                                                                          
 
                                                                                          • If an ingress and a Service use the same load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer used by the ingress. Use different load balancers for the ingress and Service.
                                                                                          
+
                                                                                          • If an ingress and a Service use the same load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer used by the ingress. Use different load balancers for the ingress and Service.
                                                                                          
                                                                                           		
 
                                                                                          
                                                                                           
 
                                                                                          
 
                                                                                          
-
                                                                                          iptables
                                                                                          iptables is a Linux kernel function for processing and filtering a large amount of data packets. It allows flexible sequences of rules to be attached to various hooks in the packet processing pipeline. When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook. For each Service, kube-proxy installs an iptables rule which captures the traffic destined for the Service's ClusterIP and ports and redirects the traffic to one of the backend pods. By default, iptables randomly selects a backend pod. For details, see iptables proxy mode.
                                                                                          
+
                                                                                          iptables
                                                                                          iptables is a Linux kernel function for processing and filtering a large number of data packets. It allows flexible sequences of rules to be attached to various hooks in the packet processing pipeline. When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook. For each Service, kube-proxy installs an iptables rule which captures the traffic destined for the Service's ClusterIP and ports and redirects the traffic to one of the backend pods. By default, iptables randomly selects a backend pod. For details, see iptables proxy mode.
                                                                                          
 
                                                                                          
 
                                                                                          IPVS
                                                                                          IPVS is constructed on top of Netfilter and balances transport-layer loads as part of the Linux kernel. IPVS can direct requests for TCP- or UDP-based services to the real servers, and make services of the real servers appear as virtual services on a single IP address.
                                                                                          
 
                                                                                          In the IPVS mode, kube-proxy uses IPVS load balancing instead of iptables. IPVS is designed to balance loads for a large number of Services. It has a set of optimized APIs and uses optimized search algorithms instead of simply searching for rules from a list. For details, see IPVS proxy mode.
                                                                                          
diff --git a/docs/cce/umn/cce_10_0351.html b/docs/cce/umn/cce_10_0351.html
index b30f22cf..b4b4039a 100644
--- a/docs/cce/umn/cce_10_0351.html
+++ b/docs/cce/umn/cce_10_0351.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                          CPU Policy
                                                                                          
-
                                                                                          Scenarios
                                                                                          By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                                          
+
                                                                                          Scenarios
                                                                                          By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                                          
 
                                                                                          • CPU throttling
                                                                                          • Context switching
                                                                                          • Processor cache misses
                                                                                          • Cross-socket memory access
                                                                                          • Hyperthreads that are expected to run on the same physical CPU card
                                                                                          
 
                                                                                          If your workloads are sensitive to any of these items and CPU cache affinity and scheduling latency significantly affect workload performance, kubelet allows alternative CPU management policies (CPU binding) to determine some placement preferences on the node. The CPU manager preferentially allocates resources on a socket and full physical cores to avoid interference.
                                                                                          
 
                                                                                          
-
                                                                                          Constraints
                                                                                          The CPU management policy cannot take effect on physical cloud server nodes.
                                                                                          
+
                                                                                          Notes and Constraints
                                                                                          The CPU management policy cannot take effect on physical cloud server nodes.
                                                                                          
 
                                                                                          
 
                                                                                          Enabling the CPU Management Policy
                                                                                          A CPU management policy is specified by the kubelet flag --cpu-manager-policy. By default, Kubernetes supports the following policies:
                                                                                          
 
                                                                                          • Disabled (none): the default policy. The none policy explicitly enables the existing default CPU affinity scheme, providing no affinity beyond what the OS scheduler does automatically.
                                                                                          • Enabled (static): The static policy allows containers in guaranteed pods with integer GPU requests to be granted increased CPU affinity and exclusivity on the node.
                                                                                          
diff --git a/docs/cce/umn/cce_10_0352.html b/docs/cce/umn/cce_10_0352.html
index 0064a748..8ccedf65 100644
--- a/docs/cce/umn/cce_10_0352.html
+++ b/docs/cce/umn/cce_10_0352.html
@@ -6,7 +6,7 @@
 
                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                          2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab, select the target node and click Labels and Taints in the upper left corner.
                                                                                          3. In the displayed dialog box, click Add Operation under Batch Operation, and then choose Add/Update or Delete as well as Taint.
                                                                                            Enter the key and value of the taint to be operated, choose a taint effect, and click OK.
                                                                                            
 
                                                                                          4. After the taint is added, check the added taint in node data.
                                                                                          
 
                                                                                          
-
                                                                                          Procedure for Operations Performed Through kubectl Commands
                                                                                          A taint is a key-value pair associated with an effect. The following effects are available:
                                                                                          
+
                                                                                          Procedure for Operations Performed Through kubectl
                                                                                          A taint is a key-value pair associated with an effect. The following effects are available:
                                                                                          
 
                                                                                          • NoSchedule: No pod will be scheduled onto the node unless it has a matching toleration. Existing pods will not be evicted from the node.
                                                                                          • PreferNoSchedule: Kubernetes prevents pods that cannot tolerate this taint from being scheduled onto the node.
                                                                                          • NoExecute: If the pod has been running on a node, the pod will be evicted from the node. If the pod has not been running on a node, the pod will not be scheduled onto the node.
                                                                                          
 
                                                                                          To add a taint to a node, run the kubectl taint node nodename command as follows:
                                                                                          
 
                                                                                          $ kubectl get node
@@ -40,7 +40,7 @@ Name:               192.168.10.240
 Taints:             <none>
 ...
                                                                                          
 
                                                                                          
-
                                                                                          Configuring a Node Scheduling Policy in One-Click Mode
                                                                                          You can configure a node to be unschedulable on the console. Then, CCE will add a taint with key node.kubernetes.io/unschedulable and the NoSchedule setting to the node. After a node is set to be unschedulable, new pods cannot be scheduled to this node, but pods running on the node are not affected.
                                                                                          
+
                                                                                          Configuring a Node Scheduling Policy in One-Click Mode
                                                                                          You can configure a node to be unschedulable on the console. Then, CCE will add a taint with key node.kubernetes.io/unschedulable and the NoSchedule setting to the node. After a node is set to be unschedulable, new pods cannot be scheduled to this node, but pods running on the node are not affected.
                                                                                          
 
                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                          2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                          3. In the node list, locate the target node and choose More > Disable Scheduling in the Operation column.
                                                                                          4. In the dialog box that is displayed, click Yes to configure the node to be unschedulable.
                                                                                            This operation will add a taint to the node. You can use kubectl to view the content of the taint.
                                                                                            
 
                                                                                            $ kubectl describe node 192.168.10.240
 ...
diff --git a/docs/cce/umn/cce_10_0353.html b/docs/cce/umn/cce_10_0353.html
index 20c07cb2..f8352057 100644
--- a/docs/cce/umn/cce_10_0353.html
+++ b/docs/cce/umn/cce_10_0353.html
@@ -28,7 +28,7 @@ spec:
 
                                                                                          
 
                                                                                          
 
                                                                                          
-
                                                                                          Parent topic: Configuring a Container
                                                                                          
+
                                                                                          Parent topic: Configuring a Workload
                                                                                          
 
                                                                                          
 
                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0354.html b/docs/cce/umn/cce_10_0354.html
index 7380d8ce..2cee3291 100644
--- a/docs/cce/umn/cce_10_0354.html
+++ b/docs/cce/umn/cce_10_0354.html
@@ -37,7 +37,7 @@ spec:
 
                                                                                          
 
                                                                                          
 
                                                                                          
-
                                                                                          Parent topic: Configuring a Container
                                                                                          
+
                                                                                          Parent topic: Configuring a Workload
                                                                                          
 
                                                                                          
 
                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0355.html b/docs/cce/umn/cce_10_0355.html
index 9f06fb34..0a353f0f 100644
--- a/docs/cce/umn/cce_10_0355.html
+++ b/docs/cce/umn/cce_10_0355.html
@@ -1,17 +1,17 @@
 
 
-
                                                                                          Enabling Passthrough Networking for LoadBalancer Services
                                                                                          
+
                                                                                          Configuring Passthrough Networking for a LoadBalancer Service
                                                                                          
 
                                                                                          Background
                                                                                          A Kubernetes cluster can publish applications running on a group of pods as Services, which provide unified layer-4 access entries. For a Loadbalancer Service, kube-proxy configures the LoadbalanceIP in status of the Service to the local forwarding rule of the node by default. When a pod accesses the load balancer from within the cluster, the traffic is forwarded within the cluster instead of being forwarded by the load balancer.
                                                                                          
 
                                                                                          kube-proxy is responsible for intra-cluster forwarding. kube-proxy has two forwarding modes: iptables and IPVS. iptables is a simple polling forwarding mode. IPVS has multiple forwarding modes but it requires modifying the startup parameters of kube-proxy. Compared with iptables and IPVS, load balancers provide more flexible forwarding policies as well as health check capabilities.
                                                                                          
 
                                                                                          
 
                                                                                          Solution
                                                                                          CCE supports passthrough networking. You can configure the annotation of kubernetes.io/elb.pass-through for the Loadbalancer Service. Intra-cluster access to the Service load balancer address is then forwarded to backend pods by the load balancer.
                                                                                          
-
                                                                                          Figure 1 Passthrough networking illustration
                                                                                          
+
                                                                                          Figure 1 Passthrough networking illustration
                                                                                          
 
                                                                                          • CCE clusters
                                                                                            When a LoadBalancer Service is accessed within the cluster, the access is forwarded to the backend pods using iptables/IPVS by default.
                                                                                            
 
                                                                                            When a LoadBalancer Service (configured with elb.pass-through) is accessed within the cluster, the access is first forwarded to the load balancer, then the nodes, and finally to the backend pods using iptables/IPVS.
                                                                                            
-
                                                                                          • CCE Turbo clusters
                                                                                            When a client accesses a LoadBalancer Service from within the cluster, pass-through is used by default. In this case, the client directly accesses the load balancer private network IP address and then access a container through the load balancer.
                                                                                            
+
                                                                                          • CCE Turbo clusters
                                                                                            When a client accesses a LoadBalancer Service from within the cluster, passthrough is used by default. In this case, the client directly accesses the load balancer private network IP address and then access a container through the load balancer.
                                                                                            
 
                                                                                          
 
                                                                                          
-
                                                                                          Constraints
                                                                                          • After passthrough networking is configured for a dedicated load balancer, in a CCE standard cluster, pods that run on the same node as the workload and pods that run on the same node cannot be accessed through the LoadBalancer Service.
                                                                                          • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                                          • In IPVS network mode, the pass-through settings of Service connected to the same ELB must be the same.
                                                                                          • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                                          
+
                                                                                          Constraints
                                                                                          • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                                                          • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                                          • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                                                          • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                                          
 
                                                                                          
 
                                                                                          Procedure
                                                                                          This section describes how to create a Deployment using an Nginx image and create a Service with passthrough networking enabled.
                                                                                          
 
                                                                                          1. Use the Nginx image to create a Deployment.
                                                                                            apiVersion: apps/v1     
@@ -40,7 +40,7 @@ spec:
             memory: 200Mi
       imagePullSecrets:
       - name: default-secret
                                                                                            
-
                                                                                          2. For a LoadBalance Service type, set kubernetes.io/elb.pass-through to true. In this example, a shared load balancer named james is automatically created.
                                                                                            apiVersion: v1 
+
                                                                                          3. For a LoadBalance Service, set kubernetes.io/elb.pass-through to true. In this example, a shared load balancer named james is automatically created.
                                                                                            apiVersion: v1 
 kind: Service 
 metadata: 
   annotations:   
@@ -63,8 +63,7 @@ spec:
 
                                                                                            
 
                                                                                          
 
                                                                                          
-
                                                                                          Verification
                                                                                          Check the ELB load balancer corresponding to the created Service. The load balancer name is james. The number of ELB connections is 0, as shown in the following figure.
                                                                                          
-
                                                                                          
+
                                                                                          Verification
                                                                                          Check the load balancer associated with the created Service. The load balancer name is james. The number of load balancer connections is 0.
                                                                                          
 
                                                                                          Use kubectl to connect to the cluster, go to an Nginx container, and access the ELB address. The access is successful.
                                                                                          
 
                                                                                          # kubectl get pod
 NAME                     READY   STATUS    RESTARTS   AGE
@@ -98,7 +97,6 @@ Commercial support is available at
 </body>
 </html>
                                                                                          
 
                                                                                          Wait for a period of time and view the ELB monitoring data. A new access connection is created for the ELB, indicating that the access passes through the ELB load balancer as expected.
                                                                                          
-
                                                                                          
 
                                                                                          
 
                                                                                          
 
                                                                                          
diff --git a/docs/cce/umn/cce_10_0360.html b/docs/cce/umn/cce_10_0360.html
index d743f805..31163356 100644
--- a/docs/cce/umn/cce_10_0360.html
+++ b/docs/cce/umn/cce_10_0360.html
@@ -21,7 +21,7 @@ nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:5 timeout single-request-reopen
 
                                                                                          When a user accesses the Service name:Port of the Nginx pod, the IP address of the Nginx Service is resolved from CoreDNS, and then the IP address of the Nginx Service is accessed. In this way, the user can access the backend Nginx pod.
                                                                                          
-
                                                                                          Figure 1 Example of domain name resolution in a cluster
                                                                                          
+
                                                                                          Figure 1 Example of domain name resolution in a cluster
                                                                                          
 
                                                                                          
 
                                                                                          How Does Domain Name Resolution Work in Kubernetes?
                                                                                          DNS policies can be configured for each pod. Kubernetes supports DNS policies Default, ClusterFirst, ClusterFirstWithHostNet, and None. For details, see DNS for Services and Pods. These policies are specified in the dnsPolicy field in the pod-specific.
                                                                                          
 
                                                                                          • Default: Pods inherit the name resolution configuration from the node that the pods run on. The custom upstream DNS server and the stub domain cannot be used together with this policy.
                                                                                          • ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream name server inherited from the node. Cluster administrators may have extra stub domains and upstream DNS servers configured. 
                                                                                          • ClusterFirstWithHostNet: For pods running with hostNetwork, set its DNS policy ClusterFirstWithHostNet.
                                                                                          • None: It allows a pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsPolicy field in the pod-specific.
                                                                                          
@@ -33,7 +33,7 @@ options ndots:5 timeout single-request-reopen
 
                                                                                          1. The query is first sent to the DNS caching layer in CoreDNS.
                                                                                          2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                                                                            • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                                                                            
 
                                                                                            • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                                                                            • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                                                                            
 
                                                                                          
-
                                                                                          Figure 2 Routing
                                                                                          
+
                                                                                          Figure 2 Routing
                                                                                          
 
                                                                                          
 
                                                                                          Related Operations
                                                                                          You can also configure DNS in a workload. For details, see DNS Configuration.
                                                                                          
 
                                                                                          You can also use CoreDNS to implement user-defined domain name resolution. For details, see Using CoreDNS for Custom Domain Name Resolution.
                                                                                          
diff --git a/docs/cce/umn/cce_10_0361.html b/docs/cce/umn/cce_10_0361.html
index 5396766f..00dee495 100644
--- a/docs/cce/umn/cce_10_0361.html
+++ b/docs/cce/umn/cce_10_0361.html
@@ -14,7 +14,9 @@
 
                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                          2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                          3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local -- 10.150.0.1.
                                                                                          4. Click OK.
                                                                                          5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                            The corresponding Corefile content is as follows:
                                                                                            
 
                                                                                            .:5353 {
     bind {$POD_IP}
-    cache 30
+    cache 30 {
+        servfail 5s
+    }
     errors
     health {$POD_IP}:8080
     kubernetes cluster.local in-addr.arpa ip6.arpa {
diff --git a/docs/cce/umn/cce_10_0363.html b/docs/cce/umn/cce_10_0363.html
index 65bb2ef1..35187b37 100644
--- a/docs/cce/umn/cce_10_0363.html
+++ b/docs/cce/umn/cce_10_0363.html
@@ -3,62 +3,64 @@
 
                                                                                            Creating a Node
                                                                                            
 
                                                                                            Prerequisites
                                                                                            • At least one cluster has been created.
                                                                                            • A key pair has been created for identity authentication upon remote node login.
                                                                                            
 
                                                                                            
-
                                                                                            Constraints
                                                                                            • The node has at least 2 vCPUs and 4 GiB of memory.
                                                                                            • To ensure node stability, a certain number of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications. Therefore, the total number of node resources and the number of allocatable node resources for your cluster are different. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components. For details, see Node Resource Reservation Policy.
                                                                                            • Networks including VM networks and container networks of nodes are all managed by CCE. Do not add or delete ENIs, or change routes and IP addresses. Otherwise, services may be unavailable. For example, the NIC named gw_11cbf51a@eth0 on the node is the container network gateway and cannot be modified.
                                                                                            • During the node creation, software packages are downloaded from OBS using the domain name. A private DNS server must be used to resolve the OBS domain name. Therefore, the DNS server address of the subnet where the node resides must be set to the private DNS server address so that the node can access the private DNS server. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
                                                                                            • Once a node is created, its AZ cannot be changed.
                                                                                            
+
                                                                                            Notes and Constraints
                                                                                            • The DNS configuration of a subnet where a node is located cannot be modified because OBS and other dependent services are necessary for creating nodes.
                                                                                            
+
                                                                                            
+
                                                                                            Precautions
                                                                                            • To maintain node stability, Kubernetes components such as kubelet, kube-proxy, and docker, as well as the Kubernetes system, will be allocated a specific number of node resources based on the node flavor. Therefore, the total number of node resources and the number of allocatable node resources for your cluster are different. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components. For details, see Node Resource Reservation Policy.
                                                                                            • Networks including VM networks and container networks of nodes are all managed by CCE. Do not add or delete ENIs, or change routes and IP addresses. Otherwise, services may be unavailable. For example, the ENI named gw_11cbf51a@eth0 on the node is the container network gateway and cannot be modified.
                                                                                            
 
                                                                                            
 
                                                                                            Procedure
                                                                                            After a cluster is created, you can create nodes for the cluster.
                                                                                            
 
                                                                                            1. Log in to the CCE console.
                                                                                            2. In the navigation pane of the CCE console, choose Clusters. Click the target cluster name to access its details page.
                                                                                            3. In the navigation pane, choose Nodes. On the page displayed, click the Nodes tab and then Create Node in the upper right corner. Configure node parameters.
                                                                                              Configurations
                                                                                              
 
                                                                                              You can configure the flavor and OS of a cloud server, on which your containerized applications run.
-
                                                                                              Table 1 Node configuration parameters
                                                                                              Parameter
                                                                                              
+
                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -69,35 +71,35 @@
 
                                                                                              Storage Settings
                                                                                              Configure storage resources on a node for the containers running on it. Select a disk type and configure its size based on service requirements. 
-
                                                                                              Table 1 Node configuration parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              AZ
                                                                                              
+
                                                                                              AZ
                                                                                              
 
                                                                                              AZ where the node is located. Nodes in a cluster can be created in different AZs for higher reliability. The value cannot be changed after the node is created.
                                                                                              
+
                                                                                              AZ where the node is located. Nodes in a cluster can be created in different AZs for higher reliability. The value cannot be changed after the node is created.
                                                                                              
 
                                                                                              Select Random to deploy your node in a random AZ based on the selected node flavor.
                                                                                              
 
                                                                                              An AZ is a physical region where resources use independent power supply and networks. AZs are physically isolated but interconnected through an internal network. To enhance workload availability, create nodes in different AZs.
                                                                                              
                                                                                               		
 
                                                                                              Node Type
                                                                                              
+
                                                                                              Node Type
                                                                                              
 
                                                                                              Select a node type based on service requirements. Then, the available node flavors will be automatically displayed in the Specifications area for you to select.
                                                                                              
+
                                                                                              Select a node type based on service requirements. Then, the available node flavors will be automatically displayed in the Specifications area for you to select.
                                                                                              
 
                                                                                              CCE standard clusters support the following node types:
                                                                                              • ECS (VM): A virtualized ECS is used as a cluster node.
                                                                                              
 
                                                                                              
 
                                                                                              CCE Turbo clusters support the following node types:
                                                                                              • ECS (VM): A virtualized ECS is used as a cluster node. A CCE Turbo cluster supports only the cloud servers that allow multiple ENIs. Select a server type displayed on the CCE console.
                                                                                              
 
                                                                                              
                                                                                               		
 
                                                                                              Specifications
                                                                                              
+
                                                                                              Specifications
                                                                                              
 
                                                                                              Select node specifications that best fit your service needs. 
                                                                                              
+
                                                                                              Select node flavors as needed. A node needs at least two vCPU cores and 4 GiB of memory. 
                                                                                              
 
                                                                                              The available node flavors vary depending on AZs. Obtain the flavors displayed on the console.
                                                                                              
                                                                                               		
 
                                                                                              Container Engine
                                                                                              
+
                                                                                              Container Engine
                                                                                              
 
                                                                                              The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.
                                                                                              
+
                                                                                              The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.
                                                                                              
                                                                                               		
 
                                                                                              OS
                                                                                              
+
                                                                                              OS
                                                                                              
 
                                                                                              Select an OS type. Different types of nodes support different OSs.
                                                                                              • Public image: Select a public image for the node.
                                                                                              • Private image: Select a private image for the node. 
                                                                                              
+
                                                                                              Select an OS type. Different types of nodes support different OSs.
                                                                                              • Public image: Select a public image for the node.
                                                                                              • Private image: Select a private image for the node. 
                                                                                              
 
                                                                                               NOTE: 
                                                                                              Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.
                                                                                              
 
                                                                                              
 
                                                                                              
                                                                                               		
 
                                                                                              Node Name
                                                                                              
+
                                                                                              Node Name
                                                                                              
 
                                                                                              Name of the node. When nodes (ECSs) are created in batches, the value of this parameter is used as the name prefix for each ECS.
                                                                                              
+
                                                                                              Name of the node. When nodes (ECSs) are created in batches, the value of this parameter is used as the name prefix for each ECS.
                                                                                              
 
                                                                                              The system generates a default name for you, which can be modified.
                                                                                              
 
                                                                                              Enter 1 to 56 characters. Only lowercase letters, digits, hyphens (-), and periods (.) are allowed. The name must start with a lowercase letter and cannot end with a hyphen (-). Only lowercase letters or digits are allowed before and after periods (.).
                                                                                              
                                                                                               		
 
                                                                                              Login Mode
                                                                                              
+
                                                                                              Login Mode
                                                                                              
 
                                                                                              • Key Pair
                                                                                                Select the key pair used to log in to the node. You can select a shared key.
                                                                                                
+
                                                                                              • Key Pair
                                                                                                Select the key pair used to log in to the node. You can select a shared key.
                                                                                                
 
                                                                                                A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                
 
                                                                                              
                                                                                               		
 
 
                                                                                              Table 2 Configuration parameters
                                                                                              Parameter
                                                                                              
+
                                                                                              
-
-
-
-
-
@@ -107,25 +109,25 @@
 
                                                                                              Network Settings
                                                                                              Configure networking resources to allow node and containerized application access.
-
                                                                                              Table 2 Storage configuration parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              System Disk
                                                                                              
+
                                                                                              System Disk
                                                                                              
 
                                                                                              System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.
                                                                                              
-
                                                                                              Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
                                                                                              • Encryption is not selected by default.
                                                                                              • After setting System Disk Encryption to Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
                                                                                              
+
                                                                                              System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.
                                                                                              
+
                                                                                              Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                                              • Not encrypted is selected by default.
                                                                                              • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                              • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                                              
 
                                                                                              
                                                                                               		
 
                                                                                              Data Disk
                                                                                              
+
                                                                                              Data Disk
                                                                                              
 
                                                                                              At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                              
+
                                                                                              At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                              
 
                                                                                              • First data disk: used for container runtime and kubelet components. The value ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                              • Other data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                              
 
                                                                                               NOTE: 
                                                                                              • If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                                              • Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                                                                                              
 
                                                                                              
 
                                                                                              Advanced Settings
                                                                                              
-
                                                                                              Click Expand and configure the following parameters:
                                                                                              
-
                                                                                              • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                              • Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
                                                                                                • Encryption is not selected by default.
                                                                                                • After selecting Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
                                                                                                
+
                                                                                                Expand the area and configure the following parameters:
                                                                                                
+
                                                                                                • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                                • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. BMS nodes do not support data disk encryption that is available only in certain regions. For details, see the console.
                                                                                                  • Not encrypted is selected by default.
                                                                                                  • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                  • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                                                  
 
                                                                                                
 
                                                                                                Adding data disks
                                                                                                
-
                                                                                                A maximum of four data disks can be added. By default, raw disks are created without any processing. You can also click Expand and select any of the following options:
                                                                                                
-
                                                                                                • Default: By default, a raw disk is created without any processing.
                                                                                                • Mount Disk: The data disk is attached to a specified directory.
                                                                                                • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                                                                                                • Use as ephemeral volume: applicable when there is a high performance requirement on EmptyDir.
                                                                                                
+
                                                                                                A maximum of 16 data disks can be attached to an ECS and 10 to a BMS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:
                                                                                                
+
                                                                                                • Default: By default, a raw disk is created without any processing.
                                                                                                • Mount Disk: The data disk is attached to a specified directory.
                                                                                                • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                                                                                                • Use as ephemeral volume: applicable when there is a high performance requirement on emptyDir.
                                                                                                
 
                                                                                                 NOTE: 
                                                                                                • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                
 
                                                                                                
-
                                                                                                Local Persistent Volumes and Local EVs support the following write modes:
                                                                                                • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                                                                                                
+
                                                                                                Local PVs and local EVs can be written in the following modes:
                                                                                                • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                                                                                                
 
                                                                                                
 
                                                                                              		
 
                                                                                              
 
 
                                                                                              Table 3 Configuration parameters
                                                                                              Parameter
                                                                                              
+
                                                                                              
-
-
-
-
-
-
-
@@ -135,65 +137,65 @@
 
                                                                                              Advanced Settings
                                                                                              Configure advanced node capabilities such as labels, taints, and startup command.
-
                                                                                              Table 3 Configuration parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              VPC/Node Subnet
                                                                                              
+
                                                                                              VPC/Node Subnet
                                                                                              
 
                                                                                              The node subnet selected during cluster creation is used by default. You can choose another subnet instead.
                                                                                              
+
                                                                                              The node subnet selected during cluster creation is used by default. You can choose another subnet instead.
                                                                                              
                                                                                               		
 
                                                                                              Node IP Address
                                                                                              
+
                                                                                              Node IP Address
                                                                                              
 
                                                                                              IP address of the specified node. By default, the value is randomly allocated.
                                                                                              
+
                                                                                              IP address of the specified node. By default, the value is randomly allocated.
                                                                                              
                                                                                               		
 
                                                                                              EIP
                                                                                              
+
                                                                                              EIP
                                                                                              
 
                                                                                              An ECS without a bound EIP cannot access the Internet or be accessed by public networks.
                                                                                              
+
                                                                                              An ECS without a bound EIP cannot access the Internet or be accessed by public networks.
                                                                                              
 
                                                                                              The default value is Do not use. Use existing and Auto create are supported.
                                                                                              
                                                                                               		
 
                                                                                              
 
 
                                                                                              Table 4 Advanced configuration parameters
                                                                                              Parameter
                                                                                              
+
                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0365.html b/docs/cce/umn/cce_10_0365.html
index c9f6d9b9..10afc6c1 100644
--- a/docs/cce/umn/cce_10_0365.html
+++ b/docs/cce/umn/cce_10_0365.html
@@ -17,8 +17,7 @@
 
                                                                                              Configuring DNS for a Workload Using the Console
                                                                                              Kubernetes provides DNS-related configuration options for applications. The use of application's DNS configuration can effectively reduce unnecessary DNS queries in certain scenarios and improve service concurrency. The following procedure uses an Nginx application as an example to describe how to add DNS configurations for a workload on the console.
                                                                                              
 
                                                                                              1. Log in to the CCE console, access the cluster console, select Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                              2. Configure basic information about the workload. For details, see Creating a Workload.
                                                                                              3. In the Advanced Settings area, click the DNS tab and set the following parameters as required:
                                                                                                • DNS Policy: The DNS policies provided on the console correspond to the dnsPolicy field in the YAML file. For details, see Table 1.
                                                                                                  • Supplement defaults: corresponds to dnsPolicy=ClusterFirst. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks.
                                                                                                  • Replace defaults: corresponds to dnsPolicy=None. You must configure IP Address and Search Domain. Containers only use the user-defined IP address and search domain configurations for domain name resolution.
                                                                                                  • Inherit defaults: corresponds to dnsPolicy=Default. Containers use the domain name resolution configuration from the node that pods run on and cannot resolve the cluster-internal domain names.
                                                                                                  
 
                                                                                                • Optional Objects: The options parameters in the dnsConfig field. Each object may have a name property (required) and a value property (optional). After setting the properties, click confirm to add.
                                                                                                  • timeout: Timeout interval, in seconds.
                                                                                                  • ndots: Number of dots (.) that must be present in a domain name. If a domain name has dots fewer than this value, the operating system will look up the name in the search domain. If not, the name is a fully qualified domain name (FQDN) and will be tried first as an absolute name.
                                                                                                  
-
                                                                                                • IP Address: nameservers in the dnsConfig. You can configure the domain name server for the custom domain name. The value is one or a group of DNS IP addresses.
                                                                                                • Search Domain: searches in the dnsConfig. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                                                
-
                                                                                                
+
                                                                                              4. IP Address of DNS Server: nameservers in dnsConfig. You can configure a domain name server for a custom domain name. The value is one or a group of DNS IP addresses.
                                                                                              5. Search Domain: searches in the dnsConfig. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                                              6. Host Alias: Add the mapping between domain names and IP addresses to the local configuration file /etc/hosts of a pod for simplified local domain name resolution. For details, see Adding entries to Pod /etc/hosts with HostAliases
                                                                                                7. 
 
                                                                                              7. Click Create Workload.
                                                                                              
 
                                                                                              Configuring DNS Using the Workload YAML
                                                                                              When creating a workload using a YAML file, you can configure the DNS settings in the YAML. The following is an example for an Nginx application:
                                                                                              apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0367.html b/docs/cce/umn/cce_10_0367.html
index c61cef1a..7feab461 100644
--- a/docs/cce/umn/cce_10_0367.html
+++ b/docs/cce/umn/cce_10_0367.html
@@ -6,16 +6,16 @@
 
                                                                                              If you have particular proxy access requirements or need to access resources in other regions, you can customize a SAN. Typical domain name access scenarios:
                                                                                              
 
                                                                                              • Add the response domain name mapping when specifying the DNS domain name address in the host domain name configuration on the client, or configuring /etc/hosts on the client host.
                                                                                              • Use domain name access in the intranet. DNS allows you to configure mappings between cluster EIPs and custom domain names. After an EIP is updated, you can continue to use two-way authentication and the domain name to access the cluster without downloading the kubeconfig.json file again.
                                                                                              • Add A records on a self-built DNS server.
                                                                                              
 
                                                                                              
-
                                                                                              Constraints
                                                                                              This feature is available only to clusters of v1.19 and later.
                                                                                              
+
                                                                                              Prerequisites
                                                                                              A cluster of v1.19 or later is available.
                                                                                              
 
                                                                                              
-
                                                                                              Customizing a SAN
                                                                                              1. Log in to the CCE console.
                                                                                              2. Click the target cluster in the cluster list to go to the cluster details page.
                                                                                              3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, enter the IP address or domain name and click Save.
                                                                                                 
                                                                                                1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                                                
+
                                                                                                Customizing a SAN
                                                                                                1. Log in to the CCE console.
                                                                                                2. Click the name of the target cluster in the cluster list to go to the cluster Overview page.
                                                                                                3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, enter the IP address or domain name and click Save.
                                                                                                   
                                                                                                  1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                                                  
 
                                                                                                  2. A maximum of 128 domain names or IP addresses, separated by commas (,), are allowed.
                                                                                                  
 
                                                                                                  3. If a custom domain name needs to be bound to an EIP, ensure that an EIP has been configured.
                                                                                                  
 
                                                                                                  
 
                                                                                                
 
                                                                                                
 
                                                                                                Connecting to a Cluster Using the SAN
                                                                                                Using kubectl to access the cluster
                                                                                                
-
                                                                                                1. Download the kubeconfig.json file again after the SAN is modified.
                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                  2. On the Overview page, locate the Connection Info area, click Configure next to kubectl. On the page displayed, download the configuration file.
                                                                                                  
+
                                                                                                  1. Download the kubeconfig.json file again after the SAN is modified.
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                    2. On the Overview page, locate the Connection Info area, click Configure next to kubectl. On the page displayed, download the configuration file.
                                                                                                    
 
                                                                                                  2. Configure kubectl.
                                                                                                    1. Log in to your client and copy the kubeconfig.json file downloaded in 1.b to the /home directory on your client.
                                                                                                    2. Configure the kubectl authentication file.
                                                                                                      cd /home
 mkdir -p $HOME/.kube
 mv -f kubeconfig.json $HOME/.kube/config
                                                                                                      
@@ -24,8 +24,8 @@ mv -f kubeconfig.json $HOME/.kube/config
 
                                                                                                    
 
                                                                                                  
 
                                                                                                  Using an X.509 certificate to access the cluster
                                                                                                  
-
                                                                                                  1. After the SAN is modified, download the X509 certificate again.
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                    2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                                                                                    3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                                                                    
-
                                                                                                  2. Call native Kubernetes APIs using the cluster certificate.
                                                                                                    For example, run the curl command to call the APIs to view the pod information. In the following information, example.com:5443 indicates the custom SAN.
                                                                                                    
+
                                                                                                    1. After the SAN is modified, download the X509 certificate again.
                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                      2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                                                                                      3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                                                                      
+
                                                                                                    2. Call native Kubernetes APIs using the cluster certificate.
                                                                                                      For example, run the curl command to call an API to obtain the pod information. In the following information, example.com:5443 indicates the custom SAN.
                                                                                                      
 
                                                                                                      curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://example.com:5443/api/v1/namespaces/default/pods/
                                                                                                      
 
                                                                                                      For more cluster APIs, see Kubernetes API.
                                                                                                      
 
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0373.html b/docs/cce/umn/cce_10_0373.html
new file mode 100644
index 00000000..63f210e9
--- /dev/null
+++ b/docs/cce/umn/cce_10_0373.html
@@ -0,0 +1,362 @@
+
+
+
                                                                                                    Monitoring Custom Metrics Using Cloud Native Cluster Monitoring
                                                                                                    
+
                                                                                                    CCE provides the Cloud Native Cluster Monitoring add-on to monitor custom metrics using Prometheus.
                                                                                                    
+
                                                                                                    The following procedure uses an Nginx application as an example to describe how to use Prometheus to monitor custom metrics:
                                                                                                    
+
                                                                                                    1. Installing and Accessing Cloud Native Cluster Monitoring
                                                                                                      CCE provides an add-on that integrates Prometheus functions. You can install it with several clicks.
                                                                                                      
+
                                                                                                    2. Preparing an Application
                                                                                                      Prepare an application image. The application must provide a metric monitoring API for Prometheus to collect data, and the monitoring data must comply with the Prometheus specifications.
                                                                                                      
+
                                                                                                    3. Monitoring Custom Metrics
                                                                                                      Use the application image to deploy a workload in a cluster. Custom metrics will be automatically reported to Prometheus.
                                                                                                      
+
                                                                                                      Use one of the following methods to monitor custom metrics:
                                                                                                      
+
+
                                                                                                    
+
                                                                                                    Constraints
                                                                                                    • To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                                                    • Currently, metrics in the kube-system and monitoring namespaces cannot be collected when pod and service annotations are used. To collect metrics in the two namespaces, use PodMonitor and ServiceMonitor.
                                                                                                    • The nginx/nginx-prometheus-exporter:0.9.0 image is pulled for the Nginx application. You need to add an EIP for the node where the application is deployed or upload the image to SWR to prevent application deployment failures.
                                                                                                    
+
                                                                                                    
+
                                                                                                    Prometheus Monitoring Data Collection
                                                                                                    Prometheus periodically calls the metric monitoring API (/metrics by default) of an application to obtain monitoring data. The application needs to provide the metric monitoring API for Prometheus to call, and the monitoring data must meet the following specifications of Prometheus:
                                                                                                    
+
                                                                                                    # TYPE nginx_connections_active gauge
+nginx_connections_active 2
+# TYPE nginx_connections_reading gauge
+nginx_connections_reading 0
                                                                                                    
+
                                                                                                    Prometheus provides clients in various languages. For details about the clients, see Prometheus CLIENT LIBRARIES. For details about how to develop an exporter, see WRITING EXPORTERS. The Prometheus community provides various third-party exporters that can be directly used. For details, see EXPORTERS AND INTEGRATIONS.
                                                                                                    
+
                                                                                                    
+
                                                                                                    Installing and Accessing Cloud Native Cluster Monitoring
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                    2. In the navigation pane on the left, choose Add-ons. On the displayed page, locate the Cloud Native Cluster Monitoring add-on and click Install.
                                                                                                      When installing this add-on, pay attention to the following configurations. Configure other parameters as required. For details, see Cloud Native Cluster Monitoring.
                                                                                                      • For 3.8.0 or later, enable custom metric collection.
                                                                                                      • For 3.8.0 or earlier, do not enable custom metric collection.
                                                                                                      
+
                                                                                                      
+
                                                                                                    3. After this add-on is installed, deploy workloads and Services. The Prometheus server will be deployed as a StatefulSet in the monitoring namespace.
                                                                                                      You can create a public network LoadBalancer Service so that Prometheus can be accessed from external networks.
                                                                                                      
+
                                                                                                      1. Log in to the CCE console and click the name of the cluster with Prometheus installed to access the cluster console. In the navigation pane on the left, choose Services & Ingresses.
                                                                                                      2. Click Create from YAML in the upper right corner to create a public network LoadBalancer Service.
                                                                                                        apiVersion: v1
+kind: Service
+metadata:
+  name: prom-lb     # Service name, which is customizable.
+  namespace: monitoring
+  labels:
+    app: prometheus
+    component: server
+  annotations:
+    kubernetes.io/elb.id: 038ff***     # Replace 038ff*** with the ID of the public network load balancer in the VPC that the cluster belongs to.
+spec:
+  ports:
+    - name: cce-service-0
+      protocol: TCP
+      port: 88             # Service port, which is customizable.
+      targetPort: 9090     # Default Prometheus port. Retain the default value.
+  selector:                # The label selector can be adjusted based on the label of a Prometheus server instance.
+    app.kubernetes.io/name: prometheus
+    prometheus: server
+  type: LoadBalancer
                                                                                                        
+
                                                                                                      3. After the Service is created, enter Public IP address of the load balancer:Service port in the address box of the browser to access Prometheus.
                                                                                                      
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    Preparing an Application
                                                                                                    User-developed applications must provide a metric monitoring API, and the monitoring data must comply with the Prometheus specifications. For details, see Prometheus Monitoring Data Collection.
                                                                                                    
+
                                                                                                    This section uses Nginx as an example to describe how to collect monitoring data. There is a module named ngx_http_stub_status_module in Nginx, which provides basic monitoring functions. You can configure the nginx.conf file to provide an interface for external systems to access Nginx monitoring data.
                                                                                                    
+
                                                                                                    1. Log in to a Linux VM that can access to the Internet and run Docker commands.
                                                                                                    2. Create an nginx.conf file. Add the server configuration under http to enable Nginx to provide an interface for the external systems to access the monitoring data.
                                                                                                      user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+      listen 8080;
+      server_name  localhost;
+      location /stub_status {
+         stub_status on;
+         access_log off;
+      }
+    }
+}
                                                                                                      
+
                                                                                                    3. Use this configuration to create an image and a Dockerfile file.
                                                                                                      vi Dockerfile
                                                                                                      
+
                                                                                                      The content of Dockerfile is as follows:
                                                                                                      FROM nginx:1.21.5-alpine
+ADD nginx.conf /etc/nginx/nginx.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
                                                                                                      
+
                                                                                                      
+
                                                                                                    4. Use this Dockerfile to build an image and upload it to SWR. The image name is nginx:exporter. 
                                                                                                      1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. On the displayed dialog box, click Generate a temporary login command and click  to copy the command.
                                                                                                      2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                      3. Run the following command to build an image named nginx. The image version is exporter.
                                                                                                        docker build -t nginx:exporter .
                                                                                                        
+
                                                                                                      4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                                                                                        docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
+docker push {swr-address}/{group}/nginx:exporter
                                                                                                        
+
                                                                                                      
+
                                                                                                    5. View application metrics.
                                                                                                      1. Use nginx:exporter to create a workload.
                                                                                                      2. Access the container and use http://<ip_address>:8080/stub_status to obtain nginx monitoring data. <ip_address> indicates the IP address of the container. Information similar to the following is displayed.
                                                                                                        # curl http://127.0.0.1:8080/stub_status
+Active connections: 3 
+server accepts handled requests
+ 146269 146269 212 
+Reading: 0 Writing: 1 Waiting: 2
                                                                                                        
+
                                                                                                      
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    Method 1: Configuring Pod Annotations for Monitoring Custom Metrics
                                                                                                    When the annotation settings of pods comply with the Prometheus data collection rules, Prometheus automatically collects the metrics exposed by the pods.
                                                                                                    
+
                                                                                                    The format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. Convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter. Deploy nginx:exporter and nginx-prometheus-exporter in the same pod and add the following annotations during deployment. Then Prometheus can automatically collect metrics.
                                                                                                    
+
                                                                                                    kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: nginx-exporter
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-exporter
+  template:
+    metadata:
+      labels:
+        app: nginx-exporter
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9113"
+        prometheus.io/path: "/metrics"
+        prometheus.io/scheme: "http"
+    spec:
+      containers:
+        - name: container-0
+          image: 'nginx:exporter'      # Replace it with the address of the image you uploaded to SWR.
+          resources:
+            limits:
+              cpu: 250m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 512Mi
+        - name: container-1
+          image: 'nginx/nginx-prometheus-exporter:0.9.0'
+          command:
+            - nginx-prometheus-exporter
+          args:
+            - '-nginx.scrape-uri=http://127.0.0.1:8080/stub_status'
+      imagePullSecrets:
+        - name: default-secret
                                                                                                    
+
                                                                                                    Where,
                                                                                                    
+
                                                                                                    • prometheus.io/scrape indicates whether to enable Prometheus to collect pod monitoring data. The value is true.
                                                                                                    • prometheus.io/port indicates the port for collecting monitoring data, which varies depending on the application. In this example, the port is 9113.
                                                                                                    • prometheus.io/path indicates the URL of the API for collecting monitoring data. If this parameter is not set, the default value /metrics is used.
                                                                                                    • prometheus.io/scheme: protocol used for data collection. The value can be http or https.
                                                                                                    
+
                                                                                                    After the application is successfully deployed, access Prometheus to query custom metrics by job name.
                                                                                                    
+
                                                                                                    The custom metrics related to Nginx can be obtained. In the following, the job name indicates that the metrics are reported based on the pod configuration.
                                                                                                    
+
                                                                                                    nginx_connections_accepted{cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", container="container-0", instance="10.0.0.46:9113", job="monitoring/kubernetes-pods", kubernetes_namespace="default", kubernetes_pod="nginx-exporter-77bf4d4948-zsb59", namespace="default", pod="nginx-exporter-77bf4d4948-zsb59", prometheus="monitoring/server"}
                                                                                                    
+
                                                                                                    
+
                                                                                                    Method 2: Configuring Service Annotations for Monitoring Custom Metrics
                                                                                                    When the annotation settings of Services comply with the Prometheus data collection rules, Prometheus automatically collects the metrics exposed by the Services.
                                                                                                    
+
                                                                                                    You can use Service annotations in the same way as pod annotations. However, their application scenarios are different. Pod annotations focus on pod resource usage metrics while Service annotations focus on metrics such as requests for a Service.
                                                                                                    
+
                                                                                                    The following is an example configuration:
                                                                                                    
+
                                                                                                    kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: nginx-test
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-test
+  template:
+    metadata:
+      labels:
+        app: nginx-test
+    spec:
+      containers:
+        - name: container-0
+          image: 'nginx:exporter'      # Replace it with the address of the image you uploaded to SWR.
+          resources:
+            limits:
+              cpu: 250m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 512Mi
+        - name: container-1
+          image: 'nginx/nginx-prometheus-exporter:0.9.0'
+          command:
+            - nginx-prometheus-exporter
+          args:
+            - '-nginx.scrape-uri=http://127.0.0.1:8080/stub_status'
+      imagePullSecrets:
+        - name: default-secret
                                                                                                    
+
                                                                                                    The following is an example Service configuration:
                                                                                                    
+
                                                                                                    apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-test
+  labels:
+    app: nginx-test
+  namespace: default
+  annotations: 
+    prometheus.io/scrape: "true"  # Value true indicates that service discovery is enabled.
+    prometheus.io/port: "9113"  # Set it to the port on which metrics are exposed.
+    prometheus.io/path: "/metrics" # Enter the URI path under which metrics are exposed. Generally, the value is /metrics.
+spec:
+  selector:
+    app: nginx-test
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: cce-service-0
+      targetPort: 80
+      nodePort: 0
+      port: 8080
+      protocol: TCP
+    - name: cce-service-1
+      protocol: TCP
+      port: 9113
+      targetPort: 9113
+  type: NodePort
                                                                                                    
+
                                                                                                    After the application is successfully deployed, access Prometheus to query custom metrics. In the following, the Service name indicates the metrics are reported based on the Service configuration.
                                                                                                    
+
                                                                                                    nginx_connections_accepted{app="nginx-test", cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", instance="10.0.0.38:9113", job="nginx-test", kubernetes_namespace="default", kubernetes_service="nginx-test", namespace="default", pod="nginx-test-78cfb65889-gtv7z", prometheus="monitoring/server", service="nginx-test"}
                                                                                                    
+
                                                                                                    
+
                                                                                                    Method 3: Configuring PodMonitor for Monitoring Custom Metrics
                                                                                                    Cloud Native Cluster Monitoring allows you to configure metric collection tasks based on PodMonitor and ServiceMonitor. Prometheus Operator watches PodMonitor. The reload mechanism of Prometheus is used to trigger a hot update of the Prometheus collection tasks to the Prometheus instance.
                                                                                                    
+
                                                                                                    To use CRDs defined by Prometheus Operator on GitHub, visit https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/charts/crds/crds.
                                                                                                    
+
                                                                                                    The following is an example configuration:
                                                                                                    
+
                                                                                                    apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-test2
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-test2
+  template:
+    metadata:
+      labels:
+        app: nginx-test2
+    spec:
+      containers:
+      - image: nginx:exporter     # Replace it with the address of the image you uploaded to SWR.
+        name: container-0
+        ports:
+        - containerPort: 9113      # Port on which metrics are exposed.
+          name: nginx-test2        # Application name used when PodMonitor is configured.
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 250m
+            memory: 300Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      - name: container-1
+        image: 'nginx/nginx-prometheus-exporter:0.9.0'
+        command:
+          - nginx-prometheus-exporter
+        args:
+          - '-nginx.scrape-uri=http://127.0.0.1:8080/stub_status'
+      imagePullSecrets:
+        - name: default-secret
                                                                                                    
+
                                                                                                    The following is an example PodMonitor configuration:
                                                                                                    
+
                                                                                                    apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: podmonitor-nginx   # PodMonitor name
+  namespace: monitoring    # Namespace that PodMonitor belongs to. monitoring is recommended.
+spec:
+  namespaceSelector:       # An selector matching the namespace where the workload is located
+    matchNames:
+    - default              # Namespace that the workload belongs to
+  jobLabel: podmonitor-nginx
+  podMetricsEndpoints:
+  - interval: 15s 
+    path: /metrics            # Path under which metrics are exposed by the workload
+    port: nginx-test2         # Port on which metrics are exposed by the workload
+    tlsConfig:
+      insecureSkipVerify: true
+  selector:  
+    matchLabels:
+      app: nginx-test2   # Label carried by the pod, which can be selected by the selector
                                                                                                    
+
                                                                                                    After the application is successfully deployed, access Prometheus to query custom metrics. In the following, the job name indicates the metrics are reported based on the PodMonitor configuration.
                                                                                                    
+
                                                                                                    nginx_connections_accepted{cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", container="container-0", endpoint="nginx-test2", instance="10.0.0.44:9113", job="monitoring/podmonitor-nginx", namespace="default", pod="nginx-test2-746b7f8fdd-krzfp", prometheus="monitoring/server"}
                                                                                                    
+
                                                                                                    
+
                                                                                                    Method 4: Configuring ServiceMonitor for Monitoring Custom Metrics
                                                                                                    Cloud Native Cluster Monitoring allows you to configure metric collection tasks based on PodMonitor and ServiceMonitor. Prometheus Operator watches ServiceMonitor. The reload mechanism of Prometheus is used to trigger a hot update of the Prometheus collection tasks to the Prometheus instance.
                                                                                                    
+
                                                                                                    To use CRDs defined by Prometheus Operator on GitHub, visit https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/charts/crds/crds.
                                                                                                    
+
                                                                                                    The following is an example configuration:
                                                                                                    
+
                                                                                                    apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-test3
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-test3
+  template:
+    metadata:
+      labels:
+        app: nginx-test3
+    spec:
+      containers:
+      - image: nginx:exporter        # Replace it with the address of the image you uploaded to SWR.
+        name: container-0
+        resources:
+          limits:
+            cpu: 250m
+            memory: 300Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      - name: container-1
+        image: 'nginx/nginx-prometheus-exporter:0.9.0'
+        command:
+          - nginx-prometheus-exporter
+        args:
+          - '-nginx.scrape-uri=http://127.0.0.1:8080/stub_status'
+      imagePullSecrets:
+        - name: default-secret
                                                                                                    
+
                                                                                                    The following is an example Service configuration:
                                                                                                    
+
                                                                                                    apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-test3
+  labels:
+    app: nginx-test3
+  namespace: default
+spec:
+  selector:
+    app: nginx-test3
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: cce-service-0
+      targetPort: 80
+      nodePort: 0
+      port: 8080
+      protocol: TCP
+    - name: servicemonitor-ports
+      protocol: TCP
+      port: 9113
+      targetPort: 9113
+  type: NodePort
                                                                                                    
+
                                                                                                    The following is an example ServiceMonitor configuration:
                                                                                                    
+
                                                                                                    apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: servicemonitor-nginx
+  namespace: monitoring
+spec:
+  # Configure the name of the port on which metrics are exposed.
+  endpoints:
+  - path: /metrics
+    port: servicemonitor-ports
+  jobLabel: servicemonitor-nginx
+  # Application scope of a collection task. If this parameter is not set, the default value default is used.
+  namespaceSelector:
+    matchNames:
+    - default
+  selector:
+    matchLabels:
+      app: nginx-test3
                                                                                                    
+
                                                                                                    After the application is successfully deployed, access Prometheus to query custom metrics. In the following, the endpoint name indicates the metrics are reported based on the ServiceMonitor configuration.
                                                                                                    
+
                                                                                                    nginx_connections_accepted{cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", endpoint="servicemonitor-ports", instance="10.0.0.47:9113", job="nginx-test3", namespace="default", pod="nginx-test3-6f8bccd9-f27hv", prometheus="monitoring/server", service="nginx-test3"}
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    Parent topic: Best Practices
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0374.html b/docs/cce/umn/cce_10_0374.html
index 113ed289..48294711 100644
--- a/docs/cce/umn/cce_10_0374.html
+++ b/docs/cce/umn/cce_10_0374.html
@@ -17,7 +17,7 @@
 
                                                                                                    3. 
 
                                                                                                  3. Object Storage Service
                                                                                                    
 
                                                                                                    4. 
-
                                                                                                  4. Local Persistent Volumes
                                                                                                    
+
                                                                                                  5. Local PVs
                                                                                                    
 
                                                                                                    6. 
 
                                                                                                  6. Ephemeral Volumes
                                                                                                    
 
                                                                                                    7. 
diff --git a/docs/cce/umn/cce_10_0377.html b/docs/cce/umn/cce_10_0377.html
index 880e260c..ac03560f 100644
--- a/docs/cce/umn/cce_10_0377.html
+++ b/docs/cce/umn/cce_10_0377.html
@@ -2,7 +2,7 @@
 
 
                                                                                                    hostPath
                                                                                                    
 
                                                                                                    hostPath is used for mounting the file directory of the host where the container is located to the specified mount point of the container. If the container needs to access /etc/hosts, use hostPath to map /etc/hosts.
                                                                                                    
-
                                                                                                     
                                                                                                    • Avoid using hostPath volumes as much as possible, as they are prone to security risks. If hostPath volumes must be used, they can only be applied to files or paths and mounted in read-only mode.
                                                                                                    • After the pod to which a hostPath volume is mounted is deleted, the data in the hostPath volume is retained.
                                                                                                    
+
                                                                                                     
                                                                                                    • Avoid using hostPath volumes as much as possible, as they are prone to security risks. If hostPath volumes must be used, they can only be applied to files or directories and mounted in read-only mode.
                                                                                                    • After the pod to which a hostPath volume is mounted is deleted, the data in the hostPath volume is retained.
                                                                                                    
 
                                                                                                    
 
                                                                                                    Mounting a hostPath Volume on the Console
                                                                                                    You can mount a path on the host to a specified container path. A hostPath volume is usually used to store workload logs permanently or used by workloads that need to access internal data structure of the Docker engine on the host.
                                                                                                    
 
                                                                                                    1. Log in to the CCE console.
                                                                                                    2. When creating a workload, click Data Storage in Container Settings. Click Add Volume and choose hostPath from the drop-down list.
                                                                                                    3. Set parameters for adding a local volume, as listed in Table 1.
                                                                                                      
@@ -29,19 +29,19 @@
 
                                                                                              
-
-
@@ -49,7 +49,7 @@
 
                                                                                            4. After the configuration, click Create Workload.
                                                                                              5. 
-
                                                                                              Mounting a hostPath Volume Using kubectl
                                                                                              1. Use kubectl to connect to the cluster.
                                                                                              2. Create a file named nginx-hostpath.yaml and edit it.
                                                                                                vi nginx-hostpath.yaml
                                                                                                
+
                                                                                                Mounting a hostPath Volume Through kubectl
                                                                                                1. Use kubectl to access the cluster.
                                                                                                2. Create a file named nginx-hostpath.yaml and edit it.
                                                                                                  vi nginx-hostpath.yaml
                                                                                                  
 
                                                                                                  The content of the YAML file is as follows. Mount the /data directory on the node to the /data directory in the container.
                                                                                                  
 
                                                                                                  apiVersion: apps/v1
 kind: Deployment
@@ -71,7 +71,7 @@ spec:
           image: nginx:latest
           volumeMounts:
             - name: vol-hostpath         # Volume name, which must be the same as the volume name in the volumes field.
-              mountPath: /data           # Mount path in the container.
+              mountPath: /data           # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
diff --git a/docs/cce/umn/cce_10_0378.html b/docs/cce/umn/cce_10_0378.html
index 91b58481..3cccf002 100644
--- a/docs/cce/umn/cce_10_0378.html
+++ b/docs/cce/umn/cce_10_0378.html
@@ -5,7 +5,7 @@
 
                                                                                                  1. When a container is rebuilt, files in the container will be lost.
                                                                                                  2. When multiple containers run in a pod at the same time, files need to be shared among the containers.
                                                                                                  
 
                                                                                                  Kubernetes volumes resolve both of these problems. Volumes, as part of a pod, cannot be created independently and can only be defined in pods. All containers in a pod can access its volumes, but the volumes must have been mounted to any directory in a container.
                                                                                                  
 
                                                                                                  The following figure shows how a storage volume is used between containers in a pod.
                                                                                                  
-
                                                                                                  
+
                                                                                                  
 
                                                                                                  The basic principles for using volumes are as follows:
                                                                                                  
 
                                                                                                  • Multiple volumes can be mounted to a pod. However, do not mount too many volumes to a pod.
                                                                                                  • Multiple types of volumes can be mounted to a pod.
                                                                                                  • Each volume mounted to a pod can be shared among containers in the pod.
                                                                                                  • You are advised to use PVCs and PVs to mount volumes for Kubernetes.
                                                                                                  
 
                                                                                                   
                                                                                                  The lifecycle of a volume is the same as that of the pod to which the volume is mounted. When the pod is deleted, the volume is also deleted. However, files in the volume may outlive the volume, depending on the volume type.
                                                                                                  
@@ -21,7 +21,7 @@
 
                                                                                              
@@ -37,14 +37,14 @@
 
                                                                                              PV and PVC
                                                                                              Kubernetes provides PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) to abstract details of how storage is provided from how it is consumed. You can request specific size of storage when needed, just like pods can request specific levels of resources (CPU and memory).
                                                                                              
 
                                                                                              • PV: describes a persistent storage volume in a cluster. A PV is a cluster-level resource just like a node. It applies to the entire Kubernetes cluster. A PV has a lifecycle independent of any individual Pod that uses the PV.
                                                                                              • PVC: describes a request for storage by a user. When configuring storage for an application, claim a storage request (that is, PVC). Kubernetes selects a PV that best meets the request and binds the PV to the PVC. A PVC to PV binding is a one-to-one mapping. When creating a PVC, describe the attributes of the requested persistent storage, such as the storage size and read/write permission.
                                                                                              
 
                                                                                              You can bind PVCs to PVs in a pod so that the pod can use storage resources. The following figure shows the relationship between PVs and PVCs.
                                                                                              
-
                                                                                              Figure 1 PVC-to-PV binding
                                                                                              
+
                                                                                              Figure 1 PVC-to-PV binding
                                                                                              
 
                                                                                              CSI
                                                                                              CSI is a standard for container storage interfaces and a storage plugin implementation solution recommended by the Kubernetes community. Everest is a storage add-on developed based on CSI. It provides different types of persistent storage for containers.
                                                                                              
 
                                                                                              Volume Access Modes
                                                                                              Storage volumes can be mounted to the host system only in the mode supported by underlying storage resources. For example, a file storage system can be read and written by multiple nodes, but an EVS disk can be read and written by only one node.
                                                                                              
 
                                                                                              • ReadWriteOnce: A storage volume can be mounted to a single node in read-write mode.
                                                                                              • ReadWriteMany: A storage volume can be mounted to multiple nodes in read-write mode.
                                                                                              
 
-
                                                                                              Table 4 Advanced configuration parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Resource Tag
                                                                                              
+
                                                                                              Resource Tag
                                                                                              
 
                                                                                              You can add resource tags to classify resources.
                                                                                              
+
                                                                                              You can add resource tags to classify resources. A maximum of eight resource tags can be added.
                                                                                              
 
                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                              
-
                                                                                              CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                              
+
                                                                                              CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                                                              
                                                                                               		
 
                                                                                              Kubernetes Label
                                                                                              
+
                                                                                              Kubernetes Label
                                                                                              
 
                                                                                              A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.
                                                                                              
-
                                                                                              Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                              
+
                                                                                              A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.
                                                                                              
+
                                                                                              Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                              
                                                                                               		
 
                                                                                              Taint
                                                                                              
+
                                                                                              Taint
                                                                                              
 
                                                                                              This parameter is left blank by default. You can add taints to configure node anti-affinity. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                              • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                              • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                              • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                              
+
                                                                                              This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                              • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                              • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                                                                              • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                              
 
                                                                                              
 
                                                                                              For details, see Managing Node Taints.
                                                                                              
 
                                                                                               NOTE: 
                                                                                              For a cluster of v1.19 or earlier, the workload may have been scheduled to a node before the taint is added. To avoid such a situation, select a cluster of v1.19 or later.
                                                                                              
 
                                                                                              
                                                                                               		
 
                                                                                              Max. Pods
                                                                                              
+
                                                                                              Max. Pods
                                                                                              
 
                                                                                              Maximum number of pods that can run on the node, including the default system pods.
                                                                                              
+
                                                                                              Maximum number of pods that can run on the node, including the default system pods.
                                                                                              
 
                                                                                              This limit prevents the node from being overloaded with pods.
                                                                                              
 
                                                                                              This number is also decided by other factors. For details, see Maximum Number of Pods That Can Be Created on a Node.
                                                                                              
                                                                                               		
 
                                                                                              ECS Group
                                                                                              
+
                                                                                              ECS Group
                                                                                              
 
                                                                                              An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                                                                                              
+
                                                                                              An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                                                                                              
 
                                                                                              Anti-affinity: ECSs in an ECS group are deployed on different physical hosts to improve service reliability.
                                                                                              
 
                                                                                              Select an existing ECS group, or click Add ECS Group to create one. After the ECS group is created, click the refresh icon.
                                                                                              
                                                                                               		
 
                                                                                              Pre-installation Command
                                                                                              
+
                                                                                              Pre-installation Command
                                                                                              
 
                                                                                              Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. 
                                                                                              
+
                                                                                              Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                              
 
                                                                                              The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                              
                                                                                               		
 
                                                                                              Post-installation Command
                                                                                              
+
                                                                                              Post-installation Command
                                                                                              
 
                                                                                              Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. 
                                                                                              
+
                                                                                              Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                              
 
                                                                                              The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                                                              
 
                                                                                               NOTE: 
                                                                                              Do not run the reboot command in the post-installation script to restart the system immediately. To restart the system, run the shutdown -r 1 command to restart with a delay of one minute.
                                                                                              
 
                                                                                              
                                                                                               		
 
                                                                                              Agency
                                                                                              
+
                                                                                              Agency
                                                                                              
 
                                                                                              An agency is created by the account administrator on the IAM console. By creating an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                              
+
                                                                                              An agency is created by the account administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                              
 
                                                                                              If no agency is available, click Create Agency on the right to create one.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Mount Path
                                                                                              
                                                                                               		
 
                                                                                              Enter a mount path, for example, /tmp.
                                                                                              
-
                                                                                              This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                               NOTICE: 
                                                                                              If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                              
+
                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                               NOTICE: 
                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                              
 
                                                                                              
 
                                                                                              
 
                                                                                              		
 
                                                                                              
 
                                                                                              Subpath
                                                                                              
 
                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                              
+
                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Permission
                                                                                              
 
                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                              • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                              
+
                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                              • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                              
                                                                                               		
 
                                                                                              
                                                                                               
 
 
                                                                                              In-tree
                                                                                              
                                                                                               		
 
                                                                                              Maintained through the Kubernetes code repository and built, edited, and released with Kubernetes binary files. Kubernetes does not accept this volume type anymore.
                                                                                              
-
                                                                                              Kubernetes-native volumes such as HostPath, EmptyDir, Secret, and ConfigMap are all the in-tree type.
                                                                                              
+
                                                                                              Kubernetes-native volumes such as hostPath, emptyDir, Secret, and ConfigMap are all the in-tree type.
                                                                                              
 
                                                                                              PVCs are a special in-tree volume. Kubernetes uses this type of volume to convert from in-tree to out-of-tree. PVCs allow you to request for PVs created using the underlying storage resources provided by different storage vendors.
                                                                                              
                                                                                               		
 
                                                                                              
 
 
                                                                                              Table 1 Access modes supported by storage volumes
                                                                                              Storage Type
                                                                                              
+
                                                                                              
@@ -94,7 +94,7 @@
 
                                                                                              Mounting a Storage Volume
                                                                                              You can mount volumes in the following ways:
                                                                                              
 
                                                                                              Use PVs to describe existing storage resources, and then create PVCs to use the storage resources in pods. You can also use the dynamic creation mode. That is, specify the StorageClass when creating a PVC and use the provisioner in the StorageClass to automatically create a PV and bind the PV to the PVC.
                                                                                              
 
-
                                                                                              Table 1 Access modes supported by storage volumes
                                                                                              Volume Type
                                                                                              
                                                                                               		
 
                                                                                              ReadWriteOnce
                                                                                              
 
                                                                                              Table 2 Modes of mounting volumes
                                                                                              Mounting Mode
                                                                                              
+
                                                                                              
@@ -136,7 +136,7 @@
 
                                                                                              PV Reclaim Policy
                                                                                              A PV reclaim policy is used to delete or reclaim underlying volumes when a PVC is deleted. The value can be Delete or Retain.
                                                                                              
-
                                                                                              • Delete: Deleting a PVC will remove the PV from Kubernetes, so the associated underlying storage assets from the external infrastructure.
                                                                                              • Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV resources are in the Released state and cannot be directly bound to the PVC.
                                                                                                You can manually delete and reclaim volumes by performing the following operations:
                                                                                                
+
                                                                                                • Delete: Deleting a PVC will remove the PV from Kubernetes, and the associated underlying storage assets will also be removed from the external infrastructure.
                                                                                                • Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                  You can manually delete and reclaim volumes by performing the following operations:
                                                                                                  
 
                                                                                                  1. Delete the PV.
                                                                                                  2. Clear data on the associated underlying storage resources as required.
                                                                                                  3. Delete the associated underlying storage resources.
                                                                                                  
 
                                                                                                  To reuse the underlying storage resources, create a PV.
                                                                                                  
 
                                                                                                
@@ -170,8 +170,8 @@ metadata:
     everest.io/reclaim-policy: retain-volume-only
   name: pv-evs-test
   labels:
-    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
-    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
     - ReadWriteOnce
diff --git a/docs/cce/umn/cce_10_0379.html b/docs/cce/umn/cce_10_0379.html
index ae373b19..62f2c2af 100644
--- a/docs/cce/umn/cce_10_0379.html
+++ b/docs/cce/umn/cce_10_0379.html
@@ -1,18 +1,14 @@
 
 
 
                                                                                                Using an Existing OBS Bucket Through a Static PV
                                                                                                
-
                                                                                                This section describes how to use an existing Object Storage Service (OBS) bucket to statically create PVs and PVCs and implement data persistence and sharing in workloads.
                                                                                                
-
                                                                                                Prerequisites
                                                                                                
+
                                                                                                This section describes how to use an existing Object Storage Service (OBS) bucket to statically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                
+
                                                                                                Prerequisites
                                                                                                
 
                                                                                                
-
                                                                                                Constraints
                                                                                                • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                • CCE allows parallel file systems to be mounted using OBS SDKs or PVCs. If PVC mounting is used, the obsfs tool provided by OBS must be used. An obsfs resident process is generated each time an object storage volume generated from the parallel file system is mounted to a node, as shown in the following figure.
                                                                                                  Figure 1 obsfs resident process
                                                                                                  
-
                                                                                                  Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, an obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                  
-
                                                                                                   
                                                                                                  • An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to a parallel file system, the node will be unavailable. Control the number of pods mounted to a parallel file system on a single node.
                                                                                                  
-
                                                                                                  
-
                                                                                                • Kata containers do not support OBS volumes.
                                                                                                
-
                                                                                                • Multiple PVs can use the same OBS storage volume with the following restrictions:
                                                                                                  • Do not mount all PVCs/PVs that use the same underlying object storage volume to a pod. This leads to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle values of these PVs.
                                                                                                  • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                  • If underlying storage is repeatedly used, you are required to maintain data consistency. Enable isolation and protection for ReadWriteMany at the application layer and prevent multiple clients from writing the same file to prevent data overwriting and loss.
                                                                                                  
+
                                                                                                  Notes and Constraints
                                                                                                  • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                  • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                  • Kata containers do not support OBS volumes.
                                                                                                  • Hard links are not supported when common buckets are mounted.
                                                                                                  
+
                                                                                                  • Multiple PVs can use the same OBS storage volume with the following restrictions:
                                                                                                    • Do not mount the PVCs/PVs that use the same underlying OBS volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                    • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                    • If underlying storage is repeatedly used, you are required to maintain data consistency. Enable isolation and protection for ReadWriteMany at the application layer and prevent multiple clients from writing the same file to prevent data overwriting and loss.
                                                                                                    
 
                                                                                                  
 
                                                                                                  
-
                                                                                                  Using an Existing OBS Bucket on the Console
                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                  2. Statically create a PVC and PV.
                                                                                                    1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                      Using an Existing OBS Bucket on the Console
                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                      2. Statically create a PVC and PV.
                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                              Table 2 Modes of mounting volumes
                                                                                              Mount Mode
                                                                                              
                                                                                               		
 
                                                                                              Description
                                                                                              
                                                                                               		
 
 
                                                                                              
-
-
-
-
-
@@ -83,7 +79,7 @@
 
                                                                                            5. Click Create to create a PVC and a PV.
                                                                                              You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                              
 
                                                                                              6. 
-
                                                                                            6. Create an application.
                                                                                              1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                              2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                              3. Create an application.
                                                                                                1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
 
                                                                                              7. Parameter
                                                                                              
                                                                                               		
 
                                                                                              Description
                                                                                              
@@ -26,24 +22,24 @@
 
                                                                                              
 
                                                                                              PVC Name
                                                                                              
 
                                                                                              Enter the PVC name, which must be unique in the same namespace.
                                                                                              
+
                                                                                              Enter the PVC name, which must be unique in a namespace.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Creation Method
                                                                                              
 
                                                                                              • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV is available.
                                                                                              • If no underlying storage is available, select Dynamically provision. For details, see Using an OBS Bucket Through a Dynamic PV.
                                                                                              
-
                                                                                              In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                              
+
                                                                                              • If underlying storage is available, create a PV or use an existing PV to statically create a PVC.
                                                                                              • If no underlying storage is available, select Dynamically provision. For details, see Using an OBS Bucket Through a Dynamic PV.
                                                                                              
+
                                                                                              In this example, select Create new to create both a PV and PVC on the console.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              PVa
                                                                                              
 
                                                                                              Select an existing PV volume in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                              
+
                                                                                              Select an existing PV in the cluster. For details about how to create a PV, see "Creating a storage volume" in Related Operations.
                                                                                              
 
                                                                                              You do not need to specify this parameter in this example.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              OBSb
                                                                                              
 
                                                                                              Click Select OBS. On the displayed page, select the OBS storage that meets your requirements and click OK.
                                                                                              
+
                                                                                              Click Select OBS. On the displayed page, select the OBS volume that meets your requirements and click OK.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              PV Nameb
                                                                                              
@@ -59,13 +55,13 @@
 
                                                                                              Reclaim Policyb
                                                                                              
                                                                                               		
 
                                                                                              You can select Delete or Retain to specify the reclaim policy of the underlying storage when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                              
-
                                                                                               NOTE: 
                                                                                              If multiple PVs use the same OBS volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                              
+
                                                                                               NOTE: 
                                                                                              If multiple PVs use the same OBS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                              
 
                                                                                              
 
                                                                                              		
 
                                                                                              
 
                                                                                              Access Key (AK/SK)b
                                                                                              
 
                                                                                              Custom: Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                              
+
                                                                                              Custom (Recommended): Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                              
 
                                                                                              Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                              • Name: Enter a secret name.
                                                                                              • Namespace: Select the namespace where the secret is.
                                                                                              • Access Key (AK/SK): Upload a key file in .csv format. For details, see Obtaining an Access Key.
                                                                                              
 
                                                                                              
                                                                                               		
 
                                                                                              
-
@@ -110,7 +106,7 @@
 
-
@@ -123,33 +119,33 @@
 
                                                                                              
-
                                                                                              (kubectl) Using an Existing OBS Bucket
                                                                                              1. Use kubectl to access the cluster.
                                                                                              2. Create a PV.
                                                                                                1. Create the pv-obs.yaml file.
                                                                                                  apiVersion: v1
+
                                                                                                  Using an Existing OBS Bucket Through kubectl
                                                                                                  1. Use kubectl to access the cluster.
                                                                                                  2. Create a PV.
                                                                                                    1. Create the pv-obs.yaml file.
                                                                                                      apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
-  name: pv-obs       # PV name.
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The underlying volume is retained when the PV is deleted.
+  name: pv-obs       # PV name
 spec:
   accessModes:
   - ReadWriteMany    # Access mode. The value must be ReadWriteMany for OBS.
   capacity:
-    storage: 1Gi     # OBS volume capacity.
+    storage: 1Gi     # OBS volume capacity
   csi:
-    driver: obs.csi.everest.io        # Dependent storage driver for the mounting.
-    driver: obs.csi.everest.io        # Instance type.
-    volumeHandle: <your_volume_id>    # Name of the OBS volume.
+    driver: obs.csi.everest.io        # Dependent storage driver for the mounting
+    fsType: obsfs                     # Instance type
+    volumeHandle: <your_volume_id>    # Name of the OBS volume
     volumeAttributes:
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
       everest.io/obs-volume-type: STANDARD
-      everest.io/region: <your_region>                        # Region where the OBS volume is.
+      everest.io/region: <your_region>                        # Region where the OBS volume is
 
-    nodePublishSecretRef:            # Custom secret of the OBS volume.
-      name: <your_secret_name>       # Custom secret name.
-      namespace: <your_namespace>    # Namespace of the custom secret.
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-obs               # Storage class name.
-  mountOptions: []                         # Mount options.
                                                                                                      
+    nodePublishSecretRef:            # Custom secret of the OBS volume
+      name: <your_secret_name>       # Custom secret name
+      namespace: <your_namespace>    # Namespace of the custom secret
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy
+  storageClassName: csi-obs               # Storage class name
+  mountOptions: []                         # Mount options
                                                                                                  
 
 
                                                                                              Table 1 Mounting a storage volume
                                                                                              Parameter
                                                                                              
                                                                                               		
 
                                                                                              Description
                                                                                              
@@ -92,13 +88,13 @@
 
                                                                                              
 
                                                                                              PVC
                                                                                              
 
                                                                                              Select an existing object storage volume.
                                                                                              
+
                                                                                              Select an existing OBS volume.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Mount Path
                                                                                              
                                                                                               		
 
                                                                                              Enter a mount path, for example, /tmp.
                                                                                              
-
                                                                                              This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                               NOTICE: 
                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                              
+
                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                               NOTICE: 
                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                              
 
                                                                                              
 
                                                                                              
 
                                                                                              
 
                                                                                              Permission
                                                                                              
 
                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                              • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                              
+
                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                              • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                              
                                                                                               		
 
                                                                                              
                                                                                               
 
 
                                                                                              
@@ -164,8 +160,8 @@ spec:
 
-
@@ -267,7 +263,7 @@ spec:
     requests:
       storage: 1GistorageClassName: csi-obs       # Storage class name, which must be the same as that of the PV.
-  volumeName: pv-obs    # PV name.
+  volumeName: pv-obs    # PV name
                                                                                              Table 2 Key parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              No
                                                                                              
                                                                                               		
 
                                                                                              Optional.
                                                                                              
-
                                                                                              Currently, only retain-volume-only is supported.
                                                                                              
-
                                                                                              This field is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                              
+
                                                                                              Only retain-volume-only is supported.
                                                                                              
+
                                                                                              This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              fsType
                                                                                              
@@ -173,7 +169,7 @@ spec:
 
                                                                                              Yes
                                                                                              
                                                                                               		
 
                                                                                              Instance type. The value can be obsfs or s3fs.
                                                                                              
-
                                                                                              • obsfs: Parallel file system, which is mounted using obsfs (recommended).
                                                                                              • s3fs: Object bucket, which is mounted using s3fs.
                                                                                              
+
                                                                                              • obsfs: a parallel file system
                                                                                              • s3fs: object bucket
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              volumeHandle
                                                                                              
@@ -196,7 +192,7 @@ spec:
 
                                                                                              Yes
                                                                                              
                                                                                               		
 
                                                                                              Region where the OBS bucket is deployed.
                                                                                              
-
                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                              
+
                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              nodePublishSecretRef
                                                                                              
@@ -222,10 +218,10 @@ spec:
 
                                                                                              Yes
                                                                                              
                                                                                               		
 
                                                                                              A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                              
-
                                                                                              The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same OBS volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                              
+
                                                                                              The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same OBS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                              
 
                                                                                              Delete:
                                                                                              
-
                                                                                              • If everest.io/reclaim-policy is not specified, both the PV and storage resources are deleted when a PVC is deleted.
                                                                                              • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the storage resources are retained.
                                                                                              
-
                                                                                              Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                              
+
                                                                                              • If everest.io/reclaim-policy is not specified, both the PV and storage resources will be deleted when a PVC is deleted.
                                                                                              • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV will be deleted but the storage resources will be retained.
                                                                                              
+
                                                                                              Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              storage
                                                                                              
@@ -240,7 +236,7 @@ spec:
                                                                                               		
 
                                                                                              Yes
                                                                                              
 
                                                                                              The storage class name of OBS volumes is csi-obs.
                                                                                              
+
                                                                                              StorageClass name, which is csi-obs for an OBS volume.
                                                                                              
                                                                                               		
 
                                                                                              
 
   
 
 
                                                                                              
@@ -304,7 +300,7 @@ spec:
 
-
@@ -418,23 +414,23 @@ static
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0380.html b/docs/cce/umn/cce_10_0380.html
index 8ccc329b..8c643b79 100644
--- a/docs/cce/umn/cce_10_0380.html
+++ b/docs/cce/umn/cce_10_0380.html
@@ -11,7 +11,7 @@
 
                                                                                              # kubectl get sc
 NAME                PROVISIONER                     AGE
 csi-disk            everest-csi-provisioner         17d          # EVS disk
-csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delayed
+csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delay
 csi-nas             everest-csi-provisioner         17d          # SFS 1.0
 csi-obs             everest-csi-provisioner         17d          # OBS
 csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
                                                                                              
@@ -22,72 +22,72 @@ metadata:
 provisioner: everest-csi-provisionerparameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 is used by default.
+csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
   everest.io/disk-volume-type: SAS
   everest.io/passthrough: 'true'
 reclaimPolicy: DeleteallowVolumeExpansion: truevolumeBindingMode: Immediate
 
-
                                                                                              Table 3 Key parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              Yes
                                                                                              
                                                                                               		
 
                                                                                              Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                              
-
                                                                                              The storage class name of OBS volumes is csi-obs.
                                                                                              
+
                                                                                              StorageClass name, which is csi-obs for an OBS volume.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              volumeName
                                                                                              
@@ -338,14 +334,14 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-obs-volume    #Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+        - name: pvc-obs-volume    # Volume name, which must be the same as the volume name in the volumes field
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-obs-volume    # Volume name, which can be customized.
+        - name: pvc-obs-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-obs    # Name of the created PVC.
+            claimName: pvc-obs    # Name of the created PVC
 
                                                                                            7. Run the following command to create a workload to which the OBS volume is mounted:
                                                                                              kubectl apply -f web-demo.yaml
                                                                                              
 
                                                                                              After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                              
 
                                                                                              8. 
@@ -360,7 +356,7 @@ kubectl exec web-demo-846b489584-wvv5s -- ls /data
 
                                                                                              If no result is returned for both pods, no file exists in the /data path.
                                                                                              
 
 
                                                                                            8. Run the following command to create a file named static in the /data path:
                                                                                              kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                              
-
                                                                                            9. Run the following command to view the files in the /data path:
                                                                                              kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                              
+
                                                                                            10. Run the following command to check the files in the /data path:
                                                                                              kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                              
 
                                                                                              Expected output:
                                                                                              
 
                                                                                              static
                                                                                              
 
                                                                                            11. Verify data persistence.
                                                                                              1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                
@@ -374,7 +370,7 @@ web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
 
                                                                                              2. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                
 
                                                                                                Expected output:
                                                                                                
 
                                                                                                static
                                                                                                
-
                                                                                                If the static file still exists, the data can be stored persistently.
                                                                                                
+
                                                                                                The static file is retained, indicating that the data in the file system can be stored persistently.
                                                                                                
 
                                                                                              
 
                                                                                            12. Verify data sharing.
                                                                                              1. Run the following command to view the created pod:
                                                                                                kubectl get pod | grep web-demo
                                                                                                
 
                                                                                                Expected output:
                                                                                                web-demo-846b489584-d4d4j   1/1     Running   0             7m
@@ -407,9 +403,9 @@ static
                                                                                                
 
                                                                                              		13. 
 
                                                                                              Create a PV on the CCE console.
                                                                                              
 
                                                                                              1. Choose Storage in the navigation pane and click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                • Volume Type: Select OBS.
                                                                                                • OBS: Click Select OBS. On the displayed page, select the OBS storage that meets your requirements and click OK.
                                                                                                • PV Name: Enter the PV name, which must be unique in the same cluster.
                                                                                                • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                   NOTE: 
                                                                                                  If multiple PVs use the same underlying storage volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                  
+
                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                • Volume Type: Select OBS.
                                                                                                • OBS: Click Select OBS. On the displayed page, select the OBS volume that meets your requirements and click OK.
                                                                                                • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                   NOTE: 
                                                                                                  If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                  
 
                                                                                                  
-
                                                                                                • Access Key (AK/SK): Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                  Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                  
+
                                                                                                • Custom (Recommended): Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                  Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                  
 
                                                                                                • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring OBS Mount Options.
                                                                                                
 
                                                                                              2. Click Create.
                                                                                              
                                                                                               		
 
 
                                                                                              Update the access key of object storage on the CCE console.
                                                                                              
 
                                                                                              1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Update Access Key.
                                                                                              2. Upload a key file in .csv format. For details, see Obtaining an Access Key. Click OK.
                                                                                                 NOTE: 
                                                                                                After a global access key is updated, all pods mounted with the object storage that uses this access key can be accessed only after being restarted.
                                                                                                
+
                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Update Access Key.
                                                                                              2. Upload a key file in .csv format. For details, see Obtaining an Access Key. Click OK.
                                                                                                 NOTE: 
                                                                                                After a global access key is updated, all pods mounted with the object storage that uses this access key can be accessed only after being restarted.
                                                                                                
 
                                                                                                
 
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Viewing events
                                                                                              
 
                                                                                              You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                              
+
                                                                                              View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                              
 
                                                                                              1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                              2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                              
+
                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                              2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Viewing a YAML file
                                                                                              
 
                                                                                              You can view, copy, and download the YAML files of a PVC or PV.
                                                                                              
+
                                                                                              View, copy, or download the YAML file of a PVC or PV.
                                                                                              
 
                                                                                              1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                              2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                              
+
                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                              2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                              
                                                                                               		
 
                                                                                              
 
 
 
 
                                                                                              Table 1 Key parameters
                                                                                              Parameter
                                                                                              
+
                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                              Table 1 Key parameters
                                                                                              Parameter
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              provisioner
                                                                                              
+
                                                                                              provisioner
                                                                                              
 
                                                                                              Specifies the storage resource provider, which is the Everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                              
+
                                                                                              Specifies the storage resource provider, which is the Everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                              
                                                                                               		
 
                                                                                              parameters
                                                                                              
+
                                                                                              parameters
                                                                                              
 
                                                                                              Specifies the storage parameters, which vary with storage types. For details, see Table 2.
                                                                                              
+
                                                                                              Specifies the storage parameters, which vary with storage types. For details, see Table 2.
                                                                                              
                                                                                               		
 
                                                                                              reclaimPolicy
                                                                                              
+
                                                                                              reclaimPolicy
                                                                                              
 
                                                                                              Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                              
-
                                                                                              • Delete: indicates that a dynamically created PV will be automatically destroyed.
                                                                                              • Retain: indicates that a dynamically created PV will not be automatically destroyed.
                                                                                              
+
                                                                                              Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                              
+
                                                                                              • Delete: indicates that a dynamically created PV will be automatically deleted when the PVC is deleted.
                                                                                              • Retain: indicates that a dynamically created PV will be retained when the PVC is deleted.
                                                                                              
                                                                                               		
 
                                                                                              allowVolumeExpansion
                                                                                              
+
                                                                                              allowVolumeExpansion
                                                                                              
 
                                                                                              Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                              
+
                                                                                              Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                              
                                                                                               		
 
                                                                                              volumeBindingMode
                                                                                              
+
                                                                                              volumeBindingMode
                                                                                              
 
                                                                                              Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                              
+
                                                                                              Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                              
 
                                                                                              • Immediate: PV binding and dynamic creation are completed when a PVC is created.
                                                                                              • WaitForFirstConsumer: PV binding and creation are delayed. The PV creation and binding processes are executed only when the PVC is used in the workload.
                                                                                              
                                                                                               		
 
                                                                                              mountOptions
                                                                                              
+
                                                                                              mountOptions
                                                                                              
 
                                                                                              This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                              
+
                                                                                              This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                              
                                                                                               		
 
                                                                                              
                                                                                               
 
                                                                                              
 
                                                                                              
 
-
                                                                                              Table 2 Parameters
                                                                                              Volume Type
                                                                                              
+
                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -285,14 +285,14 @@ spec:
 
                                                                                              Custom Storage Class
                                                                                              This section uses the custom storage class of EVS disks as an example to describe how to define SAS EVS disk and SSD EVS disk as a storage class, respectively. For example, if you define a storage class named csi-disk-sas, which is used to create SAS storage, the differences are shown in the following figure. When compiling a YAML file, you only need to specify storageClassName.
                                                                                              
-
                                                                                              
+
                                                                                              
 
                                                                                              • You can customize a high I/O storage class in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: csi-disk-sas                          # Name of the high I/O storage class, which can be customized.
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 is used by default.
+csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
    everest.io/disk-volume-type: SAS            # High I/O EVS disk type, which cannot be customized.
   everest.io/passthrough: "true"
 provisioner: everest-csi-provisioner
@@ -305,7 +305,7 @@ metadata:
   name: csi-disk-ssd                       # Name of the ultra-high I/O storage class, which can be customized.
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 is used by default.
+csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
   everest.io/disk-volume-type: SSD         # Ultra-high I/O EVS disk type, which cannot be customized.
   everest.io/passthrough: "true"
 provisioner: everest-csi-provisioner
@@ -314,7 +314,7 @@ volumeBindingMode: Immediate
 allowVolumeExpansion: true
                                                                                                
 
                                                                                              
 
                                                                                              reclaimPolicy: indicates the reclaim policies of the underlying cloud storage. The value can be Delete or Retain.
                                                                                              
-
                                                                                              • Delete: When a PVC is deleted, both the PV and the EVS disk are deleted.
                                                                                              • Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                              
+
                                                                                              • Delete: When a PVC is deleted, both the PV and the EVS disk are deleted.
                                                                                              • Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                              
 
                                                                                              If high data security is required, select Retain to prevent data from being deleted by mistake.
                                                                                              
 
                                                                                              After the definition is complete, run the kubectl create commands to create storage resources.
                                                                                              
 
                                                                                              # kubectl create -f sas.yaml
diff --git a/docs/cce/umn/cce_10_0381.html b/docs/cce/umn/cce_10_0381.html
index 721103f2..5be36ad3 100644
--- a/docs/cce/umn/cce_10_0381.html
+++ b/docs/cce/umn/cce_10_0381.html
@@ -3,7 +3,7 @@
 
                                                                                              Snapshots and Backups
                                                                                              
 
                                                                                              CCE works with EVS to support snapshots. A snapshot is a complete copy or image of EVS disk data at a certain point of time, which can be used for data DR.
                                                                                              
 
                                                                                              You can create snapshots to rapidly save the disk data at a certain point of time. In addition, you can use snapshots to create disks so that the created disks will contain the snapshot data in the beginning.
                                                                                              
-
                                                                                              Precautions
                                                                                              • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                              • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being queried or set.
                                                                                              • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                              • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the Flexvolume storage class whose name is ssd, sas, or sata.
                                                                                              • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                              • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                              
+
                                                                                              Precautions
                                                                                              • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                              • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being checked or configured.
                                                                                              • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                              • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the FlexVolume storage class whose name is ssd, sas, or sata.
                                                                                              • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                              • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                              
 
                                                                                              
 
                                                                                              Application Scenarios
                                                                                              The snapshot feature helps address your following needs:
                                                                                              
 
                                                                                              • Routine data backup
                                                                                                You can create snapshots for EVS disks regularly and use snapshots to recover your data in case that data loss or data inconsistency occurred due to misoperations, viruses, or attacks.
                                                                                                
@@ -15,7 +15,7 @@
 
                                                                                              
 
                                                                                              
 
                                                                                              Creating a Snapshot
                                                                                              Using the CCE console
                                                                                              
-
                                                                                              1. Log in to the CCE console.
                                                                                              2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane and click the Snapshots and Backups tab.
                                                                                              3. Click Create Snapshot in the upper right corner. In the dialog box displayed, set related parameters.
                                                                                                • Snapshot Name: Enter a snapshot name.
                                                                                                • Storage: Select an EVS PVC.
                                                                                                
+
                                                                                                1. Log in to the CCE console.
                                                                                                2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane. In the right pane, click the Snapshots and Backups tab.
                                                                                                3. Click Create Snapshot in the upper right corner. In the dialog box displayed, set related parameters.
                                                                                                  • Snapshot Name: Enter a snapshot name.
                                                                                                  • Storage: Select an EVS PVC.
                                                                                                  
 
                                                                                                4. Click Create.
                                                                                                
 
                                                                                                Using YAML
                                                                                                
 
                                                                                                kind: VolumeSnapshot
@@ -33,7 +33,7 @@ spec:
 
                                                                                              
 
                                                                                              Using a Snapshot to Create a PVC
                                                                                              The disk type, encryption setting, and disk mode of the created EVS PVC are consistent with those of the snapshot's source EVS disk.
                                                                                              
 
                                                                                              Using the CCE console
                                                                                              
-
                                                                                              1. Log in to the CCE console.
                                                                                              2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane and click the Snapshots and Backups tab.
                                                                                              3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                                • PVC Name: Enter a PVC name.
                                                                                                • Resource Tag: Resource tags can be added to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                  You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                  
+
                                                                                                  1. Log in to the CCE console.
                                                                                                  2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane. In the right pane, click the Snapshots and Backups tab.
                                                                                                  3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                                    • PVC Name: Enter a PVC name.
                                                                                                    • Resource Tag: Resource tags can be added to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                      
 
                                                                                                      CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                      
 
                                                                                                    
 
                                                                                                  4. Click Create.
                                                                                                  
@@ -45,8 +45,8 @@ metadata:
   namespace: default
   annotations:
     everest.io/disk-volume-type: SSD     # EVS disk type, which must be the same as that of the snapshot's source EVS disk.
-    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
-    csi.storage.k8s.io/fstype: xfs    # (Optional) Configure this field when the snapshot file system type is xfs.
+    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+    csi.storage.k8s.io/fstype: xfs    # (Optional) Configure this field when the snapshot file system is of the xfs type.
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Replace the region with the one where the EVS disk is located.
     failure-domain.beta.kubernetes.io/zone: <your_zone>       # Replace the AZ with the one where the EVS disk is located.
diff --git a/docs/cce/umn/cce_10_0382.html b/docs/cce/umn/cce_10_0382.html
index 628bd270..126d0d37 100644
--- a/docs/cce/umn/cce_10_0382.html
+++ b/docs/cce/umn/cce_10_0382.html
@@ -3,7 +3,7 @@
 
                                                                                                  Configuring QoS for a Pod
                                                                                                  
 
                                                                                                  Scenario
                                                                                                  Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure QoS rate limiting for inter-pod access to prevent this problem.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Constraints
                                                                                                  The following shows constraints on setting the rate limiting for inter-pod access:
+
                                                                                                  Notes and Constraints
                                                                                                  The following shows constraints on setting the rate limiting for inter-pod access:
 
                                                                                              Table 2 Parameters
                                                                                              Volume Type
                                                                                              
 
                                                                                              Parameter
                                                                                              
+
                                                                                              Parameter
                                                                                              
 
                                                                                              Mandatory
                                                                                              
+
                                                                                              Mandatory
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              EVS
                                                                                              
+
                                                                                              EVS
                                                                                              
 
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
+
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
 
                                                                                              Yes
                                                                                              
+
                                                                                              Yes
                                                                                              
 
                                                                                              Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                              
+
                                                                                              Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              csi.storage.k8s.io/fstype
                                                                                              
@@ -114,13 +114,13 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                              The parameter value is fixed at true, which indicates that the EVS device type is SCSI. Other parameter values are not allowed.
                                                                                              
                                                                                               		
 
                                                                                              SFS
                                                                                              
+
                                                                                              SFS
                                                                                              
 
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
+
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
 
                                                                                              Yes
                                                                                              
+
                                                                                              Yes
                                                                                              
 
                                                                                              Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                              
+
                                                                                              Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              csi.storage.k8s.io/fstype
                                                                                              
@@ -159,13 +159,13 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                              This parameter is mandatory only when SFS 3.0 is used. The value is fixed at sfs3.0.
                                                                                              
                                                                                               		
 
                                                                                              SFS Turbo
                                                                                              
+
                                                                                              SFS Turbo
                                                                                              
 
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
+
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
 
                                                                                              Yes
                                                                                              
+
                                                                                              Yes
                                                                                              
 
                                                                                              Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                              
+
                                                                                              Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              csi.storage.k8s.io/fstype
                                                                                              
@@ -203,13 +203,13 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                              SFS Turbo storage class. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                              
                                                                                               		
 
                                                                                              OBS
                                                                                              
+
                                                                                              OBS
                                                                                              
 
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
+
                                                                                              csi.storage.k8s.io/csi-driver-name
                                                                                              
 
                                                                                              Yes
                                                                                              
+
                                                                                              Yes
                                                                                              
 
                                                                                              Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                              
+
                                                                                              Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              csi.storage.k8s.io/fstype
                                                                                              
@@ -217,7 +217,7 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                              Yes
                                                                                              
                                                                                               		
 
                                                                                              Instance type, which can be obsfs or s3fs.
                                                                                              
-
                                                                                              • obsfs: Parallel file system, which is mounted using obsfs (recommended).
                                                                                              • s3fs: Object bucket, which is mounted using s3fs.
                                                                                              
+
                                                                                              • obsfs: a parallel file system
                                                                                              • s3fs: object bucket
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              everest.io/obs-volume-type
                                                                                              
@@ -268,7 +268,7 @@ spec:
 
                                                                                              
 
                                                                                              When a user migrates services from a self-built Kubernetes cluster or other Kubernetes services to CCE, the storage class used in the original application YAML file is different from that used in CCE. As a result, a large number of YAML files or Helm chart packages need to be modified when the storage is used, which is complex and error-prone.
                                                                                              
 
                                                                                              Create a storage class with the same name as that in the original application YAML file in the CCE centralization. After the migration, you do not need to modify the storageClassName in the application YAML file.
                                                                                              
+
                                                                                              Create a storage class with the same name as that in the original application YAML file in the CCE cluster. After the migration, you do not need to modify the storageClassName in the application YAML file.
                                                                                              
 
                                                                                              For example, the EVS disk storage class used before the migration is disk-standard. After migrating services to a CCE cluster, you can copy the YAML file of the csi-disk storage class in the CCE cluster, change its name to disk-standard, and create another storage class.
                                                                                              
                                                                                               		
 
                                                                                              
 
 
                                                                                              Constraint Type
                                                                                              
                                                                                               		
 
                                                                                              Tunnel network model
                                                                                              
@@ -94,7 +94,7 @@ spec:
 
 
                                                                                              
 
                                                                                              
-
                                                                                              Parent topic: Container Network Settings
                                                                                              
+
                                                                                              Parent topic: Pod Network Settings
                                                                                              
 
                                                                                              
 
                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0384.html b/docs/cce/umn/cce_10_0384.html
index e145f32f..b42b25bd 100644
--- a/docs/cce/umn/cce_10_0384.html
+++ b/docs/cce/umn/cce_10_0384.html
@@ -4,7 +4,7 @@
 
                                                                                              Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly and resources, if not released, are wasted in non-peak hours. Especially for online jobs that request a large quantity of resources to ensure SLA, resource utilization can be as low as it gets.
                                                                                              
 
                                                                                              Resource oversubscription is the process of making use of idle requested resources. Oversubscribed resources are suitable for deploying offline jobs, which focus on throughput but have low SLA requirements and can tolerate certain failures.
                                                                                              
 
                                                                                              Hybrid deployment of online and offline jobs in a cluster can better utilize cluster resources.
                                                                                              
-
                                                                                              Figure 1 Resource oversubscription
                                                                                              
+
                                                                                              Figure 1 Resource oversubscription
                                                                                              
 
                                                                                              Features
                                                                                               
                                                                                              After dynamic resource oversubscription and elastic scaling are enabled in a node pool, oversubscribed resources change rapidly because the resource usage of high-priority applications changes in real time. To prevent frequent node scale-ins and scale-outs, do not consider oversubscribed resources when evaluating node scale-ins.
                                                                                              
 
                                                                                              
 
                                                                                              Hybrid deployment is supported, and CPU and memory resources can be oversubscribed. The key features are as follows:
                                                                                              
@@ -13,56 +13,56 @@
 
                                                                                              • Online jobs can use only non-oversubscribed resources if scheduled to an oversubscribed node.
                                                                                                Offline jobs can use both oversubscribed and non-oversubscribed resources of an oversubscribed node.
                                                                                                
 
                                                                                              
 
                                                                                              • In the same scheduling period, online jobs take precedence over offline jobs.
                                                                                                If both online and offline jobs exist, online jobs are scheduled first. When the node resource usage exceeds the upper limit and the node requests exceed 100%, offline jobs will be evicted.
                                                                                                
-
                                                                                              • CPU/Memory isolation is provided by kernels.
                                                                                                CPU isolation: Online jobs can quickly preempt CPU resources of offline jobs and suppress the CPU usage of the offline jobs.
                                                                                                
+
                                                                                              • CPU/Memory resources can be isolation by kernel.
                                                                                                CPU isolation: Online jobs can quickly preempt CPU resources of offline jobs and suppress the CPU usage of the offline jobs.
                                                                                                
 
                                                                                                Memory isolation: When system memory resources are used up and OOM Kill is triggered, the kernel evicts offline jobs first.
                                                                                                
-
                                                                                              • kubelet offline jobs admission rules:
                                                                                                After the pod is scheduled to a node, kubelet starts the pod only when the node resources can meet the pod request (predicateAdmitHandler.Admit). kubelet starts the pod when both of the following conditions are met:
                                                                                                
+
                                                                                              • kubelet offline jobs obey the following admission rules:
                                                                                                After the pod is scheduled to a node, kubelet starts the pod only when the node resources can meet the pod request (predicateAdmitHandler.Admit). kubelet starts the pod when both of the following conditions are met:
                                                                                                
 
                                                                                                • The total request of pods to be started and online running jobs < allocatable nodes
                                                                                                • The total request of pods to be started and online/offline running job < allocatable nodes+oversubscribed nodes
                                                                                                
-
                                                                                              • Resource oversubscription and hybrid deployment:
                                                                                                If only hybrid deployment is used, configure the label volcano.sh/colocation=true for the node and delete the node label volcano.sh/oversubscription or set its value to false.
                                                                                                
-
                                                                                                If the label volcano.sh/colocation=true is configured for a node, hybrid deployment is enabled. If the label volcano.sh/oversubscription=true is configured, resource oversubscription is enabled. The following table lists the available feature combinations after hybrid deployment or resource oversubscription is enabled.
-
                                                                                                Hybrid Deployment Enabled (volcano.sh/colocation=true)
                                                                                                
+
                                                                                              • Resource oversubscription and hybrid deployment can be configured separately.
                                                                                                Enabling hybrid deployment of a node pool also enables oversubscription by default. Nodes are then labeled with both volcano.sh/colocation="true" and volcano.sh/oversubscription="true". To use hybrid deployment for both online and offline jobs without oversubscription, simply disable oversubscription in hybrid deployment settings. This will remove the volcano.sh/oversubscription="true" label.
                                                                                                
+
                                                                                                The following table lists the features that can be used after hybrid deployment or oversubscription is enabled.
+
                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -71,11 +71,11 @@
 
-
                                                                                                kubelet Oversubscription 
                                                                                                 
                                                                                                Specifications
                                                                                                • Cluster version
                                                                                                  • v1.19: v1.19.16-r4 or later
                                                                                                  • v1.21: v1.21.7-r0 or later
                                                                                                  • v1.23: v1.23.5-r0 or later
                                                                                                  • v1.25 or later
                                                                                                  
-
                                                                                                • Cluster type: CCE Standard or CCE Turbo
                                                                                                • Node OS: EulerOS 2.9 (kernel-4.18.0-147.5.1.6.h729.6.eulerosv2r9.x86_64)or HCE OS 2.0
                                                                                                • Node type: ECS
                                                                                                • Volcano version: 1.7.0 or later
                                                                                                
+
                                                                                                Compatible kubelet Oversubscription
                                                                                                 
                                                                                                Specifications
                                                                                                • Cluster version
                                                                                                  • v1.19: v1.19.16-r4 or later
                                                                                                  • v1.21: v1.21.7-r0 or later
                                                                                                  • v1.23: v1.23.5-r0 or later
                                                                                                  • v1.25 or later
                                                                                                  
+
                                                                                                • Cluster type: CCE standard or CCE Turbo
                                                                                                • Node OS: EulerOS 2.9 (kernel-4.18.0-147.5.1.6.h729.6.eulerosv2r9.x86_64) or HCE OS 2.0
                                                                                                • Node type: ECS
                                                                                                • Volcano version: 1.7.0 or later
                                                                                                
 
                                                                                                
-
                                                                                                Constraints
                                                                                                • Before enabling oversubscription, ensure that the overcommit add-on is not enabled on Volcano.
                                                                                                • Modifying the label of an oversubscribed node does not affect the running pods.
                                                                                                • Running pods cannot be converted between online and offline services. To convert services, you need to rebuild pods.
                                                                                                • If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the Volcano add-on. Otherwise, the scheduling of oversold nodes will be abnormal. Ensure that you have correctly configure labels because the scheduler does not check the add-on and node configurations. For details, see Table 1.
                                                                                                • To disable oversubscription, perform the following operations:
                                                                                                  • Remove the volcano.sh/oversubscription label from the oversubscribed node.
                                                                                                  • Set over-subscription-resource to false.
                                                                                                  • Modify the configmap of Volcano Scheduler named volcano-scheduler-configmap and remove the oversubscription add-on.
                                                                                                  
-
                                                                                                • If cpu-manager-policy is set to static core binding on a node, do not assign the QoS class of Guaranteed to offline pods. If core binding is required, change the pods to online pods. Otherwise, offline pods may occupy the CPUs of online pods, causing online pod startup failures, and offline pods fail to be started although they are successfully scheduled.
                                                                                                • If cpu-manager-policy is set to static core binding on a node, do not bind cores to all online pods. Otherwise, online pods occupy all CPU or memory resources, leaving a small number of oversubscribed resources.
                                                                                                
+
                                                                                                Constraints
                                                                                                • Before enabling oversubscription, ensure that the overcommit add-on is not enabled on Volcano.
                                                                                                • Modifying the label of an oversubscribed node does not affect the running pods.
                                                                                                • Running pods cannot be converted between online and offline services. To convert services, rebuild pods.
                                                                                                • If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the Volcano add-on. Otherwise, the scheduling of oversold nodes will be abnormal. Ensure that you have correctly configure labels because the scheduler does not check the add-on and node configurations. For details, see Table 1.
                                                                                                • To disable oversubscription, perform the following operations:
                                                                                                  • Remove the volcano.sh/oversubscription label from the oversubscribed node.
                                                                                                  • Set over-subscription-resource to false.
                                                                                                  • Modify the configmap of Volcano Scheduler named volcano-scheduler-configmap and remove the oversubscription add-on.
                                                                                                  
+
                                                                                                • If you have set cpu-manager-policy to statically bind CPU cores on a node, do not assign the QoS class of Guaranteed to offline pods. This is because offline pods may occupy the CPUs of online pods, leading to an online pod startup failure and offline pods failing to start even though they have been successfully scheduled. To prevent this, switch the pods to online pods if CPU core binding is required.
                                                                                                • If cpu-manager-policy is set to static CPU core binding on a node, do not bind CPU cores to all online pods. This is because doing so can cause online pods to occupy all available CPU or memory resources, leaving only a small number of oversubscribed resources.
                                                                                                
 
                                                                                                
 
                                                                                                
 
                                                                                                
@@ -121,8 +121,8 @@
 
                                                                                                Hybrid Deployment
                                                                                                
 
                                                                                                Resource Oversubscription Enabled (volcano.sh/oversubscription=true)
                                                                                                
+
                                                                                                Oversubscription
                                                                                                
 
                                                                                                Resource Oversubscription
                                                                                                
+
                                                                                                Oversubscription Resource
                                                                                                
 
                                                                                                When Offline Pod Eviction Triggered (Using Annotations to Configure Limits)
                                                                                                
+
                                                                                                Scenario for Evicting Offline Pods
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                No
                                                                                                
+
                                                                                                No
                                                                                                
 
                                                                                                No
                                                                                                
+
                                                                                                No
                                                                                                
 
                                                                                                No
                                                                                                
+
                                                                                                No
                                                                                                
 
                                                                                                None
                                                                                                
+
                                                                                                No
                                                                                                
                                                                                                 		
 
                                                                                                Yes
                                                                                                
+
                                                                                                Yes
                                                                                                
 
                                                                                                No
                                                                                                
+
                                                                                                No
                                                                                                
 
                                                                                                No
                                                                                                
+
                                                                                                No
                                                                                                
 
                                                                                                The actual resource usage of a node exceeds the upper limit.
                                                                                                
+
                                                                                                The actual resource usage of a node exceeds the upper limit.
                                                                                                
                                                                                                 		
 
                                                                                                No
                                                                                                
+
                                                                                                No
                                                                                                
 
                                                                                                Yes
                                                                                                
+
                                                                                                Yes
                                                                                                
 
                                                                                                Yes
                                                                                                
+
                                                                                                Yes
                                                                                                
 
                                                                                                The actual resource usage of a node exceeds the upper limit and the pod requests on the node exceed 100%.
                                                                                                
+
                                                                                                The actual resource usage of a node exceeds the upper limit and the pod requests on the node exceed 100%.
                                                                                                
                                                                                                 		
 
                                                                                                Yes
                                                                                                
+
                                                                                                Yes
                                                                                                
 
                                                                                                Yes
                                                                                                
+
                                                                                                Yes
                                                                                                
 
                                                                                                Yes
                                                                                                
+
                                                                                                Yes
                                                                                                
 
                                                                                                The actual resource usage of a node exceeds the upper limit.
                                                                                                
+
                                                                                                The actual resource usage of a node exceeds the upper limit.
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
 
                                                                                                
 
                                                                                                
 
                                                                                                
-
                                                                                                1. Configure the Volcano add-on.
                                                                                                  1. Use kubectl to access the cluster.
                                                                                                  2. Install the Volcano add-on and add the oversubscription add-on to volcano-scheduler-configmap. Ensure that the add-on configuration does not contain the overcommit add-on. If - name: overcommit exists, delete this configuration. In addition, set enablePreemptable and enableJobStarving of the gang add-on to false and configure a preemption action.
                                                                                                    # kubectl edit cm volcano-scheduler-configmap -n kube-system
-apiVersion: v1
+
                                                                                                    1. Use kubectl to access the cluster.
                                                                                                    2. Check the Volcano configuration.
                                                                                                      kubectl edit cm volcano-scheduler-configmap -n kube-system
                                                                                                      
+
                                                                                                      Check the oversubscription configuration in volcano-scheduler-configmap. Ensure that the add-on configuration does not contain the overcommit add-on. If - name: overcommit exists, delete this configuration.
                                                                                                      ...
 data:
   volcano-scheduler.conf: |
     actions: "allocate, backfill, preempt"   # Configure a preemption action.
@@ -142,8 +142,9 @@ data:
     - plugins:
       - name: cce-gpu-topology-predicate
       - name: cce-gpu-topology-priority
-      - name: cce-gpu
                                                                                                      
-
                                                                                                    
+      - name: cce-gpu
+...
                                                                                                    
+
 
                                                                                                  3. Enable node oversubscription.
                                                                                                    A label can be configured to use oversubscribed resources only after the oversubscription feature is enabled for a node. Related nodes can be created only in a node pool. To enable the oversubscription feature, perform the following steps:
                                                                                                    
 
                                                                                                    1. Create a node pool.
                                                                                                    2. Choose Manage in the Operation column of the created node pool.
                                                                                                    3. On the Manage Configurations page, enable Node oversubscription feature (over-subscription-resource) and click OK.
                                                                                                    
 
                                                                                                  4. Set the node oversubscription label.
                                                                                                    The volcano.sh/oversubscription label needs to be configured for an oversubscribed node. If this label is set for a node and the value is true, the node is an oversubscribed node. Otherwise, the node is not an oversubscribed node.
                                                                                                    
@@ -159,39 +160,39 @@ Labels:           ...
 Annotations:      ...
                   volcano.sh/evicting-cpu-high-watermark: 70
 
-
                                                                                                    Table 2 Node oversubscription annotations
                                                                                                    Name
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
@@ -205,7 +206,7 @@ apiVersion: scheduling.k8s.io/v1
 description: Used for high priority pods
 kind: PriorityClass
 metadata:
-  name: production
+  name: volcano-production
 preemptionPolicy: PreemptLowerPriority
 value: 999999
 ---
@@ -213,13 +214,13 @@ apiVersion: scheduling.k8s.io/v1
 description: Used for low priority pods
 kind: PriorityClass
 metadata:
-  name: testing
+  name: volcano-free
 preemptionPolicy: PreemptLowerPriority
-value: -99999
+value: -90000
  
 EOF
-
                                                                                                  5. Deploy online and offline jobs and configure priorityClasses for these jobs.
                                                                                                    The volcano.sh/qos-level label needs to be added to annotation to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is a high-priority job, that is, online job. You do not need to set this label for online jobs. For both online and offline jobs, set schedulerName to volcano to enable Volcano Scheduler.
                                                                                                    
-
                                                                                                     
                                                                                                    The priorities of online/online and offline/offline jobs are not differentiated, and the value validity is not verified. If the value of volcano.sh/qos-level of an offline job is not a negative integer ranging from -7 to 0, the job is processed as an online job.
                                                                                                    
+
                                                                                                  6. Deploy online and offline jobs and configure priorityClasses for these jobs.
                                                                                                    The volcano.sh/qos-level annotation needs to be added to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is an online job. You do not need to set this annotation for online jobs. For both online and offline jobs, set schedulerName to volcano to enable Volcano.
                                                                                                    
+
                                                                                                     
                                                                                                    The priorities between online jobs and between offline jobs are not differentiated, and the value validity is not verified. If the value of volcano.sh/qos-level of an offline job is not a negative integer ranging from -7 to 0, the job is processed as an online job.
                                                                                                    
 
                                                                                                    
 
                                                                                                    For an offline job:
                                                                                                    
 
                                                                                                    kind: Deployment
@@ -230,10 +231,10 @@ spec:
     metadata:
       annotations:
         metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
-        volcano.sh/qos-level: "-1"       # Offline job label
+        volcano.sh/qos-level: "-1"       # Offline job annotation
     spec:
       schedulerName: volcano             # Volcano is used.
-      priorityClassName: testing         # Configure the testing priorityClass.
+      priorityClassName: volcano-free         # volcano-free priorityClass
       ...
                                                                                                    
 
                                                                                                    For an online job:
                                                                                                    
 
                                                                                                    kind: Deployment
@@ -246,7 +247,7 @@ spec:
         metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
     spec:
       schedulerName: volcano          # Volcano is used.
-      priorityClassName: production   # Configure the production priorityClass.
+      priorityClassName: volcano-production   # volcano-production priorityClass
       ...
                                                                                                    
 
                                                                                                  7. Run the following command to check the number of oversubscribed resources and the resource usage:
                                                                                                    kubectl describe node <nodeIP>
                                                                                                    
 
                                                                                                    # kubectl describe node 192.168.0.0
@@ -266,7 +267,7 @@ Allocated resources:
   --------           --------      ------
   cpu                 4950m (126%)  4950m (126%)
   memory             1712Mi (27%)  1712Mi (27%)
                                                                                                    
-
                                                                                                    In the preceding command, CPU and memory are in the unit of mCPUs and MiB, respectively.
                                                                                                    
+
                                                                                                    In the preceding command, CPU and memory are in the unit of m CPU cores and MiB, respectively.
                                                                                                    
 
                                                                                                    8. Deployment Example
                                                                                                    The following uses an example to describe how to deploy online and offline jobs in hybrid mode.
                                                                                                    
 
                                                                                                    1. Configure a cluster with two nodes, one oversubscribed and the other non-oversubscribed.
                                                                                                      # kubectl get node
@@ -298,7 +299,7 @@ spec:
         volcano.sh/qos-level: "-1"       # Offline job label
     spec:
       schedulerName: volcano             # Volcano is used.
-      priorityClassName: testing         # Configure the testing priorityClass.
+      priorityClassName: volcano-free         # volcano-free priorityClass
       containers:
         - name: container-1
           image: nginx:latest
@@ -334,7 +335,7 @@ spec:
         app: online
     spec:
       schedulerName: volcano                 # Volcano is used.
-      priorityClassName: production          # Configure the production priorityClass.
+      priorityClassName: volcano-production          # volcano-production priorityClass
       containers:
         - name: container-1
           image: resource_consumer:latest
@@ -379,7 +380,7 @@ spec:
                 values:
                 - 192.168.0.173
       schedulerName: volcano                 # Volcano is used.
-      priorityClassName: production          # Configure the production priorityClass.
+      priorityClassName: volcano-production          # volcano-production priorityClass
       containers:
         - name: container-1
           image: resource_consumer:latest
@@ -401,7 +402,7 @@ offline-69cdd49bf4-z8kxh  1/1     Running     0      13m   192.168.10.131   192.
 online-6f44bb68bd-b8z9p  1/1     Running     0     3m4s   192.168.10.18   192.168.0.173 
 online-6f44bb68bd-g6xk8  1/1     Running     0     3m12s   192.168.10.69   192.168.0.173
                                                                                                      
 
                                                                                                    
-
                                                                                                    Check the oversubscribed node with IP address 192.168.0.173. It is found that resources are oversubscribed, where there are 2343 mCPUs and 3073653200 MiB of memory. Additionally, the CPU allocation rate exceeded 100%.
                                                                                                    # kubectl describe node 192.168.0.173
+
                                                                                                    Check the oversubscribed node with IP address 192.168.0.173. It is found that resources are oversubscribed, where there are 2343m CPU cores and 3073653200 MiB of memory. Additionally, the CPU allocation rate exceeded 100%.
                                                                                                    # kubectl describe node 192.168.0.173
 Name:              192.168.0.173
 Roles:              <none>
 Labels:              …
diff --git a/docs/cce/umn/cce_10_0385.html b/docs/cce/umn/cce_10_0385.html
index d462816a..4d741bb6 100644
--- a/docs/cce/umn/cce_10_0385.html
+++ b/docs/cce/umn/cce_10_0385.html
@@ -2,7 +2,7 @@
 
 
                                                                                                    Using Annotations to Balance Load
                                                                                                    
 
                                                                                                    Table 2 Node oversubscription annotations
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    volcano.sh/evicting-cpu-high-watermark
                                                                                                    
+
                                                                                                    volcano.sh/evicting-cpu-high-watermark
                                                                                                    
 
                                                                                                    Upper limit for CPU usage. When the CPU usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                    
+
                                                                                                    Upper limit for CPU usage. When the CPU usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                    
 
                                                                                                    The default value is 80, indicating that offline job eviction is triggered when the CPU usage of a node exceeds 80%.
                                                                                                    
                                                                                                     		
 
                                                                                                    volcano.sh/evicting-cpu-low-watermark
                                                                                                    
+
                                                                                                    volcano.sh/evicting-cpu-low-watermark
                                                                                                    
 
                                                                                                    Lower limit for CPU usage. After eviction is triggered, the scheduling starts again when the CPU usage of a node is lower than the specified value.
                                                                                                    
-
                                                                                                    The default value is 30, indicating that scheduling starts again when the CPU usage of a node is lower than 30%.
                                                                                                    
+
                                                                                                    Lower limit for CPU usage. When the CPU usage of a node is higher than the upper limit, offline jobs will be evicted. The node accepts the offline jobs again only when the CPU usage of the node is lower than the lower limit.
                                                                                                    
+
                                                                                                    The default value is 30, indicating that offline jobs are accepted again when the CPU usage of a node is lower than 30%.
                                                                                                    
                                                                                                     		
 
                                                                                                    volcano.sh/evicting-memory-high-watermark
                                                                                                    
+
                                                                                                    volcano.sh/evicting-memory-high-watermark
                                                                                                    
 
                                                                                                    Upper limit for memory usage. When the memory usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                    
+
                                                                                                    Upper limit for memory usage. When the memory usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                    
 
                                                                                                    The default value is 60, indicating that offline job eviction is triggered when the memory usage of a node exceeds 60%.
                                                                                                    
                                                                                                     		
 
                                                                                                    volcano.sh/evicting-memory-low-watermark
                                                                                                    
+
                                                                                                    volcano.sh/evicting-memory-low-watermark
                                                                                                    
 
                                                                                                    Lower limit for memory usage. After eviction is triggered, the scheduling starts again when the memory usage of a node is lower than the specified value.
                                                                                                    
-
                                                                                                    The default value is 30, indicating that the scheduling starts again when the memory usage of a node is less than 30%.
                                                                                                    
+
                                                                                                    Lower limit for memory usage. When the memory usage of a node is higher than the upper limit, offline jobs will be evicted. The node accepts the offline jobs again only when the memory usage of the node is lower than the lower limit.
                                                                                                    
+
                                                                                                    The default value is 30, indicating that offline jobs are accepted again when the memory usage of a node is less than 30%.
                                                                                                    
                                                                                                     		
 
                                                                                                    volcano.sh/oversubscription-types
                                                                                                    
+
                                                                                                    volcano.sh/oversubscription-types
                                                                                                    
 
                                                                                                    Oversubscribed resource type. Options:
                                                                                                    
+
                                                                                                    Oversubscribed resource type. Options:
                                                                                                    
 
                                                                                                    • cpu: oversubscribed CPU
                                                                                                    • memory: oversubscribed memory
                                                                                                    • cpu,memory: oversubscribed CPU and memory
                                                                                                    
 
                                                                                                    The default value is cpu,memory.
                                                                                                    
                                                                                                     		
 
                                                                                                    
@@ -42,7 +42,7 @@
 
-
-
-
@@ -203,7 +203,7 @@ kind: Service
 metadata: 
   name: nginx
   annotations:
-    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: union                   # Load balancer type
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
     kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
@@ -242,7 +242,7 @@ spec:
 
-
@@ -251,10 +251,10 @@ spec:
 
-
-
                                                                                                    Table 1 Annotations for interconnecting with ELB
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.autocreate
                                                                                                    
 
                                                                                                    Table 9
                                                                                                    
+
                                                                                                    Table 13
                                                                                                    
                                                                                                     		
 
                                                                                                    Mandatory when load balancers are automatically created.
                                                                                                    
 
                                                                                                    Example:
                                                                                                    
@@ -87,7 +87,7 @@ kind: Service
 metadata: 
   name: nginx
   annotations:
-    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: performance                        # Load balancer type
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
 spec:
@@ -139,7 +139,7 @@ metadata:
     kubernetes.io/elb.autocreate: '{
       "type": "public",
       "bandwidth_name": "cce-bandwidth-1626694478577",
-      "bandwidth_chargemode": "traffic",
+      "bandwidth_chargemode": "traffic",
       "bandwidth_size": 5,
       "bandwidth_sharetype": "PER",
       "eip_type": "5_bgp",
@@ -178,7 +178,7 @@ spec:
                                                                                                     		
 
                                                                                                    String
                                                                                                    
 
                                                                                                    Source IP address-based sticky session is supported. That is, access requests from the same IP address are forwarded to the same backend server.
                                                                                                    
+
                                                                                                    Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                    
 
                                                                                                    • Disabling sticky session: Do not configure this parameter.
                                                                                                    • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                    
 
                                                                                                     NOTE: 
                                                                                                    When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP hash), sticky session cannot be enabled.
                                                                                                    
 
                                                                                                    
@@ -188,7 +188,7 @@ spec:
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.session-affinity-option
                                                                                                    
 
                                                                                                    Table 12
                                                                                                    
+
                                                                                                    Table 16
                                                                                                    
                                                                                                     		
 
                                                                                                    Sticky session timeout.
                                                                                                    
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.health-check-option
                                                                                                    
 
                                                                                                    Table 10
                                                                                                    
+
                                                                                                    Table 14
                                                                                                    
                                                                                                     		
 
                                                                                                    ELB health check configuration items.
                                                                                                    
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.health-check-options
                                                                                                    
 
                                                                                                    Table 11
                                                                                                    
+
                                                                                                    Table 15
                                                                                                    
 
                                                                                                    ELB health check configuration item. Each Service port can be configured separately, and you can configure only some ports.
                                                                                                    
-
                                                                                                     NOTE: 
                                                                                                    kubernetes.io/elb.health-check-option and kubernetes.io/elb.health-check-options cannot be configured at the same time.
                                                                                                    
+
                                                                                                    ELB health check configuration items. Each Service port can be configured separately, and you can configure only some ports.
                                                                                                    
+
                                                                                                     NOTE: 
                                                                                                    Either kubernetes.io/elb.health-check-option or kubernetes.io/elb.health-check-options can be configured.
                                                                                                    
 
                                                                                                    
                                                                                                     		
 
                                                                                                    v1.19.16-r5 or later
                                                                                                    
@@ -271,9 +271,9 @@ kind: Service
 metadata: 
   name: nginx
   annotations:
-    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: union                   # Load balancer type
-    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
       "delay":"5",
@@ -289,7 +289,7 @@ spec:
     protocol: TCP 
     targetPort: 80
   type: LoadBalancer
-
                                                                                                  8. For details about how to use kubernetes.io/elb.health-check-options, see Configuring Health Check on Multiple Service Ports.
                                                                                                    9. 
+
                                                                                                  9. For details about how to use kubernetes.io/elb.health-check-options, see Configuring Health Check on Multiple Ports of a LoadBalancer Service.
                                                                                                    10. 
 
 
                                                                                                    HTTP or HTTPS
                                                                                                    
 
                                                                                                    
-
@@ -326,39 +326,66 @@ spec:
 
                                                                                                    Table 4 Annotations for using HTTP or HTTPS
                                                                                                    Parameter
                                                                                                    
@@ -306,9 +306,9 @@ spec:
 
 
                                                                                                    String
                                                                                                    
 
                                                                                                    If a Service is HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port",
                                                                                                    
+
                                                                                                    If a Service is HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port".
                                                                                                    
 
                                                                                                    where,
                                                                                                    
-
                                                                                                    • protocol: specifies the protocol used by the listener port. The value can be http or https.
                                                                                                    • ports: service ports specified by spec.ports[].port.
                                                                                                    
+
                                                                                                    • protocol: specifies the protocol used by the listener port. The value can be http or https.
                                                                                                    • ports: Service ports specified by spec.ports[].port.
                                                                                                    
                                                                                                     		
 
                                                                                                    v1.19.16 or later
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    
-
                                                                                                    For details, see Configuring an HTTP or HTTPS Service.
                                                                                                    
+
                                                                                                    For details, see Configuring HTTP/HTTPS for a LoadBalancer Service.
                                                                                                    
 
                                                                                                    
-
                                                                                                    Dynamic Adjustment of the Weight of the Backend ECS
                                                                                                    
-
                                                                                                    Table 5 Annotations for dynamically adjusting the weight of the backend ECS
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    SNI
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
                                                                                                    Table 5 Annotations for using SNIs
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
 
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.adaptive-weight
                                                                                                    
+
                                                                                                    kubernetes.io/elb.tls-certificate-ids
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Dynamically adjust the weight of the ELB backend ECS based on the number pods on the node. The requests received by each pod are more balanced.
                                                                                                    
-
                                                                                                    • true: enabled
                                                                                                    • false: disabled
                                                                                                    
-
                                                                                                    This parameter applies only to clusters of v1.21 or later and is invalid in passthrough networking.
                                                                                                    
+
                                                                                                    In ELB, the IDs of SNI certificates that must contain a domain name are separated by commas (,).
                                                                                                    
+
                                                                                                    To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                    
 
                                                                                                    v1.21 or later
                                                                                                    
+
                                                                                                    v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                    
                                                                                                     		
 
                                                                                                    
                                                                                                     
 
                                                                                                    
 
                                                                                                    
+
                                                                                                    HTTPS must be enabled. For details, see Configuring SNI for a LoadBalancer Service.
                                                                                                    
+
                                                                                                    
+
                                                                                                    Dynamic Adjustment of the Weight of the Backend ECS
                                                                                                    
+
                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 6 Annotations for dynamically adjusting the weight of the backend ECS
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    Type
                                                                                                    
+
                                                                                                    Description
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    kubernetes.io/elb.adaptive-weight
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    Dynamically adjust the weight of the load balancer backend server based on the number pods on the server. In this way, the requests received by each pod are more balanced.
                                                                                                    
+
                                                                                                    • true: enabled
                                                                                                    • false: disabled
                                                                                                    
+
                                                                                                    v1.21 or later
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                     
                                                                                                    This parameter is invalid in passthrough networking, where dedicated load balancers are used in a CCE Turbo cluster.
                                                                                                    
+
                                                                                                    
 
                                                                                                    The following shows how to use the preceding annotations:
                                                                                                    apiVersion: v1 
 kind: Service 
 metadata: 
   name: nginx
   annotations:
-    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: union                   # Load balancer type
     kubernetes.io/elb.adaptive-weight: 'true'                   # Enable dynamic adjustment of the weight of the backend ECS.
 spec:
@@ -373,50 +400,116 @@ spec:
 
                                                                                                    
 
                                                                                                    
 
                                                                                                    Passthrough Capability
                                                                                                    
-
                                                                                                    Table 6 Annotations for passthrough capability
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
                                                                                                    Table 7 Annotations for passthrough capability
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
 
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.pass-through
                                                                                                    
+
                                                                                                    kubernetes.io/elb.pass-through
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Whether the access requests from within the cluster to the Service pass through the ELB load balancer.
                                                                                                    
+
                                                                                                    Whether the access requests from within the cluster to the Service pass through the ELB load balancer.
                                                                                                    
 
                                                                                                    v1.19 or later
                                                                                                    
+
                                                                                                    v1.19 or later
                                                                                                    
                                                                                                     		
 
                                                                                                    
                                                                                                     
 
                                                                                                    
 
                                                                                                    
-
                                                                                                    For details, see Enabling Passthrough Networking for LoadBalancer Services.
                                                                                                    
+
                                                                                                    For details, see Configuring Passthrough Networking for a LoadBalancer Service.
                                                                                                    
 
-
                                                                                                    Host Network
                                                                                                    
-
                                                                                                    Table 7 Annotations for host network
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    Blocklist/Trustlist
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 8 Annotations for ELB access control
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
 
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    kubernetes.io/hws-hostNetwork
                                                                                                    
+
                                                                                                    kubernetes.io/elb.acl-id
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    If the pod uses hostNetwork, the ELB forwards the request to the host network after this annotation is used.
                                                                                                    
+
                                                                                                    • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                    • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                    • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                      How to obtain:
                                                                                                      
+
                                                                                                      Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                      
+
                                                                                                    
+
                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                    
+
                                                                                                    kubernetes.io/elb.acl-status
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                    
+
                                                                                                    • on: Access control is enabled.
                                                                                                    • off: Access control is disabled.
                                                                                                    
+
                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                    
+
                                                                                                    kubernetes.io/elb.acl-type
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                    
+
                                                                                                    • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                    • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                    
+
                                                                                                    v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    The following shows how to use the preceding annotations:
                                                                                                    apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                    # Load balancer ID. Replace it with the actual value.
+    kubernetes.io/elb.class: performance                   # Load balancer type
+    kubernetes.io/elb.acl-id: <your_acl_id>               # ID of an IP address group for accessing a load balancer
+    kubernetes.io/elb.acl-status: 'on'                    # Enable access control.
+    kubernetes.io/elb.acl-type: 'white'                   # Trustlist for access control
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    Host Network
                                                                                                    
+
                                                                                                    
+
+
+
+
+
+
+
+
-
@@ -427,7 +520,7 @@ kind: Service
 metadata: 
   name: nginx
   annotations:
-    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: union                   # Load balancer type
     kubernetes.io/hws-hostNetwork: 'true'                     # The load balancer forwards the request to the host network.
 spec:
@@ -442,181 +535,256 @@ spec:
 
                                                                                                    Timeout
                                                                                                    
-
                                                                                                    Table 9 Annotations for host network
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    Type
                                                                                                    
+
                                                                                                    Description
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    kubernetes.io/hws-hostNetwork
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    If the pod uses hostNetwork, the ELB forwards the request to the host network after this annotation is used.
                                                                                                    
 
                                                                                                    Options:
                                                                                                    
-
                                                                                                    • true: enabled
                                                                                                    • false (default): disabled
                                                                                                    
+
                                                                                                    • true: enabled
                                                                                                    • false (default): disabled
                                                                                                    
 
                                                                                                    v1.9 or later
                                                                                                    
+
                                                                                                    v1.9 or later
                                                                                                    
                                                                                                     		
 
                                                                                                    
                                                                                                     
 
 
                                                                                                    Table 8 Annotation for configuring timeout
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 10 Annotation for configuring timeout
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
 
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    kubernetes.io/elb.keepalive_timeout
                                                                                                    
+
                                                                                                    kubernetes.io/elb.keepalive_timeout
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                    
+
                                                                                                    Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                    
 
                                                                                                    Value:
                                                                                                    
-
                                                                                                    • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                    • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 10 to 4000 (in seconds). The default value is 60.
                                                                                                    • For UDP listeners, this parameter does not take effect. 
                                                                                                    
+
                                                                                                    • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                    • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                    • For UDP listeners, this parameter does not take effect. 
                                                                                                    
 
                                                                                                    Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                    
+
                                                                                                    Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                    
 
                                                                                                    Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                    
                                                                                                     		
 
                                                                                                    kubernetes.io/elb.client_timeout
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    Timeout for waiting for a request from a client. There are two cases:
                                                                                                    
+
                                                                                                    • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                    • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                    
+
                                                                                                    The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                    
+
                                                                                                    v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                    
+
                                                                                                    kubernetes.io/elb.member_timeout
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                    
+
                                                                                                    The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                    
+
                                                                                                    v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                    
+
                                                                                                    
                                                                                                     
 
                                                                                                    
 
                                                                                                    
-
                                                                                                    For details, see Configuring Timeout for a Service.
                                                                                                    
+
                                                                                                    For details, see Configuring Timeout for a LoadBalancer Service.
                                                                                                    
 
-
                                                                                                    Parameters for Automatically Creating a Load Balancer
                                                                                                    
-
                                                                                                    Table 9 elb.autocreate data structure
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    Resource Tags
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
+
+
+
                                                                                                    Table 11 Annotations
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Mandatory
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Description
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    name
                                                                                                    
+
                                                                                                    kubernetes.io/elb.tags
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    Add resource tags to a load balancer. This parameter can be configured only when a load balancer is automatically created.
                                                                                                    
+
                                                                                                    A tag is in the format of "key=value". Use commas (,) to separate multiple tags.
                                                                                                    
 
                                                                                                    Name of the automatically created load balancer.
                                                                                                    
+
                                                                                                    v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    For details, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                                    
+
                                                                                                    
+
                                                                                                    HTTP/2
                                                                                                    
+
                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 12 Annotations of using HTTP/2
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    Type
                                                                                                    
+
                                                                                                    Description
                                                                                                    
+
                                                                                                    Supported Cluster Version
                                                                                                    
+
                                                                                                    kubernetes.io/elb.http2-enable
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                    
+
                                                                                                    Options:
                                                                                                    
+
                                                                                                    • true: enabled
                                                                                                    • false: disabled (default value)
                                                                                                    
+
                                                                                                    Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                    
+
                                                                                                    v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                    
+
                                                                                                    
+
                                                                                                    
+
                                                                                                    For details, see Configuring HTTP/2 for a LoadBalancer Service.
                                                                                                    
+
                                                                                                    
+
                                                                                                    Parameters for Automatically Creating a Load Balancer
                                                                                                    
+
                                                                                                    
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -638,63 +806,63 @@ spec:
 
                                                                                                    Table 13 elb.autocreate data structure
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    Mandatory
                                                                                                    
+
                                                                                                    Type
                                                                                                    
+
                                                                                                    Description
                                                                                                    
+
                                                                                                    name
                                                                                                    
+
                                                                                                    No
                                                                                                    
+
                                                                                                    String
                                                                                                    
+
                                                                                                    Name of the automatically created load balancer.
                                                                                                    
 
                                                                                                    The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                    
 
                                                                                                    Default: cce-lb+service.UID
                                                                                                    
                                                                                                     		
 
                                                                                                    type
                                                                                                    
+
                                                                                                    type
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Network type of the load balancer.
                                                                                                    
+
                                                                                                    Network type of the load balancer.
                                                                                                    
 
                                                                                                    • public: public network load balancer
                                                                                                    • inner: private network load balancer
                                                                                                    
 
                                                                                                    Default: inner
                                                                                                    
                                                                                                     		
 
                                                                                                    bandwidth_name
                                                                                                    
+
                                                                                                    bandwidth_name
                                                                                                    
 
                                                                                                    Yes for public network load balancers
                                                                                                    
+
                                                                                                    Yes for public network load balancers
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                    
+
                                                                                                    Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                    
 
                                                                                                    The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                    
                                                                                                     		
 
                                                                                                    bandwidth_chargemode
                                                                                                    
+
                                                                                                    bandwidth_chargemode
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Bandwidth mode.
                                                                                                    
+
                                                                                                    Bandwidth mode.
                                                                                                    
 
                                                                                                    • traffic: billed by traffic
                                                                                                    
-
                                                                                                    Default: traffic
                                                                                                    
+
                                                                                                    Default: traffic
                                                                                                    
                                                                                                     		
 
                                                                                                    bandwidth_size
                                                                                                    
+
                                                                                                    bandwidth_size
                                                                                                    
 
                                                                                                    Yes for public network load balancers
                                                                                                    
+
                                                                                                    Yes for public network load balancers
                                                                                                    
 
                                                                                                    Integer
                                                                                                    
+
                                                                                                    Integer
                                                                                                    
 
                                                                                                    Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                    
+
                                                                                                    Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                    
 
                                                                                                    The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                    • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                    • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                    • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                    
 
                                                                                                    
                                                                                                     		
 
                                                                                                    bandwidth_sharetype
                                                                                                    
+
                                                                                                    bandwidth_sharetype
                                                                                                    
 
                                                                                                    Yes for public network load balancers
                                                                                                    
+
                                                                                                    Yes for public network load balancers
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Bandwidth sharing mode.
                                                                                                    
+
                                                                                                    Bandwidth sharing mode.
                                                                                                    
 
                                                                                                    • PER: dedicated bandwidth
                                                                                                    
                                                                                                     		
 
                                                                                                    eip_type
                                                                                                    
+
                                                                                                    eip_type
                                                                                                    
 
                                                                                                    Yes for public network load balancers
                                                                                                    
+
                                                                                                    Yes for public network load balancers
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    EIP type.
                                                                                                    
+
                                                                                                    EIP type.
                                                                                                    
 
                                                                                                    • 5_bgp: dynamic BGP
                                                                                                    
 
                                                                                                    The specific type varies with regions. For details, see the EIP console.
                                                                                                    
                                                                                                     		
 
                                                                                                    vip_subnet_cidr_id
                                                                                                    
+
                                                                                                    vip_subnet_cidr_id
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                    
+
                                                                                                    Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                    
 
                                                                                                    If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                    
 
                                                                                                    This field can be specified only for clusters of v1.21 or later.
                                                                                                    
                                                                                                     		
 
                                                                                                    vip_address
                                                                                                    
+
                                                                                                    vip_address
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                    
+
                                                                                                    Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                    
 
                                                                                                    The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                    
 
                                                                                                    This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                    
                                                                                                     		
 
                                                                                                    available_zone
                                                                                                    
+
                                                                                                    available_zone
                                                                                                    
 
                                                                                                    Yes
                                                                                                    
+
                                                                                                    Yes
                                                                                                    
 
                                                                                                    Array of strings
                                                                                                    
+
                                                                                                    Array of strings
                                                                                                    
 
                                                                                                    AZ where the load balancer is located.
                                                                                                    
+
                                                                                                    AZ where the load balancer is located.
                                                                                                    
 
                                                                                                    You can obtain all supported AZs by getting the AZ list.
                                                                                                    
 
                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                    
                                                                                                     		
 
                                                                                                    l4_flavor_name
                                                                                                    
+
                                                                                                    l4_flavor_name
                                                                                                    
 
                                                                                                    Yes
                                                                                                    
+
                                                                                                    Yes
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Flavor name of the layer-4 load balancer.
                                                                                                    
+
                                                                                                    Flavor name of the layer-4 load balancer.
                                                                                                    
 
                                                                                                    You can obtain all supported types by getting the flavor list.
                                                                                                    
 
                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                    
                                                                                                     		
 
                                                                                                    l7_flavor_name
                                                                                                    
+
                                                                                                    l7_flavor_name
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Flavor name of the layer-7 load balancer.
                                                                                                    
+
                                                                                                    Flavor name of the layer-7 load balancer.
                                                                                                    
 
                                                                                                    You can obtain all supported types by getting the flavor list.
                                                                                                    
 
                                                                                                    This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                    
                                                                                                     		
 
                                                                                                    elb_virsubnet_ids
                                                                                                    
+
                                                                                                    elb_virsubnet_ids
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    Array of strings
                                                                                                    
+
                                                                                                    Array of strings
                                                                                                    
 
                                                                                                    Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                    
+
                                                                                                    Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                    
 
                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                    
 
                                                                                                    Example:
                                                                                                    
 
                                                                                                    "elb_virsubnet_ids": [
@@ -624,13 +792,13 @@ spec:
  ]
                                                                                                    
                                                                                                     		
 
                                                                                                    ipv6_vip_virsubnet_id
                                                                                                    
+
                                                                                                    ipv6_vip_virsubnet_id
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                    
+
                                                                                                    Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                    
 
                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    
 
-
                                                                                                    Table 10 elb.health-check-option data structure
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -703,84 +871,84 @@ spec:
 
                                                                                                    Table 14 elb.health-check-option data structure
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Mandatory
                                                                                                    
+
                                                                                                    Mandatory
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    delay
                                                                                                    
+
                                                                                                    delay
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check interval (s)
                                                                                                    
+
                                                                                                    Health check interval (s)
                                                                                                    
 
                                                                                                    Value range: 1 to 50. Default value: 5
                                                                                                    
                                                                                                     		
 
                                                                                                    timeout
                                                                                                    
+
                                                                                                    timeout
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check timeout, in seconds.
                                                                                                    
+
                                                                                                    Health check timeout, in seconds.
                                                                                                    
 
                                                                                                    Value range: 1 to 50. Default value: 10
                                                                                                    
                                                                                                     		
 
                                                                                                    max_retries
                                                                                                    
+
                                                                                                    max_retries
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Maximum number of health check retries.
                                                                                                    
+
                                                                                                    Maximum number of health check retries.
                                                                                                    
 
                                                                                                    Value range: 1 to 10. Default value: 3
                                                                                                    
                                                                                                     		
 
                                                                                                    protocol
                                                                                                    
+
                                                                                                    protocol
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check protocol.
                                                                                                    
+
                                                                                                    Health check protocol.
                                                                                                    
 
                                                                                                    Value options: TCP or HTTP
                                                                                                    
                                                                                                     		
 
                                                                                                    path
                                                                                                    
+
                                                                                                    path
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                    
+
                                                                                                    Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                    
 
                                                                                                    Default value: /
                                                                                                    
 
                                                                                                    Value range: 1-80 characters
                                                                                                    
 
                                                                                                    
 
                                                                                                    
 
-
                                                                                                    Table 11 elb.health-check-options
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -789,23 +957,23 @@ spec:
 
                                                                                                    Table 15 elb.health-check-options
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Mandatory
                                                                                                    
+
                                                                                                    Mandatory
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    target_service_port
                                                                                                    
+
                                                                                                    target_service_port
                                                                                                    
 
                                                                                                    Yes
                                                                                                    
+
                                                                                                    Yes
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                    
+
                                                                                                    Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                    
                                                                                                     		
 
                                                                                                    monitor_port
                                                                                                    
+
                                                                                                    monitor_port
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                    
+
                                                                                                    Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                    
 
                                                                                                     NOTE: 
                                                                                                    Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                                    
 
                                                                                                    
                                                                                                     		
 
                                                                                                    delay
                                                                                                    
+
                                                                                                    delay
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check interval (s)
                                                                                                    
+
                                                                                                    Health check interval (s)
                                                                                                    
 
                                                                                                    Value range: 1 to 50. Default value: 5
                                                                                                    
                                                                                                     		
 
                                                                                                    timeout
                                                                                                    
+
                                                                                                    timeout
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check timeout, in seconds.
                                                                                                    
+
                                                                                                    Health check timeout, in seconds.
                                                                                                    
 
                                                                                                    Value range: 1 to 50. Default value: 10
                                                                                                    
                                                                                                     		
 
                                                                                                    max_retries
                                                                                                    
+
                                                                                                    max_retries
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Maximum number of health check retries.
                                                                                                    
+
                                                                                                    Maximum number of health check retries.
                                                                                                    
 
                                                                                                    Value range: 1 to 10. Default value: 3
                                                                                                    
                                                                                                     		
 
                                                                                                    protocol
                                                                                                    
+
                                                                                                    protocol
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check protocol.
                                                                                                    
+
                                                                                                    Health check protocol.
                                                                                                    
 
                                                                                                    Default value: protocol of the associated Service
                                                                                                    
 
                                                                                                    Value options: TCP, UDP, or HTTP
                                                                                                    
                                                                                                     		
 
                                                                                                    path
                                                                                                    
+
                                                                                                    path
                                                                                                    
 
                                                                                                    No
                                                                                                    
+
                                                                                                    No
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                    
+
                                                                                                    Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                    
 
                                                                                                    Default value: /
                                                                                                    
 
                                                                                                    Value range: 1-80 characters
                                                                                                    
 
                                                                                                    
 
                                                                                                    
 
-
                                                                                                    Table 12 elb.session-affinity-option data structure
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0386.html b/docs/cce/umn/cce_10_0386.html
index 2df22c79..c2a005c5 100644
--- a/docs/cce/umn/cce_10_0386.html
+++ b/docs/cce/umn/cce_10_0386.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                    Labels and Annotations
                                                                                                    
+
                                                                                                    Configuring Labels and Annotations
                                                                                                    Pod Annotations
                                                                                                    CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.
                                                                                                    
 
 
                                                                                                    Table 16 elb.session-affinity-option data structure
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Mandatory
                                                                                                    
+
                                                                                                    Mandatory
                                                                                                    
 
                                                                                                    Type
                                                                                                    
+
                                                                                                    Type
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    persistence_timeout
                                                                                                    
+
                                                                                                    persistence_timeout
                                                                                                    
 
                                                                                                    Yes
                                                                                                    
+
                                                                                                    Yes
                                                                                                    
 
                                                                                                    String
                                                                                                    
+
                                                                                                    String
                                                                                                    
 
                                                                                                    Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                    
+
                                                                                                    Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                    
 
                                                                                                    Value range: 1 to 60. Default value: 60
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 1 Pod annotations
                                                                                                    Annotation
                                                                                                    
@@ -30,6 +30,38 @@
 
                                                                                                    None
                                                                                                    
                                                                                                     		
 
                                                                                                    prometheus.io/scrape
                                                                                                    
+
                                                                                                    Parameter for reporting Prometheus metrics. If the value is true, the current workload reports the monitoring metrics.
                                                                                                    
+
                                                                                                    For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                    
+
                                                                                                    None
                                                                                                    
+
                                                                                                    prometheus.io/path
                                                                                                    
+
                                                                                                    URL for Prometheus to collect data.
                                                                                                    
+
                                                                                                    For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                    
+
                                                                                                    /metrics
                                                                                                    
+
                                                                                                    prometheus.io/port
                                                                                                    
+
                                                                                                    Endpoint port number for Prometheus to collect data.
                                                                                                    
+
                                                                                                    For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                    
+
                                                                                                    None
                                                                                                    
+
                                                                                                    prometheus.io/scheme
                                                                                                    
+
                                                                                                    Protocol used by Prometheus to collect data. The value can be http or https.
                                                                                                    
+
                                                                                                    For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                    
+
                                                                                                    None
                                                                                                    
+
                                                                                                    
 
                                                                                                    kubernetes.io/ingress-bandwidth
                                                                                                    
                                                                                                     		
 
                                                                                                    Ingress bandwidth of a pod.
                                                                                                    
@@ -68,13 +100,13 @@ spec:
       ...
 
                                                                                                    You can also add other labels to the pod for affinity and anti-affinity scheduling. In the following figure, three pod labels (release, env, and role) are defined for workload APP 1, APP 2, and APP 3. The values of these labels vary with workload.
                                                                                                    
 
                                                                                                    • APP 1: [release:alpha;env:development;role:frontend]
                                                                                                    • APP 2: [release:beta;env:testing;role:frontend]
                                                                                                    • APP 3: [release:alpha;env:production;role:backend]
                                                                                                    
-
                                                                                                    Figure 1 Label example
                                                                                                    
+
                                                                                                    Figure 1 Label example
                                                                                                    
 
                                                                                                    For example, if key/value is set to role/backend, APP 3 will be selected for affinity scheduling. For details, see Workload Affinity (podAffinity).
                                                                                                    
 
 
 
                                                                                                    
 
                                                                                                    
-
                                                                                                    Parent topic: Configuring a Container
                                                                                                    
+
                                                                                                    Parent topic: Configuring a Workload
                                                                                                    
 
                                                                                                    
 
                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0391.html b/docs/cce/umn/cce_10_0391.html
index f2f6eb03..3c2a921f 100644
--- a/docs/cce/umn/cce_10_0391.html
+++ b/docs/cce/umn/cce_10_0391.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                    Local Persistent Volumes
                                                                                                    
+
                                                                                                    Local PVs
                                                                                                    
 
                                                                                                    
 
                                                                                                    
 
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0397.html b/docs/cce/umn/cce_10_0397.html
index aea6e76c..24dce12d 100644
--- a/docs/cce/umn/cce_10_0397.html
+++ b/docs/cce/umn/cce_10_0397.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                    Workload Upgrade Policies
                                                                                                    
+
                                                                                                    Configuring Workload Upgrade Policies
                                                                                                    
 
                                                                                                    In actual applications, upgrade is a common operation. A Deployment, StatefulSet, or DaemonSet can easily support application upgrade.
                                                                                                    
 
                                                                                                    You can set different upgrade policies:
                                                                                                    
 
                                                                                                    • Rolling upgrade: New pods are created gradually and then old pods are deleted. This is the default policy.
                                                                                                    • Replace upgrade: The current pods are deleted and then new pods are created.
                                                                                                    
@@ -83,7 +83,7 @@ nginx-6f9f58dffd-tesqr   1/1       Running   0          1m
     type: RollingUpdate
 
                                                                                                    In the preceding example, the value of spec.replicas is 2. If both maxSurge and maxUnavailable are the default value 25%, maxSurge allows a maximum of three pods to exist (2 x 1.25 = 2.5, rounded up to 3), and maxUnavailable does not allow a maximum of two pods to be unavailable (2 x 0.75 = 1.5, rounded up to 2). That is, during the upgrade process, there will always be two pods running. Each time a new pod is created, an old pod is deleted, until all pods are new.
                                                                                                    
 
                                                                                                    
-
                                                                                                    Rollback
                                                                                                    Rollback is to roll an application back to the earlier version when a fault occurs during the upgrade. A Deployment can be easily rolled back to the earlier version.
                                                                                                    
+
                                                                                                    Rollback
                                                                                                    Rollback is to roll an application back to an earlier version when a fault occurs during an upgrade. A Deployment can be easily rolled back to the earlier version.
                                                                                                    
 
                                                                                                    For example, if the upgraded image is faulty, you can run the kubectl rollout undo command to roll back the Deployment.
                                                                                                    
 
                                                                                                    $ kubectl rollout undo deployment nginx
 deployment.apps/nginx rolled back
                                                                                                    
@@ -92,7 +92,7 @@ deployment.apps/nginx rolled back
 
                                                                                                    
 
                                                                                                    
 
                                                                                                    
-
                                                                                                    Parent topic: Configuring a Container
                                                                                                    
+
                                                                                                    Parent topic: Configuring a Workload
                                                                                                    
 
                                                                                                    
 
                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0400.html b/docs/cce/umn/cce_10_0400.html
index 5f4e0b1d..efed4d98 100644
--- a/docs/cce/umn/cce_10_0400.html
+++ b/docs/cce/umn/cce_10_0400.html
@@ -4,15 +4,15 @@
 
                                                                                                    Containers can access the Internet in either of the following ways:
                                                                                                    
 
                                                                                                    • Bind an EIP to the node where the container is located if the network model is VPC or tunnel.
                                                                                                    • Bind an EIP to the pod. (This function applies only to Cloud Native 2.0 clusters. To do so, manually bind an EIP to the ENI or sub-ENI of the pod on the VPC console. This method is not recommended because the IP address of a pod changes after the pod is rescheduled. As a result, the new pod cannot access the Internet.)
                                                                                                    • Configure SNAT rules through NAT Gateway.
                                                                                                    
 
                                                                                                    You can use NAT Gateway to enable container pods in a VPC to access the Internet. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway, providing secure and efficient access to the Internet. Figure 1 shows the SNAT architecture. The SNAT function allows the container pods in a VPC to access the Internet without being bound to an EIP. SNAT supports a large number of concurrent connections, which makes it suitable for applications involving a large number of requests and connections.
                                                                                                    
-
                                                                                                    Figure 1 SNAT
                                                                                                    
-
                                                                                                    To enable a container pod to access the Internet, perform the following steps:
                                                                                                    
-
                                                                                                    1. Assign an EIP.
                                                                                                      1. Log in to the management console.
                                                                                                      2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                      3. Click  in the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                                      4. On the EIPs page, click Assign EIP.
                                                                                                      5. Configure parameters as required.
                                                                                                         
                                                                                                        Set Region to the region where container pods are located.
                                                                                                        
+
                                                                                                        Figure 1 SNAT
                                                                                                        
+
                                                                                                        To enable a container to access the Internet, perform the following steps:
                                                                                                        
+
                                                                                                        1. Obtain an EIP. 
                                                                                                          1. Log in to the management console.
                                                                                                          2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                          3. Click  in the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                                          4. On the EIPs page, click Assign EIP.
                                                                                                          5. Configure parameters as required.
                                                                                                             
                                                                                                            Set Region to the region where container pods are located.
                                                                                                            
 
                                                                                                            
 
                                                                                                          
-
                                                                                                        2. Create a NAT gateway.
                                                                                                          1. Log in to the management console.
                                                                                                          2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                          3. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                          4. On the Public Network Gateways page, click Create Public NAT Gateway in the upper right corner.
                                                                                                          5. Configure parameters as required.
                                                                                                             
                                                                                                            Select the same VPC.
                                                                                                            
+
                                                                                                          6. Create a NAT gateway.
                                                                                                            1. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                            2. On the Public Network Gateways page, click Create Public NAT Gateway in the upper right corner.
                                                                                                            3. Configure parameters as required.
                                                                                                               
                                                                                                              Select the same VPC.
                                                                                                              
 
                                                                                                              
 
                                                                                                            
-
                                                                                                          7. Configure an SNAT rule and bind the EIP to the subnet. 
                                                                                                            1. Log in to the management console.
                                                                                                            2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                            3. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                            4. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                            5. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                            6. Set parameters as required.
                                                                                                            
+
                                                                                                          8. Configure an SNAT rule and bind the EIP to the subnet. 
                                                                                                            1. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                            2. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                            3. Set parameters as required.
                                                                                                            
 
                                                                                                             
                                                                                                            SNAT rules take effect by CIDR block. As different container network models use different communication modes, the subnet needs to be selected according to the following rules:
                                                                                                            
 
                                                                                                            • Tunnel network and VPC network: Select the subnet where the node is located, that is, the subnet selected during node creation.
                                                                                                            • Cloud Native Network 2.0: Select the subnet where the container is located, that is, the container subnet selected during cluster creation.
                                                                                                            
 
                                                                                                            If there are multiple CIDR blocks, you can create multiple SNAT rules or customize a CIDR block as long as the CIDR block contains the container subnet (Cloud Native 2.0 network) or the node subnet.
                                                                                                            
diff --git a/docs/cce/umn/cce_10_0402.html b/docs/cce/umn/cce_10_0402.html
index 9eaebf17..cc536d2d 100644
--- a/docs/cce/umn/cce_10_0402.html
+++ b/docs/cce/umn/cce_10_0402.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                            Host Network
                                                                                                            
+
                                                                                                            Configuring hostNetwork for Pods
                                                                                                            
 
                                                                                                            Scenario
                                                                                                            Kubernetes allows pods to directly use the host/node network. When a pod is configured with hostNetwork: true, applications running in the pod can directly view the network interface of the host where the pod is located.
                                                                                                            
 
                                                                                                            
 
                                                                                                            Configuration
                                                                                                            Add hostNetwork: true to the pod definition.
                                                                                                            
@@ -29,7 +29,7 @@ spec:
 NAME                    READY   STATUS    RESTARTS   AGE     IP          NODE        NOMINATED NODE   READINESS GATES
 nginx-6fdf99c8b-6wwft   1/1     Running   0          3m41s   10.1.0.55   10.1.0.55   <none>           <none>
 
                                                                                                            
-
                                                                                                            Precautions
                                                                                                            If a pod uses the host network, it occupies a host port. The pod IP is the host IP. To use the host network, you must confirm pods do not conflict with each other in terms of the host ports they occupy. Do not use the host network unless you know exactly which host port is used by which pod.
                                                                                                            
+
                                                                                                            Precautions
                                                                                                            If a pod uses the host network, it occupies a host port. The pod IP is the host IP. To use the host network, you must confirm pods do not conflict with each other in terms of the host ports they occupy. Do not use the host network unless a specific application must use a specific port on the host.
                                                                                                            
 
                                                                                                            When using the host network, you access a pod on a node through a node port. Therefore, allow access from the security group port of the node. Otherwise, the access fails.
                                                                                                            
 
                                                                                                            In addition, using the host network requires you to reserve host ports for the pods. When using a Deployment to deploy pods of the hostNetwork type, ensure that the number of pods does not exceed the number of nodes. Otherwise, multiple pods will be scheduled onto the node, and they will fail to start due to port conflicts. For example, in the preceding example nginx YAML, if two pods (setting replicas to 2) are deployed in a cluster with only one node, one pod cannot be created. The pod logs will show that the Nginx cannot be started because the port is occupied.
                                                                                                            
 
                                                                                                             
                                                                                                            Do not schedule multiple pods that use the host network on the same node. Otherwise, when a ClusterIP Service is created to access a pod, the cluster IP address cannot be accessed.
                                                                                                            
@@ -76,7 +76,7 @@ nginx: [emerg] still could not bind()
 
                                                                                                            
 
                                                                                                            
 
                                                                                                            
-
                                                                                                            Parent topic: Container Network Settings
                                                                                                            
+
                                                                                                            Parent topic: Pod Network Settings
                                                                                                            
 
                                                                                                            
 
                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0403.html b/docs/cce/umn/cce_10_0403.html
index e843da7d..9aeb5a19 100644
--- a/docs/cce/umn/cce_10_0403.html
+++ b/docs/cce/umn/cce_10_0403.html
@@ -3,10 +3,10 @@
 
                                                                                                            Changing Cluster Scale
                                                                                                            
 
                                                                                                            Scenario
                                                                                                            CCE allows you to change the number of nodes managed in a cluster.
                                                                                                            
 
                                                                                                            
-
                                                                                                            Constraints
                                                                                                            • This function is supported for clusters of v1.15 and later versions.
                                                                                                            • Starting from v1.15.11, the number of nodes in a cluster can be changed to 2000. The number of nodes in a single master node cannot be changed to 1000 or more.
                                                                                                            • The number of master nodes cannot be changed when you modify cluster specifications.
                                                                                                            • Currently, a cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                                            • During the specifications change, master nodes will be powered off and on, and the cluster cannot run properly. Perform the change during off-peak hours.
                                                                                                            • Changing the cluster scale does not affect the services running in the cluster. However, the control plane (master nodes) will be interrupted for a short period of time. You are advised not to perform any other operations (such as creating workloads) during the change.
                                                                                                            • Change failures will trigger a cluster rollback to the normal state. If the rollback fails, submit a service ticket.
                                                                                                            
+
                                                                                                            Notes and Constraints
                                                                                                            • A cluster that has only one master node supports fewer than 1000 worker nodes.
                                                                                                            • The number of master nodes cannot be changed when you modify cluster specifications.
                                                                                                            • A cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                                            • To ensure proper cluster functionality, perform any specifications changes during off-peak hours. This is because master nodes will need to be powered off and on, which can disrupt normal operations.
                                                                                                            
 
                                                                                                            
-
                                                                                                            Procedure
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Locate the cluster whose specifications need to be modified, click ... to view more operations on the cluster, and choose Specification change.
                                                                                                            3. On the page displayed, select a new cluster scale.
                                                                                                            4. Click Next to confirm the specifications and click OK.
                                                                                                              You can click Operation Records in the upper right corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                              
-
                                                                                                               
                                                                                                              After the cluster scale is changed to 1000 nodes or more, some parameter values of the cluster will be automatically adjusted to ensure the cluster performance. For details, see Cluster Configuration Management.
                                                                                                              
+
                                                                                                              Procedure
                                                                                                              1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                              2. Locate the cluster whose specifications need to be modified, click ... to view more operations on the cluster, and choose Modify Specifications.
                                                                                                              3. On the page displayed, select a new cluster scale.
                                                                                                              4. Click Next to confirm the specifications and click OK.
                                                                                                                You can click Operation Records in the upper right corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                                
+
                                                                                                                 
                                                                                                                After the cluster scale is changed to 1000 nodes or more, some parameter values of the cluster will be automatically adjusted to ensure the cluster performance. For details, see Modifying Cluster Configurations.
                                                                                                                
 
                                                                                                                
 
                                                                                                              
 
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0405.html b/docs/cce/umn/cce_10_0405.html
index 5569ad39..fae1bb4d 100644
--- a/docs/cce/umn/cce_10_0405.html
+++ b/docs/cce/umn/cce_10_0405.html
@@ -1,63 +1,113 @@
 
 
 
                                                                                                              Patch Version Release Notes
                                                                                                              
-
                                                                                                              Version 1.28
                                                                                                              
-
                                                                                                              Table 1 Release notes for the v1.28 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              Version 1.29
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
                                                                                                              Table 1 Release notes for the v1.29 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
 
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
 
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
 
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
 
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.28.3-r0
                                                                                                              
+
                                                                                                              v1.29.2-r0
                                                                                                              
 
                                                                                                              v1.28.3
                                                                                                              
+
                                                                                                              v1.29.3
                                                                                                              
 
                                                                                                              LoadBalancer Services and ingresses allow you to:
                                                                                                              • Configure SNI.
                                                                                                              • Enable HTTP/2.
                                                                                                              • Configure idle timeout, request timeout, and response timeout.
                                                                                                              • Obtain the listener port number and the number of the port requested by the client from the request header of an HTTP packet, and rewrite X-Forwarded-Host.
                                                                                                              
+
                                                                                                              • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                              • Scaling priority policies can be configured for third-party workloads.
                                                                                                              • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                              • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                              
+
                                                                                                              • An in-progress node drainage can be canceled.
                                                                                                              • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                              • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                              • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.29.1-r0
                                                                                                              
+
                                                                                                              v1.29.1
                                                                                                              
+
                                                                                                              CCE clusters of v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              Version 1.28
                                                                                                              
+
                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -65,64 +115,87 @@
 
                                                                                                              
-
                                                                                                              Version 1.27
                                                                                                               
                                                                                                              In CCE v1.27 and later versions, all nodes support only the containerd container engine. 
                                                                                                              
+
                                                                                                              Version 1.27
                                                                                                               
                                                                                                              dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd. 
                                                                                                              
 
                                                                                                              
 
-
                                                                                                              Table 2 Release notes for the v1.28 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              v1.28.6-r0
                                                                                                              
+
                                                                                                              v1.28.8
                                                                                                              
+
                                                                                                              • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                              • Scaling priority policies can be configured for third-party workloads.
                                                                                                              • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                              • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                              
+
                                                                                                              • An in-progress node drainage can be canceled.
                                                                                                              • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                              • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                              • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.28.3-r0
                                                                                                              
+
                                                                                                              v1.28.3
                                                                                                              
+
                                                                                                              LoadBalancer Services and ingresses allow you to:
                                                                                                              • Configure SNI.
                                                                                                              • Enable HTTP/2.
                                                                                                              • Configure idle timeout, request timeout, and response timeout.
                                                                                                              
 
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.28.2-r0
                                                                                                              
+
                                                                                                              v1.28.2-r0
                                                                                                              
 
                                                                                                              v1.28.3
                                                                                                              
+
                                                                                                              v1.28.3
                                                                                                              
 
                                                                                                              • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
                                                                                                              
+
                                                                                                              • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.28.1-r4
                                                                                                              
+
                                                                                                              v1.28.1-r4
                                                                                                              
 
                                                                                                              v1.28.3
                                                                                                              
+
                                                                                                              v1.28.3
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
+
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.28.1-r0
                                                                                                              
+
                                                                                                              v1.28.1-r0
                                                                                                              
 
                                                                                                              v1.28.3
                                                                                                              
+
                                                                                                              v1.28.3
                                                                                                              
 
                                                                                                              CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.
                                                                                                              
+
                                                                                                              CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.
                                                                                                              
 
                                                                                                              • The prefix and suffix of a node name can be customized in node pools.
                                                                                                              • In CCE Turbo clusters, you can create container networks for workloads and specify pod subnets.
                                                                                                              • LoadBalancer ingresses support gRPC.
                                                                                                              • LoadBalancer Services allow you to specify a private IP address for a load balancer during Service creation using YAML.
                                                                                                              
 
                                                                                                              • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
                                                                                                              • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
                                                                                                              
+
                                                                                                              • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
                                                                                                              • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
 
                                                                                                              Table 2 Release notes for the v1.27 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-
-
@@ -132,93 +205,116 @@
 
                                                                                                              Version 1.25
                                                                                                               
                                                                                                              All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.
                                                                                                              
 
                                                                                                              
 
-
                                                                                                              Table 3 Release notes for the v1.27 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
 
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
 
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
 
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
 
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.27.3-r4
                                                                                                              
+
                                                                                                              v1.27.8-r0
                                                                                                              
 
                                                                                                              v1.27.4
                                                                                                              
+
                                                                                                              v1.27.12
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                              • Scaling priority policies can be configured for third-party workloads.
                                                                                                              • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                              • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • An in-progress node drainage can be canceled.
                                                                                                              • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                              • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                              • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                              
 
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.27.2-r0
                                                                                                              
+
                                                                                                              v1.27.5-r0
                                                                                                              
 
                                                                                                              v1.27.2
                                                                                                              
+
                                                                                                              v1.27.4
                                                                                                              
 
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
+
                                                                                                              LoadBalancer Services and ingresses allow you to:
                                                                                                              • Configure SNI.
                                                                                                              • Enable HTTP/2.
                                                                                                              • Configure idle timeout, request timeout, and response timeout.
                                                                                                              
+
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.27.1-r10
                                                                                                              
+
                                                                                                              v1.27.3-r4
                                                                                                              
 
                                                                                                              v1.27.2
                                                                                                              
+
                                                                                                              v1.27.4
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.27.1-r0
                                                                                                              
+
                                                                                                              v1.27.2-r0
                                                                                                              
 
                                                                                                              v1.27.2
                                                                                                              
+
                                                                                                              v1.27.2
                                                                                                              
 
                                                                                                              CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.
                                                                                                              
+
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.27.1-r10
                                                                                                              
+
                                                                                                              v1.27.2
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.27.1-r0
                                                                                                              
+
                                                                                                              v1.27.2
                                                                                                              
+
                                                                                                              CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.
                                                                                                              
 
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Table 3 Release notes for the v1.25 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
@@ -226,105 +322,128 @@
 
                                                                                                              Version 1.23
                                                                                                              
-
                                                                                                              Table 4 Release notes for the v1.25 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
 
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
 
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
 
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
 
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.25.6-r4
                                                                                                              
+
                                                                                                              v1.25.11-r0
                                                                                                              
 
                                                                                                              v1.25.10
                                                                                                              
+
                                                                                                              v1.25.16
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                              • Scaling priority policies can be configured for third-party workloads.
                                                                                                              • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                              • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • An in-progress node drainage can be canceled.
                                                                                                              • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                              • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                              • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                              
 
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25.5-r0
                                                                                                              
+
                                                                                                              v1.25.8-r0
                                                                                                              
 
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              v1.25.10
                                                                                                              
 
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
+
                                                                                                              LoadBalancer Services and ingresses allow you to:
                                                                                                              • Configure SNI.
                                                                                                              • Enable HTTP/2.
                                                                                                              • Configure idle timeout, request timeout, and response timeout.
                                                                                                              
+
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25.4-r10
                                                                                                              
+
                                                                                                              v1.25.6-r4
                                                                                                              
 
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              v1.25.10
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25.4-r0
                                                                                                              
+
                                                                                                              v1.25.5-r0
                                                                                                              
 
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              v1.25.5
                                                                                                              
 
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
+
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25.3-r10
                                                                                                              
+
                                                                                                              v1.25.4-r10
                                                                                                              
 
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              v1.25.5
                                                                                                              
 
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
+
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25.3-r0
                                                                                                              
+
                                                                                                              v1.25.4-r0
                                                                                                              
 
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              v1.25.5
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
 
                                                                                                              Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25.1-r0
                                                                                                              
+
                                                                                                              v1.25.3-r10
                                                                                                              
 
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              v1.25.5
                                                                                                              
 
                                                                                                              CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                                              
+
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.25.3-r0
                                                                                                              
+
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.25.1-r0
                                                                                                              
+
                                                                                                              v1.25.5
                                                                                                              
+
                                                                                                              CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
 
                                                                                                              Table 4 Release notes for the v1.23 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
@@ -332,105 +451,116 @@
 
                                                                                                              Version 1.21
                                                                                                              
-
                                                                                                              Table 5 Release notes for the v1.23 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
 
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
 
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
 
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
 
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.23.11-r4
                                                                                                              
+
                                                                                                              v1.23.16-r0
                                                                                                              
 
                                                                                                              v1.23.17
                                                                                                              
+
                                                                                                              v1.23.17
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                              • Scaling priority policies can be configured for third-party workloads.
                                                                                                              • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                              • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • An in-progress node drainage can be canceled.
                                                                                                              • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                              • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                              • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                              
 
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.23.10-r0
                                                                                                              
+
                                                                                                              v1.23.13-r0
                                                                                                              
 
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              v1.23.17
                                                                                                              
 
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
+
                                                                                                              LoadBalancer Services and ingresses allow you to:
                                                                                                              • Configure SNI.
                                                                                                              • Enable HTTP/2.
                                                                                                              • Configure idle timeout, request timeout, and response timeout.
                                                                                                              
+
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.23.9-r10
                                                                                                              
+
                                                                                                              v1.23.11-r4
                                                                                                              
 
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              v1.23.17
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.23.9-r0
                                                                                                              
+
                                                                                                              v1.23.10-r0
                                                                                                              
 
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              v1.23.11
                                                                                                              
 
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
+
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.23.8-r10
                                                                                                              
+
                                                                                                              v1.23.9-r10
                                                                                                              
 
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              v1.23.11
                                                                                                              
 
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
+
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.23.8-r0
                                                                                                              
+
                                                                                                              v1.23.9-r0
                                                                                                              
 
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              v1.23.11
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
 
                                                                                                              • Enhanced Docker reliability during upgrades.
                                                                                                              • Optimized node time synchronization.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.23.5-r0
                                                                                                              
+
                                                                                                              v1.23.8-r10
                                                                                                              
 
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              v1.23.11
                                                                                                              
 
                                                                                                              • Fault detection and isolation are supported on GPU nodes.
                                                                                                              • Security groups can be customized by cluster.
                                                                                                              • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                              • containerd is supported.
                                                                                                              
+
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
 
                                                                                                              • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
                                                                                                              • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                                              • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                              
+
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
 
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.23.8-r0
                                                                                                              
+
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              None
                                                                                                              
+
                                                                                                              • Enhanced Docker reliability during upgrades.
                                                                                                              • Optimized node time synchronization.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.23.5-r0
                                                                                                              
+
                                                                                                              v1.23.11
                                                                                                              
+
                                                                                                              • Fault detection and isolation are supported on GPU nodes.
                                                                                                              • Security groups can be customized by cluster.
                                                                                                              • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                              • containerd is supported.
                                                                                                              
+
                                                                                                              • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
                                                                                                              • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                                              • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                              
+
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
 
                                                                                                               		
 
                                                                                                              v1.23.1-r0
                                                                                                              
+
                                                                                                              v1.23.1-r0
                                                                                                              
 
                                                                                                              v1.23.4
                                                                                                              
+
                                                                                                              v1.23.4
                                                                                                              
 
                                                                                                              CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                                              
+
                                                                                                              CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
 
                                                                                                              Table 5 Release notes for the v1.21 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
@@ -438,117 +568,117 @@
 
                                                                                                              Version 1.19
                                                                                                              
-
                                                                                                              Table 6 Release notes for the v1.21 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
 
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
 
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
 
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
 
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.21.12-r4
                                                                                                              
+
                                                                                                              v1.21.14-r0
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.21.11-r20
                                                                                                              
+
                                                                                                              v1.21.12-r4
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.21.11-r10
                                                                                                              
+
                                                                                                              v1.21.11-r20
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
 
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.21.11-r0
                                                                                                              
+
                                                                                                              v1.21.11-r10
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.21.10-r10
                                                                                                              
+
                                                                                                              v1.21.11-r0
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
+
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
 
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.21.10-r0
                                                                                                              
+
                                                                                                              v1.21.10-r10
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
 
                                                                                                              • Enhanced Docker reliability during upgrades.
                                                                                                              • Optimized node time synchronization.
                                                                                                              • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                              
+
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.21.7-r0
                                                                                                              
+
                                                                                                              v1.21.10-r0
                                                                                                              
 
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
 
                                                                                                              • Fault detection and isolation are supported on GPU nodes.
                                                                                                              • Security groups can be customized by cluster.
                                                                                                              • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                              
+
                                                                                                              • Enhanced Docker reliability during upgrades.
                                                                                                              • Optimized node time synchronization.
                                                                                                              • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                              
 
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              v1.21.7-r0
                                                                                                              
+
                                                                                                              v1.21.14
                                                                                                              
+
                                                                                                              • Fault detection and isolation are supported on GPU nodes.
                                                                                                              • Security groups can be customized by cluster.
                                                                                                              • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                              
+
                                                                                                              Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                              
+
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
 
                                                                                                               		
 
                                                                                                              v1.21.1-r0
                                                                                                              
+
                                                                                                              v1.21.1-r0
                                                                                                              
 
                                                                                                              v1.21.7
                                                                                                              
+
                                                                                                              v1.21.7
                                                                                                              
 
                                                                                                              CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                                              
+
                                                                                                              CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
 
                                                                                                              
-
@@ -35,8 +35,8 @@
 
-
                                                                                                              Table 6 Release notes for the v1.19 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0406.html b/docs/cce/umn/cce_10_0406.html
new file mode 100644
index 00000000..c7dd6cef
--- /dev/null
+++ b/docs/cce/umn/cce_10_0406.html
@@ -0,0 +1,236 @@
+
+
+
                                                                                                              Cloud Native Cluster Monitoring
                                                                                                              
+
                                                                                                              Introduction
                                                                                                              kube-prometheus-stack uses Prometheus-operator and Prometheus to provide easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                                                              
+
                                                                                                              Open source community: https://github.com/prometheus/prometheus
                                                                                                              
+
                                                                                                              
+
                                                                                                              Notes and Constraints
                                                                                                              • By default, the kube-state-metrics component of the add-on does not collect labels and annotations of Kubernetes resources. To collect these labels and annotations, manually enable the collection function in the startup parameters and check whether the corresponding metrics are added to the collection whitelist of ServiceMonitor named kube-state-metrics. For details, see Collecting All Labels and Annotations of a Pod.
                                                                                                              • In 3.8.0 and later versions, component metrics in the kube-system and monitoring namespaces are not collected by default. If you have workloads in the two namespaces, use Pod Monitor or Service Monitor to collect these metrics.
                                                                                                              • In 3.8.0 and later versions, etcd-server, kube-controller, kube-scheduler, autoscaler, fluent-bit, volcano-agent, volcano-scheduler and otel-collector metrics are not collected by default. Enable the collection as required.
                                                                                                                To enable this function, on the ConfigMaps and Secrets page, expand the dropdown list of Namespace, and select monitoring. Locate the row that contains the configuration item named persistent-user-config, and click Edit YAML in the operation column. Remove the serviceMonitorDisable or podMonitorDisable configuration in the customSettings field as required or set the configuration to an empty array.
                                                                                                                
+
                                                                                                                ...
+   customSettings:
+      podMonitorDisable: []
+      serviceMonitorDisable: []
                                                                                                                
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              Permissions
                                                                                                              The node-exporter component of the kube-prometheus-stack add-on needs to read the Docker info data from the /var/run/docker.sock directory on the host for monitoring the Docker disk space.
                                                                                                              
+
                                                                                                              The following permission is required for running node-exporter:
                                                                                                              
+
                                                                                                              • cap_dac_override: reads the Docker info data.
                                                                                                              
+
                                                                                                              
+
                                                                                                              Installing the Add-on
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Cloud Native Cluster Monitoring on the right, and click Install.
                                                                                                              2. On the Install Add-on page, configure the specifications.
                                                                                                                • Deployment Mode: This parameter is available for the Cloud Native Cluster Monitoring version 3.7.1 or later.
                                                                                                                  • Agent mode: Few resources are required. In this mode, HPA is not supported.
                                                                                                                  • Server mode: More resources are required. In this mode, all Cloud Native Cluster Monitoring functions are supported.
                                                                                                                  
+
                                                                                                                • Containers: component instance created by the add-on. For details, see Components. You can select or customize a specification as required.
                                                                                                                
+
                                                                                                              3. Configure related parameters.
                                                                                                                • Interconnecting with AOM: Report Prometheus data to AOM. After this function is enabled, you can select the corresponding AOM instance. 
                                                                                                                • Connect to Third Party: To report Prometheus data to a third-party monitoring system, enter the address and token of the third-party monitoring system and determine whether to skip certificate authentication.
                                                                                                                • User-defined Metrics Service Discovery: Application metrics are automatically collected in the form of service discovery. 
                                                                                                                • Prometheus HA: The Prometheus-server, Prometheus-operator, thanos-query, custom-metrics-apiserver and alertmanager components are deployed in multi-instance mode in the cluster.
                                                                                                                • Number of collected shards: Collected targets are distributed among different Prometheus shards. This increases the upper limit of the metrics collection throughput but will consume more resources. Therefore, this parameter is recommended for large-scale clusters.
                                                                                                                • Collection Interval: Configure the collection interval.
                                                                                                                • Storage: Select the type and size of the disk for storing monitoring data. After the add-on is uninstalled, the storage volumes are not deleted if this add-on is deployed in the server mode.
                                                                                                                   
                                                                                                                  An available PVC named pvc-prometheus-server exists in namespace monitoring and will be used as the storage source.
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                • Scheduling Policies: Support node affinity, taint, and tolerations. Multiple scheduling policies can be configured. If no affinity node label key or toleration node taint key is configured, this function is disabled by default.
                                                                                                                  • Range: You can select the add-on pods for which the scheduling policy takes effect. By default, the scheduling policy takes effect for all pods. If a pod is specified, the scheduling policies configured for all pods are overwritten.
                                                                                                                  • Affinity Node Label Key: Enter a node label key to set node affinity for the add-on pods.
                                                                                                                  • Affinity Node Label Value: Enter a node label value to set node affinity for the add-on pods.
                                                                                                                  • Toleration Node Taint Key: A component can be scheduled to a node that has the taint key you specify.
                                                                                                                  
+
                                                                                                                
+
                                                                                                              4. Click Install.
                                                                                                                After the add-on is installed, you may need to perform the following operations:
                                                                                                                
+
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              Components
                                                                                                              All Kubernetes resources created during kube-prometheus-stack add-on installation are created in the namespace named monitoring.
                                                                                                              
+
+
                                                                                                              Table 7 Release notes for the v1.19 patch
                                                                                                              CCE Cluster Patch Version
                                                                                                              
 
                                                                                                              Kubernetes Version
                                                                                                              
+
                                                                                                              Kubernetes Version
                                                                                                              
 
                                                                                                              Feature Updates
                                                                                                              
+
                                                                                                              Feature Updates
                                                                                                              
 
                                                                                                              Optimization
                                                                                                              
+
                                                                                                              Optimization
                                                                                                              
 
                                                                                                              Vulnerability Fixing
                                                                                                              
+
                                                                                                              Vulnerability Fixing
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              1.19.16-r84
                                                                                                              
+
                                                                                                              1.19.16-r84
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
+
                                                                                                              Fixed CVE-2024-21626 issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.19.16-r60
                                                                                                              
+
                                                                                                              v1.19.16-r60
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
+
                                                                                                              • Volcano supports node pool affinity scheduling. 
                                                                                                              • Volcano supports workload rescheduling. 
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.19.16-r50
                                                                                                              
+
                                                                                                              v1.19.16-r50
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
+
                                                                                                              Optimized the events generated during node pool scaling.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.19.16-r40
                                                                                                              
+
                                                                                                              v1.19.16-r40
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
+
                                                                                                              • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                              • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.19.16-r30
                                                                                                              
+
                                                                                                              v1.19.16-r30
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
+
                                                                                                              The timeout interval can be configured for a load balancer. 
                                                                                                              
 
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
+
                                                                                                              High-frequency parameters of kube-apiserver are configurable.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.19.16-r20
                                                                                                              
+
                                                                                                              v1.19.16-r20
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
                                                                                                              • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                              • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                                              
+
                                                                                                              • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
                                                                                                              • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                              • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                                              
 
                                                                                                              Fixed some security issues.
                                                                                                              
+
                                                                                                              Fixed some security issues.
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.19.16-r4
                                                                                                              
+
                                                                                                              v1.19.16-r4
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              • Fault detection and isolation are supported on GPU nodes.
                                                                                                              • Security groups can be customized by cluster.
                                                                                                              • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                              
+
                                                                                                              • Fault detection and isolation are supported on GPU nodes.
                                                                                                              • Security groups can be customized by cluster.
                                                                                                              • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                              
 
                                                                                                              • Scheduling is optimized on taint nodes.
                                                                                                              • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                                              • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                              • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                              
+
                                                                                                              • Scheduling is optimized on taint nodes.
                                                                                                              • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                                              • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                              • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                              
 
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
+
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
 
                                                                                                               		
 
                                                                                                              v1.19.16-r0
                                                                                                              
+
                                                                                                              v1.19.16-r0
                                                                                                              
 
                                                                                                              v1.19.16
                                                                                                              
+
                                                                                                              v1.19.16
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                                              
+
                                                                                                              Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                                              
 
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
+
                                                                                                              Fixed some security issues and the following CVE vulnerabilities:
                                                                                                              
 
                                                                                                               		
 
                                                                                                              v1.19.10-r0
                                                                                                              
+
                                                                                                              v1.19.10-r0
                                                                                                              
 
                                                                                                              v1.19.10
                                                                                                              
+
                                                                                                              v1.19.10
                                                                                                              
 
                                                                                                              CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                                              
+
                                                                                                              CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                              Table 1 Add-on components
                                                                                                              Component
                                                                                                              
+
                                                                                                              Description
                                                                                                              
+
                                                                                                              Supported Deployment Mode
                                                                                                              
+
                                                                                                              Resource Type
                                                                                                              
+
                                                                                                              prometheusOperator
                                                                                                              
+
                                                                                                              (workload name: prometheus-operator)
                                                                                                              
+
                                                                                                              Deploys and manages the Prometheus Server based on CustomResourceDefinitions (CRDs), and monitors and processes the events related to these CRDs. It is the control center of the entire system.
                                                                                                              
+
                                                                                                              Agent/Server
                                                                                                              
+
                                                                                                              Deployment
                                                                                                              
+
                                                                                                              prometheus
                                                                                                              
+
                                                                                                              (workload name: prometheus-server)
                                                                                                              
+
                                                                                                              A Prometheus Server cluster deployed by the operator based on the Prometheus CRDs that can be regarded as StatefulSets.
                                                                                                              
+
                                                                                                              Agent/Server
                                                                                                              
+
                                                                                                              StatefulSet
                                                                                                              
+
                                                                                                              alertmanager
                                                                                                              
+
                                                                                                              (workload name: alertmanager-alertmanager)
                                                                                                              
+
                                                                                                              Alarm center of the add-on. It receives alarms sent by Prometheus and manages alarm information by deduplicating, grouping, and distributing.
                                                                                                              
+
                                                                                                              Server
                                                                                                              
+
                                                                                                              StatefulSet
                                                                                                              
+
                                                                                                              thanosSidecar
                                                                                                              
+
                                                                                                              Available only in HA mode. Runs with prometheus-server in the same pod to implement persistent storage of Prometheus metric data.
                                                                                                              
+
                                                                                                              Server
                                                                                                              
+
                                                                                                              Container
                                                                                                              
+
                                                                                                              thanosQuery
                                                                                                              
+
                                                                                                              Available only in HA mode. Entry for PromQL query when Prometheus is in HA scenarios. It can delete duplicate metrics from Store or Prometheus.
                                                                                                              
+
                                                                                                              Server
                                                                                                              
+
                                                                                                              Deployment
                                                                                                              
+
                                                                                                              adapter
                                                                                                              
+
                                                                                                              (workload name: custom-metrics-apiserver)
                                                                                                              
+
                                                                                                              Aggregates custom metrics to the native Kubernetes API Server.
                                                                                                              
+
                                                                                                              Server
                                                                                                              
+
                                                                                                              Deployment
                                                                                                              
+
                                                                                                              kubeStateMetrics
                                                                                                              
+
                                                                                                              (workload name: kube-state-metrics)
                                                                                                              
+
                                                                                                              Converts the Prometheus metric data into a format that can be identified by Kubernetes APIs. By default, the kube-state-metrics component does not collect all labels and annotations of Kubernetes resources. To collect all labels and annotations, see Collecting All Labels and Annotations of a Pod.
                                                                                                              
+
                                                                                                               NOTE: 
                                                                                                              If the components run in multiple pods, only one pod provides metrics.
                                                                                                              
+
                                                                                                              
+
                                                                                                              Agent/Server
                                                                                                              
+
                                                                                                              Deployment
                                                                                                              
+
                                                                                                              nodeExporter
                                                                                                              
+
                                                                                                              (workload name: node-exporter)
                                                                                                              
+
                                                                                                              Deployed on each node to collect node monitoring data.
                                                                                                              
+
                                                                                                              Agent/Server
                                                                                                              
+
                                                                                                              DaemonSet
                                                                                                              
+
                                                                                                              clusterProblemDetector
                                                                                                              
+
                                                                                                              (workload name: cluster-problem-detector)
                                                                                                              
+
                                                                                                              Monitors cluster exceptions.
                                                                                                              
+
                                                                                                              Server
                                                                                                              
+
                                                                                                              Deployment
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
+
                                                                                                              Providing Resource Metrics Through the Metrics API
                                                                                                              Resource metrics of containers and nodes, such as CPU and memory usage, can be obtained through the Kubernetes Metrics API. Resource metrics can be directly accessed, for example, by using the kubectl top command, or used by HPA or CustomedHPA policies for auto scaling.
                                                                                                              
+
                                                                                                              The add-on can provide the Kubernetes Metrics API that is disabled by default. To enable the API, create the following APIService object:
                                                                                                              
+
                                                                                                              apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  labels:
+    app: custom-metrics-apiserver
+    release: cceaddon-prometheus
+  name: v1beta1.metrics.k8s.io
+spec:
+  group: metrics.k8s.io
+  groupPriorityMinimum: 100
+  insecureSkipTLSVerify: true
+  service:
+    name: custom-metrics-apiserver
+    namespace: monitoring
+    port: 443
+  version: v1beta1
+  versionPriority: 100
                                                                                                              
+
                                                                                                              You can save the object as a file, name it metrics-apiservice.yaml, and run the following command:
                                                                                                              
+
                                                                                                              kubectl create -f metrics-apiservice.yaml
                                                                                                              
+
                                                                                                              Run the kubectl top pod -n monitoring command. If the following information is displayed, the Metrics API can be accessed:
                                                                                                              
+
                                                                                                              # kubectl top pod -n monitoring
+NAME                                                      CPU(cores)   MEMORY(bytes)
+......
+custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
+......
                                                                                                              
+
                                                                                                               
                                                                                                              To uninstall the add-on, run the following kubectl command and delete the APIService object. Otherwise, the metrics-server add-on cannot be installed due to residual APIService resources.
                                                                                                              
+
                                                                                                              kubectl delete APIService v1beta1.metrics.k8s.io
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              Creating an HPA Policy Using Custom Metrics
                                                                                                              HPA policies can only be used when Cloud Native Cluster Monitoring is deployed in the server mode. You can configure custom metrics required by HPA policies in the user-adapter-config ConfigMap.
                                                                                                              
+
                                                                                                               
                                                                                                              To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                                                              
+
                                                                                                              
+
                                                                                                              In this section, the nginx metric (nginx_connections_accepted) in Monitoring Custom Metrics Using Cloud Native Cluster Monitoring is used as an example.
                                                                                                              
+
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose ConfigMaps and Secrets.
                                                                                                              2. Click the ConfigMaps tab, select the monitoring namespace, locate the row containing user-adapter-config (or adapter-config), and click Update.
                                                                                                              3. In Data, click Edit for the config.yaml file to add a custom metric collection rule under the rules field. Click OK.
                                                                                                                You can add multiple collection rules by adding multiple configurations under the rules field. For details, see Metrics Discovery and Presentation Configuration.
                                                                                                                
+
                                                                                                                Example custom metric rule:
                                                                                                                rules:
+# Match the metric whose name is nginx_connections_accepted. The metric name must be confirmed. Otherwise, the HPA controller cannot get the metric.
+- seriesQuery: '{__name__=~"nginx_connections_accepted",container!="POD",namespace!="",pod!=""}'
+  resources:
+    # Specify pod and namespace resources.
+    overrides:
+      namespace:
+        resource: namespace
+      pod:
+        resource: pod
+  name:
+    #Use nginx_connections_accepted"
+    matches: "nginx_connections_accepted"
+    #Use nginx_connections_accepted_per_second to represent the metric. The name is the custom metric name in a custom HPA policy.
+    as: "nginx_connections_accepted_per_second"
+    # Calculate rate(nginx_connections_accepted[2m]) to specify the number of requests received per second.
+  metricsQuery: 'rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[2m])'
                                                                                                                
+
                                                                                                                
+
                                                                                                              4. Redeploy the custom-metrics-apiserver workload in the monitoring namespace.
                                                                                                              5. In the navigation pane, choose Workloads. Locate the workload for which you want to create an HPA policy and choose More > Auto Scaling. In the Custom Policy area, you can select the preceding parameters to create an auto scaling policy.
                                                                                                              
+
                                                                                                              
+
                                                                                                              Collecting All Labels and Annotations of a Pod
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                              2. Switch to the monitoring namespace, click the Deployments tab, and click the name of the kube-state-metrics workload. On the page displayed, click the Containers tab and click Edit on the right.
                                                                                                              3. In the Lifecycle area of the container settings, edit the startup command.
                                                                                                                To collect labels, add the following information to the end of the original kube-state-metrics startup parameter:
                                                                                                                --metric-labels-allowlist=pods=[*],nodes=[node,failure-domain.beta.kubernetes.io/zone,topology.kubernetes.io/zone]
                                                                                                                
+
                                                                                                                
+
                                                                                                                To collect annotations, add parameters in the startup parameters in the same way.
                                                                                                                --metric-annotations-allowlist=pods=[*],nodes=[node,failure-domain.beta.kubernetes.io/zone,topology.kubernetes.io/zone]
                                                                                                                
+
                                                                                                                
+
                                                                                                                 
                                                                                                                When editing the startup command, do not modify other original startup parameters. Otherwise, the component may be abnormal.
                                                                                                                
+
                                                                                                                
+
                                                                                                              4. kube-state-metrics starts to collect the labels/annotations of pods and nodes and checks whether kube_pod_labels/kube_pod_annotations is in the collection task of CloudScope.
                                                                                                                kubectl get servicemonitor kube-state-metrics -nmonitoring -oyaml | grep kube_pod_labels
                                                                                                                
+
                                                                                                              
+
                                                                                                              For more kube-state-metrics startup parameters, see kube-state-metrics/cli-arguments.
                                                                                                              
+
                                                                                                              
+
                                                                                                              Change History
                                                                                                              
+
                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                              Table 2 Release history
                                                                                                              Add-on Version
                                                                                                              
+
                                                                                                              Supported Cluster Version
                                                                                                              
+
                                                                                                              New Feature
                                                                                                              
+
                                                                                                              Community Version
                                                                                                              
+
                                                                                                              3.10.1
                                                                                                              
+
                                                                                                              v1.21
                                                                                                              
+
                                                                                                              v1.23
                                                                                                              
+
                                                                                                              v1.25
                                                                                                              
+
                                                                                                              v1.27
                                                                                                              
+
                                                                                                              v1.28
                                                                                                              
+
                                                                                                              v1.29
                                                                                                              
+
                                                                                                              The NodeExporter component is upgraded to 1.8.0.
                                                                                                              
+
                                                                                                              2.37.8
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
+
+
diff --git a/docs/cce/umn/cce_10_0415.html b/docs/cce/umn/cce_10_0415.html
index 806f301f..cc872b36 100644
--- a/docs/cce/umn/cce_10_0415.html
+++ b/docs/cce/umn/cce_10_0415.html
@@ -1,18 +1,18 @@
 
 
-
                                                                                                              CronHPA Policies
                                                                                                              
+
                                                                                                              Creating a Scheduled CronHPA Policy
                                                                                                              
 
                                                                                                              There are predictable and unpredictable traffic peaks for some services. For such services, CCE CronHPA allows you to scale resources in fixed periods. It can work with HPA policies to periodically adjust the HPA scaling scope, implementing workload scaling.
                                                                                                              
-
                                                                                                              
+
                                                                                                              
 
                                                                                                              CronHPA can periodically adjust the maximum and minimum numbers of pods in the HPA policy or directly adjust the number of pods of a Deployment.
                                                                                                              
 
                                                                                                              Prerequisites
                                                                                                              The add-on CCE Advanced HPA of v1.2.13 or later has been installed.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Using CronHPA to Adjust the HPA Scaling Scope
                                                                                                              CronHPA can periodically scale out/in pods in HPA policies to satisfy complex services.
                                                                                                              
 
                                                                                                              HPA and CronHPA associate scaling objects using the scaleTargetRef field. If a Deployment is the scaling object for both CronHPA and HPA, the two scaling policies are independent of each other. The operation performed later overwrites the operation performed earlier. As a result, the scaling effect does not meet the expectation.
                                                                                                              
-
                                                                                                              
+
                                                                                                              
 
                                                                                                              When CronHPA and HPA are used together, CronHPA rules take effect based on the HPA policy. CronHPA uses HPA to perform operations on the Deployment. Understanding the following parameters can better understand the working rules of the CronHPA.
                                                                                                              
 
                                                                                                              • targetReplicas: Number of pods set for CronHPA. When CronHPA takes effect, this parameter adjusts the maximum or minimum number of pods in HPA policies to adjust the number of Deployment pods.
                                                                                                              • minReplicas: Minimum number of Deployment pods.
                                                                                                              • maxReplicas: Maximum number of Deployment pods.
                                                                                                              • replicas: Number of pods in a Deployment before the CronHPA policy takes effect.
                                                                                                              
 
                                                                                                              When the CronHPA rule takes effect, the maximum or minimum number of pods are adjusted by comparing the number of targetReplicas with the actual number of pods and combining the minimum or maximum number of pods in the HPA policy.
                                                                                                              
-
                                                                                                              Figure 1 CronHPA scaling scenarios
                                                                                                              
+
                                                                                                              Figure 1 CronHPA scaling scenarios
                                                                                                              
 
                                                                                                              Figure 1 shows possible scaling scenarios. The following examples detail how CronHPA modifies the number of pods in HPAs.
                                                                                                              
 
 
                                                                                                              Table 1 CronHPA scaling parameters
                                                                                                              Scenario
                                                                                                              
@@ -158,7 +158,7 @@
 
 
                                                                                                              Using the CCE console
                                                                                                              
 
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                              2. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                                                                                              3. Set Policy Type to HPA+CronHPA and enable HPA and CronHPA policies.
                                                                                                                CronHPA periodically adjusts the maximum and minimum numbers of pods using the HPA policy.
                                                                                                                
-
                                                                                                              4. Configure the HPA policy. For details, see HPA Policies.
                                                                                                                
+
                                                                                                              5. Configure the HPA policy. For details, see Creating an HPA Policy.
                                                                                                                
 
                                                                                                                Table 2 HPA policy
                                                                                                                Parameter
                                                                                                                
                                                                                                                 		
 
                                                                                                                Description
                                                                                                                
@@ -199,6 +199,7 @@
 
                                                                                                                Custom Policy (supported only in clusters of v1.15 or later)
                                                                                                                
                                                                                                                 		
 
                                                                                                                 NOTE: 
                                                                                                                Before creating a custom policy, install an add-on that supports custom metric collection (for example, Prometheus) in the cluster. Ensure that the add-on can collect and report the custom metrics of the workloads.
                                                                                                                
+
                                                                                                                For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                                
 
                                                                                                                
 
                                                                                                                • Metric Name: name of the custom metric. You can select a name as prompted.
                                                                                                                • Metric Source: Select an object type from the drop-down list. You can select Pod.
                                                                                                                • Desired Value: the average metric value of all pods. Number of pods to be scaled (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                                                                   NOTE: 
                                                                                                                  When calculating the number of pods to be added or reduced, the HPA policy uses the maximum number of pods in the last 5 minutes.
                                                                                                                  
 
                                                                                                                  
@@ -208,7 +209,7 @@
 
 
                                                                                                                
 
                                                                                                                
-
                                                                                                              6. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                
+
                                                                                                              7. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                
 
                                                                                                                Table 3 CronHPA policy parameters
                                                                                                                Parameter
                                                                                                                
                                                                                                                 		
 
                                                                                                                Description
                                                                                                                
@@ -236,7 +237,7 @@
 
                                                                                                                
 
                                                                                                                
 
                                                                                                              8. After configuring the preceding parameters, click OK. Then, the added policy rule is displayed in the rule list. Repeat the preceding steps to add multiple policy rules, but the triggering time of the policies must be different.
                                                                                                              9. Click Create.
                                                                                                              
-
                                                                                                              Using the kubectl command
                                                                                                              
+
                                                                                                              Using kubectl
                                                                                                              
 
                                                                                                              When the CronHPA is compatible with the HPA policy, the scaleTargetRef field in CronHPA must be set to the HPA policy, and the scaleTargetRef field in the HPA policy must be set to Deployment. In this way, CronHPA adjusts the maximum and minimum numbers of pods in the HPA policy at a fixed time and the scheduled scaling is compatible with the auto scaling.
                                                                                                              
 
                                                                                                              1. Create an HPA policy for the Deployment.
                                                                                                                apiVersion: autoscaling/v1
 kind: HorizontalPodAutoscaler
@@ -320,7 +321,7 @@ spec:
 
                                                                                                                Using CronHPA to Directly Adjust the Number of Deployment Pods
                                                                                                                CronHPA adjusts associated Deployments separately to periodically adjust the number of Deployment pods. The method is as follows:
                                                                                                                
 
                                                                                                                Using the CCE console
                                                                                                                
 
                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                2. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                                                                                                3. Set Policy Type to HPA+CronHPA, disable HPA, and enable CronHPA.
                                                                                                                  CronHPA periodically adjusts the number of workload pods.
                                                                                                                  
-
                                                                                                                4. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                  
+
                                                                                                                5. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                  
 
                                                                                                                  Table 5 CronHPA policy parameters
                                                                                                                  Parameter
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Description
                                                                                                                  
@@ -348,7 +349,7 @@ spec:
 
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                6. After configuring the preceding parameters, click OK. Then, the added policy rule is displayed in the rule list. Repeat the preceding steps to add multiple policy rules, but the triggering time of the policies must be different.
                                                                                                                7. Click Create.
                                                                                                                
-
                                                                                                                Using the kubectl command
                                                                                                                
+
                                                                                                                Using kubectl
                                                                                                                
 
                                                                                                                apiVersion: autoscaling.cce.io/v2alpha1
 kind: CronHorizontalPodAutoscaler
 metadata:
diff --git a/docs/cce/umn/cce_10_0421.html b/docs/cce/umn/cce_10_0421.html
index 1b98b4c7..6fb3a619 100644
--- a/docs/cce/umn/cce_10_0421.html
+++ b/docs/cce/umn/cce_10_0421.html
@@ -5,7 +5,7 @@
 
                                                                                                                Changes since Helm v2:
                                                                                                                
 
                                                                                                                1. Removal of Tiller
                                                                                                                  Helm v3 is simpler and easier to use. It removes tiller and directly connects to the API server using kubeconfig, simplifying the security model.
                                                                                                                  
 
                                                                                                                2. Improved upgrade strategy: 3-way strategic merge patches
                                                                                                                  Helm v2 used a two-way strategic merge patch. During an upgrade, it compared the most recent chart's manifest against the proposed chart's manifest to determine what changes needed to be applied to the resources in Kubernetes. If changes were applied to the cluster out-of-band (such as during a kubectl edit), those changes were not considered. This resulted in resources being unable to roll back to its previous state.
                                                                                                                  
-
                                                                                                                  Helm v3 uses a three-way strategic merge patch. Helm considers the old manifest, its live state, and the new manifest when generating a patch. Helm compares the current live state with the live state of the old manifest, checks whether the new manifest is modified, and automatically supplements the new manifest to generate the final update patch.
                                                                                                                  
+
                                                                                                                  Helm v3 uses a three-way strategic merge patch. Helm considers the original manifest, its live state, and the new manifest when generating a patch. Helm compares the current live state with the live state of the original manifest, checks whether the new manifest is modified, and automatically supplements the new manifest to generate the final update patch.
                                                                                                                  
 
                                                                                                                  For details and examples, see https://v3.helm.sh/docs/faq/changes_since_helm2.
                                                                                                                  
 
                                                                                                                3. Secrets as the default storage driver
                                                                                                                  Helm v2 used ConfigMaps by default to store release information. In Helm v3, Secrets are now used as the default storage driver.
                                                                                                                  
 
                                                                                                                4. Release names are now scoped to the namespace
                                                                                                                  In Helm v2, the information about each release was stored in the same namespace as Tiller. In practice, this meant that once a name was used by a release, no other release could use that same name, even if it was deployed in a different namespace. In Helm v3, information about a particular release is now stored in the same namespace as the release itself. This means that the release name can be used in different namespaces. The namespace of the application is the same as that of the release.
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0425.html b/docs/cce/umn/cce_10_0425.html
index 3157259b..668547b4 100644
--- a/docs/cce/umn/cce_10_0425.html
+++ b/docs/cce/umn/cce_10_0425.html
@@ -5,7 +5,7 @@
 
                                                                                                                  Both the CPU Manager and Topology Manager are kubelet components, but they have the following limitations:
                                                                                                                  
 
                                                                                                                  • The scheduler is not topology-aware. Therefore, the workload may be scheduled on a node and then fail on the node due to the Topology Manager. This is unacceptable for TensorFlow jobs. If any worker or ps failed on node, the job will fail.
                                                                                                                  • The managers are node-level that results in an inability to match the best node for NUMA topology in the whole cluster.
                                                                                                                  
 
                                                                                                                  Volcano targets to lift the limitation to make scheduler NUMA topology aware so that:
                                                                                                                  
-
                                                                                                                  • Pods are not scheduled to the nodes that NUMA topology does not match.
                                                                                                                  • Pods are scheduled to the best node for NUMA topology.
                                                                                                                  
+
                                                                                                                  • Pods are not scheduled to the nodes that NUMA topology does not match.
                                                                                                                  • Pods are scheduled to the most suitable node for NUMA topology.
                                                                                                                  
 
                                                                                                                  For more information, see https://github.com/volcano-sh/volcano/blob/master/docs/design/numa-aware.md.
                                                                                                                  
 
                                                                                                                
 
                                                                                                                Application Scope
                                                                                                                • CPU resource topology scheduling
                                                                                                                • Pod-level topology policies
                                                                                                                
@@ -113,8 +113,8 @@
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              Figure 1 shows the scheduling of a pod after a topology policy is configured.
                                                                                                              
-
                                                                                                              • When 9 CPU cores are requested by a pod and the best-effort topology policy is used, Volcano selects node 1 whose topology policy is also best-effort, and this policy allows the pod to be scheduled to multiple NUMA nodes. Therefore, the requested 9 CPU cores will be allocated to two NUMA nodes, and the pod can be scheduled to node 1.
                                                                                                              • When 9 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, and each node provides a total of 9 CPU cores. However, the remaining CPU cores on node 2 or 3 are less than the requested. Therefore, the pod cannot be scheduled.
                                                                                                              • When 17 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, this policy allows the pod to be scheduled to multiple NUMA nodes, and the upper CPU limit of the both nodes is less than 17. Then, the pod can be scheduled to node 3.
                                                                                                              • When 17 CPU cores are requested by a pod and the single-numa-node topology policy is used, Volcano selects nodes whose topology policy is also single-numa-node. However, no node can provide a total of 17 CPU cores. Therefore, the pod cannot be scheduled.
                                                                                                              
-
                                                                                                              Figure 1 Comparison of NUMA scheduling policies
                                                                                                              
+
                                                                                                              • When 9 CPU cores are requested by a pod and the best-effort topology policy is used, Volcano selects node 1 whose topology policy is also best-effort, and this policy allows the pod to be scheduled to multiple NUMA nodes. Therefore, the requested 9 CPU cores will be allocated to two NUMA nodes, and the pod can be scheduled to node 1.
                                                                                                              • When 9 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, and each node provides a total of 9 CPU cores. However, the remaining CPU cores on node 2 or 3 are less than the requested. Therefore, the pod cannot be scheduled.
                                                                                                              • When 17 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, this policy allows the pod to be scheduled to multiple NUMA nodes, and the upper CPU limit of both the nodes is less than 17. Then, the pod can be scheduled to node 3.
                                                                                                              • When 17 CPU cores are requested by a pod and the single-numa-node topology policy is used, Volcano selects nodes whose topology policy is also single-numa-node. However, no node can provide a total of 17 CPU cores. Therefore, the pod cannot be scheduled.
                                                                                                              
+
                                                                                                              Figure 1 Comparison of NUMA scheduling policies
                                                                                                              
 
                                                                                                              
 
                                                                                                              Scheduling Priority
                                                                                                              A topology policy aims to schedule pods to the optimal node. In this example, each node is scored to sort out the optimal node.
                                                                                                              
 
                                                                                                              Principle: Schedule pods to the worker nodes that require the fewest NUMA nodes.
                                                                                                              
@@ -131,8 +131,7 @@
 
                                                                                                              Enabling NUMA Affinity Scheduling for Volcano
                                                                                                              1. Enable static CPU management. For details, see Enabling the CPU Management Policy.
                                                                                                              2. Configure a CPU topology policy.
                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. On the right of the page, click the Node Pools tab and choose More > Manage in the Operation column of the target node pool.
                                                                                                                2. Change the kubelet Topology Management Policy (topology-manager-policy) value to the required CPU topology policy.
                                                                                                                  Valid topology policies include none, best-effort, restricted, and single-numa-node. For details, see Pod Scheduling Prediction.
                                                                                                                  
 
                                                                                                                
 
                                                                                                              3. Enable the numa-aware add-on and the resource_exporter function.
                                                                                                                Volcano 1.7.1 or later
                                                                                                                
-
                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons. On the right of the page, locate the Volcano add-on and click Edit. In the Parameters area, configure Volcano scheduler parameters.
                                                                                                                  {
-    "ca_cert": "",
+
                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons. On the right of the page, locate the Volcano add-on and click Edit. In the Parameters area, configure Volcano scheduler parameters.
                                                                                                                    ...
     "default_scheduler_conf": {
         "actions": "allocate, backfill, preempt",
         "tiers": [
@@ -201,9 +200,7 @@
             }
         ]
     },
-    "server_cert": "",
-    "server_key": ""
-}
                                                                                                                    
+...
                                                                                                                  
 
                                                                                                                
 
                                                                                                                Volcano earlier than 1.7.1
                                                                                                                1. The resource_exporter_enable parameter is enabled for the Volcano add-on to collect node NUMA information.
                                                                                                                  {
    "plugins": {
diff --git a/docs/cce/umn/cce_10_0426.html b/docs/cce/umn/cce_10_0426.html
new file mode 100644
index 00000000..bca6a457
--- /dev/null
+++ b/docs/cce/umn/cce_10_0426.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                  Changing the Default Security Group of a Node
                                                                                                                  
+
                                                                                                                  Scenario
                                                                                                                  When creating a cluster, you can customize a node security group to centrally manage network security policies. For a created cluster, you can change its default node security group.
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  Notes and Constraints
                                                                                                                  • Do not add more than 1000 pods to the same security group. Otherwise, the security group performance may be impacted. 
                                                                                                                  • Exercise caution when modifying the security group rules of a master node. 
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  Procedure
                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                  2. Click the cluster name to access the Overview page.
                                                                                                                  3. In the Network Configuration area, click  next to the Default Node Security Group.
                                                                                                                  4. Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
                                                                                                                     
                                                                                                                    • Ensure that correct port rules are configured for the selected security group. Otherwise, the node cannot be created. The port rules that a security group must comply with vary with the cluster type.
                                                                                                                    • The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. 
                                                                                                                    
+
                                                                                                                    
+
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  Parent topic: Managing a Cluster
                                                                                                                  
+
                                                                                                                  
+
                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0430.html b/docs/cce/umn/cce_10_0430.html
index 69a94625..9cb96da7 100644
--- a/docs/cce/umn/cce_10_0430.html
+++ b/docs/cce/umn/cce_10_0430.html
@@ -6,7 +6,7 @@
 
                                                                                                                  Cluster Network
                                                                                                                  A cluster network can be divided into three network types:
                                                                                                                  
 
                                                                                                                  • Node network: IP addresses are assigned to nodes in a cluster.
                                                                                                                  • Container network: IP addresses are assigned to containers in a cluster for communication. Currently, multiple container network models are supported, and each model has its own working mechanism.
                                                                                                                  • Service network: A Service is a Kubernetes object used to access containers. Each Service has a static IP address.
                                                                                                                  
 
                                                                                                                  When you create a cluster, select a proper CIDR block for each network. Ensure that the CIDR blocks do not conflict with each other and have sufficient available IP addresses. You cannot change the container network model after the cluster is created. Plan the container network model properly in advance.
                                                                                                                  
-
                                                                                                                  You are advised to learn about the cluster network and container network models before creating a cluster. For details, see Container Network Models.
                                                                                                                  
+
                                                                                                                  You are advised to learn about the cluster network and container network models before creating a cluster. For details, see Container Network.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Master Nodes and Cluster Scale
                                                                                                                  When you create a cluster on CCE, you can have one or three master nodes. Three master nodes will be deployed in a cluster for HA.
                                                                                                                  
 
                                                                                                                  The master node specifications decide the number of nodes that can be managed by a cluster. You can select the cluster management scale, for example, 50 or 200 nodes.
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0431.html b/docs/cce/umn/cce_10_0431.html
index 638b4de9..5d9b22ec 100644
--- a/docs/cce/umn/cce_10_0431.html
+++ b/docs/cce/umn/cce_10_0431.html
@@ -4,7 +4,7 @@
 
                                                                                                                  Check Items
                                                                                                                  Check the following items:
                                                                                                                  
 
                                                                                                                  • Check whether the node is available. 
                                                                                                                  • Check whether the node OS supports the upgrade.
                                                                                                                  • Check whether the node is marked with unexpected node pool labels.
                                                                                                                  • Check whether the Kubernetes node name is the same as the ECS name.
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                  Solution
                                                                                                                  1. The node is unavailable. Preferentially recover the node.
                                                                                                                    If a node is unavailable, log in to the CCE console and click the cluster name to access the cluster console. Then, choose Nodes in the navigation pane and click the Nodes tab. Ensure that the node is in the Running state. A node in the Installing or Deleting state cannot be upgraded.
                                                                                                                    
+
                                                                                                                    Solution
                                                                                                                    1. The node is unavailable. Preferentially recover the node.
                                                                                                                      If a node is unavailable, log in to the CCE console and click the cluster name to access the cluster console. Then, choose Nodes in the navigation pane. In the right pane, click the Nodes tab. Ensure that the node is in the Running state. A node in the Installing or Deleting state cannot be upgraded.
                                                                                                                      
 
                                                                                                                      If a node is unavailable, recover the node and retry the check task. 
                                                                                                                      
 
                                                                                                                    2. The node OS does not support the upgrade.
                                                                                                                      The following table lists the node OSs that support the upgrade. You can reset the node OS to an available OS in the list.
                                                                                                                      
 
@@ -39,7 +39,7 @@
 
                                                                                                                      • If no, delete the label.
                                                                                                                      • If yes, modify the load balancing policy, remove the dependency, and then delete the label.
                                                                                                                      
 
                                                                                                                    3. The node is marked with a CNIProblem taint. Preferentially recover the node.
                                                                                                                      The node contains a taint whose key is node.cloudprovider.kubernetes.io/cni-problem, and the effect is NoSchedule. The taint is added by the NPD add-on. Upgrade the NPD add-on to the latest version and check again. If the problem persists, contact technical support.
                                                                                                                      
 
                                                                                                                    4. The Kubernetes node corresponding to the affected node does not exist.
                                                                                                                      It is possible that the node is being deleted. Check again later.
                                                                                                                      
-
                                                                                                                    5. The OS running on the master node is EulerOS 2.5, which does not support the cluster to be upgraded to v1.27.5-r0.
                                                                                                                      You can upgrade the cluster to v1.25 or v1.28. If necessary, contact technical support.
                                                                                                                      
+
                                                                                                                    6. The OS running on the master node is EulerOS 2.5, which does not support the cluster to be upgraded to v1.27.5-r0.
                                                                                                                      You can upgrade the version to 1.25 or 1.28. If you choose to upgrade the version to 1.28, EulerOS 2.5 will be upgraded to HCE 2.0 during the upgrade. If you have other requirements, submit a service ticket.
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0436.html b/docs/cce/umn/cce_10_0436.html
index 45d2683f..a3313542 100644
--- a/docs/cce/umn/cce_10_0436.html
+++ b/docs/cce/umn/cce_10_0436.html
@@ -6,7 +6,7 @@
 
                                                                                                                  Solution
                                                                                                                  • Scenario: The node pool malfunctions.
                                                                                                                    Log in to the CCE console and click the cluster name to access the cluster console. Choose Nodes in the navigation pane and view the status of the affected node pool on the Node Pools tab. If the node pool is being scaled, wait until the node pool scaling is complete.
                                                                                                                    
 
                                                                                                                  • Scenario: The node pool OS is not supported.
                                                                                                                    The runtime and OS vary depending on the cluster version. This issue typically occurs when a cluster of an earlier version is upgraded to v1.27 or later. 
                                                                                                                    
 
                                                                                                                    Log in to the CCE console and click the cluster name to access the cluster console. Choose Nodes in the navigation pane, view the status of the affected node pool on the Node Pools tab, and click Upgrade. Change the supported OSs based on the pre-upgrade check result, and click OK.
                                                                                                                    
-
                                                                                                                    If there are nodes in the affected node pool, choose More > Synchronize in the operation column to synchronize the OS of the existing nodes. For details, see Synchronizing Node Pools.
                                                                                                                    
+
                                                                                                                    If there are nodes in the affected node pool, choose More > Synchronize in the operation column to synchronize the OS of the existing nodes. For details, see Synchronizing Node Pools.
                                                                                                                    
 
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0437.html b/docs/cce/umn/cce_10_0437.html
index eea8d853..9c2fcf47 100644
--- a/docs/cce/umn/cce_10_0437.html
+++ b/docs/cce/umn/cce_10_0437.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                  Security Groups
                                                                                                                  
-
                                                                                                                  Check Items
                                                                                                                  Check whether the Protocol & Port of the worker node security groups are set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.
                                                                                                                  
+
                                                                                                                  Check Items
                                                                                                                  Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.
                                                                                                                  
 
                                                                                                                   
                                                                                                                  This check item is performed only for clusters using VPC networking. For clusters using other networking, skip this check item.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0439.html b/docs/cce/umn/cce_10_0439.html
index 55975454..8c5e8aa2 100644
--- a/docs/cce/umn/cce_10_0439.html
+++ b/docs/cce/umn/cce_10_0439.html
@@ -1,7 +1,7 @@
 
 
-
                                                                                                                  To-Be-Migrated Nodes
                                                                                                                  
-
                                                                                                                  Check Items
                                                                                                                  Check whether the node needs to be migrated.
                                                                                                                  
+
                                                                                                                  Residual Nodes
                                                                                                                  
+
                                                                                                                  Check Items
                                                                                                                  Check whether nodes need to be migrated.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Solution
                                                                                                                  For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before performing the upgrade again.
                                                                                                                  
 
                                                                                                                  Solution 1
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0441.html b/docs/cce/umn/cce_10_0441.html
index a31f832d..d54bad88 100644
--- a/docs/cce/umn/cce_10_0441.html
+++ b/docs/cce/umn/cce_10_0441.html
@@ -15,7 +15,7 @@
 
                                                                                                              v1.23 or v1.25
                                                                                                              
 
                                                                                                              Upgraded to v1.27
                                                                                                              
 
                                                                                                              Docker is no longer recommended. Use containerd instead. For details, see Container Engine.
                                                                                                              
+
                                                                                                              Docker is no longer recommended. Use containerd instead. For details, see Container Engines.
                                                                                                              
                                                                                                               		
 
                                                                                                              This item has been included in the pre-upgrade check.
                                                                                                              
 
                                                                                                              Before the upgrade, check whether the timeout is properly set for the exec probe.
                                                                                                              
                                                                                                               		
 
                                                                                                              kube-apiserver of CCE 1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                                              
-
                                                                                                              Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                                              
+
                                                                                                              kube-apiserver of CCE v1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                                              
+
                                                                                                              Root cause: X.509 CommonName is discarded in Go v1.15. kube-apiserver of CCE v1.19 is compiled using Go v1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                                              
                                                                                                               		
 
                                                                                                              Before the upgrade, check whether the SAN field is configured in the certificate of your webhook server.
                                                                                                              
 
                                                                                                              • If you do not have your own webhook server, you can skip this check.
                                                                                                              • If the field is not set, use the SAN field to specify the IP address and domain name supported by the certificate.
                                                                                                              
@@ -46,95 +46,95 @@
 
                                                                                                              
 
                                                                                                              
 
-
                                                                                                              Table 1 QoS class changes before and after the upgrade
                                                                                                              Init Container (Calculated Based on spec.initContainers)
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0442.html b/docs/cce/umn/cce_10_0442.html
index a53049d1..4cab0b43 100644
--- a/docs/cce/umn/cce_10_0442.html
+++ b/docs/cce/umn/cce_10_0442.html
@@ -11,7 +11,7 @@
 
                                                                                                              Solution
                                                                                                              1. Log in to a node where the check succeeded, obtain the path of the cce-agent configuration file, and obtain the OBS address.
                                                                                                                cat `ps aux | grep cce-agent | grep -v grep | awk -F '-f ' '{print $2}'`
                                                                                                                
 
                                                                                                                The OBS configuration address field in the configuration file is packageFrom.addr.
                                                                                                                
-
                                                                                                                Figure 1 OBS address
                                                                                                                
+
                                                                                                                Figure 1 OBS address
                                                                                                                
 
                                                                                                              2. Log in to a where the check failed, obtain the OBS address again by referring to the previous step, and check whether the OBS addresses are the same. If they are different, change the OBS address of the abnormal node to the correct address.
                                                                                                              3. Run the following commands to download the latest binary file:
                                                                                                                • x86
                                                                                                                  curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent" > /tmp/cce-agent
                                                                                                                  
 
                                                                                                                • Arm
                                                                                                                  curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent-arm" > /tmp/cce-agent-arm
                                                                                                                  
 
                                                                                                                
diff --git a/docs/cce/umn/cce_10_0448.html b/docs/cce/umn/cce_10_0448.html
index b80d4a1c..fb512cc9 100644
--- a/docs/cce/umn/cce_10_0448.html
+++ b/docs/cce/umn/cce_10_0448.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                Kubelet
                                                                                                                
+
                                                                                                                kubelet
                                                                                                                
 
                                                                                                                Check Items
                                                                                                                Check whether the kubelet on the node is running properly.
                                                                                                                
 
                                                                                                                
 
                                                                                                                Solution
                                                                                                                • Scenario 1: The kubelet status is abnormal.
                                                                                                                  If the kubelet malfunctions, the node is unavailable. Restore the node and check again. For details, see What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0450.html b/docs/cce/umn/cce_10_0450.html
index 52f585a9..467576b6 100644
--- a/docs/cce/umn/cce_10_0450.html
+++ b/docs/cce/umn/cce_10_0450.html
@@ -5,11 +5,11 @@
 
                                                                                                                
 
                                                                                                                Solution
                                                                                                                • Scenario 1: ntpd is running abnormally.
                                                                                                                  Log in to the node and run the systemctl status ntpd command to obtain the running status of ntpd. If the command output is abnormal, run the systemctl restart ntpd command and obtain the status again.
                                                                                                                  
 
                                                                                                                  The normal command output is as follows:
                                                                                                                  
-
                                                                                                                  Figure 1 Running status of ntpd
                                                                                                                  
+
                                                                                                                  Figure 1 Running status of ntpd
                                                                                                                  
 
                                                                                                                  If the problem persists after ntpd is restarted, contact technical support.
                                                                                                                  
 
                                                                                                                • Scenario 2: chronyd is running abnormally.
                                                                                                                  Log in to the node and run the systemctl status chronyd command to obtain the running status of chronyd. If the command output is abnormal, run the systemctl restart chronyd command and obtain the status again.
                                                                                                                  
 
                                                                                                                  The normal command output is as follows:
                                                                                                                  
-
                                                                                                                  Figure 2 Running status of chronyd
                                                                                                                  
+
                                                                                                                  Figure 2 Running status of chronyd
                                                                                                                  
 
                                                                                                                  If the problem persists after chronyd is restarted, contact technical support.
                                                                                                                  
 
                                                                                                                
 
                                                                                                                
diff --git a/docs/cce/umn/cce_10_0456.html b/docs/cce/umn/cce_10_0456.html
index ff764316..8ffc43a1 100644
--- a/docs/cce/umn/cce_10_0456.html
+++ b/docs/cce/umn/cce_10_0456.html
@@ -5,7 +5,7 @@
 
                                                                                                                
 
                                                                                                                Solution
                                                                                                                Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the command output is abnormal, run the systemctl restart systemd-journald command and obtain the status again.
                                                                                                                
 
                                                                                                                The normal command output is as follows:
                                                                                                                
-
                                                                                                                Figure 1 Running status of journald
                                                                                                                
+
                                                                                                                Figure 1 Running status of journald
                                                                                                                
 
                                                                                                                If the problem persists after journald is restarted, contact technical support.
                                                                                                                
 
                                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0460.html b/docs/cce/umn/cce_10_0460.html
index 82123e88..3d6cb70a 100644
--- a/docs/cce/umn/cce_10_0460.html
+++ b/docs/cce/umn/cce_10_0460.html
@@ -19,7 +19,7 @@
 
 
 
                                                                                                                Solution
                                                                                                                Scenario 1: The node is skipped during the cluster upgrade.
                                                                                                                
-
                                                                                                                1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                                                  Figure 1 kubelet version
                                                                                                                  
+
                                                                                                                  1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                  2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                                                    Figure 1 kubelet version
                                                                                                                    
 
                                                                                                                    If the version of the node is different from that of other nodes, the node is skipped during the upgrade. Reset the node and upgrade the cluster again. For details about how to reset a node, see Resetting a Node.
                                                                                                                    
 
                                                                                                                     
                                                                                                                    Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0462.html b/docs/cce/umn/cce_10_0462.html
index 3dd6e8a5..bed65629 100644
--- a/docs/cce/umn/cce_10_0462.html
+++ b/docs/cce/umn/cce_10_0462.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                    Container Engine
                                                                                                                    
+
                                                                                                                    Container Engines
                                                                                                                    
 
                                                                                                                    Introduction to Container Engines
                                                                                                                    Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime through the Container Runtime Interface (CRI).
                                                                                                                    
 
                                                                                                                    CCE supports containerd and Docker. containerd is recommended for its shorter traces, fewer components, higher stability, and less consumption of node resources.
                                                                                                                    
 
@@ -16,7 +16,7 @@
 
 
                                                                                                              
-
@@ -110,7 +110,7 @@
 
-
@@ -141,24 +141,23 @@
 
-
@@ -426,9 +425,9 @@
 
                                                                                                               
                                                                                                              Containers created and started by containerd are immediately deleted by kubelet. containerd does not support suspending, resuming, restarting, renaming, and waiting for containers, nor Docker image build, import, export, comparison, push, search, and labeling. containerd does not support file copy. You can log in to the image repository by modifying the configuration file of containerd.
                                                                                                              
 
                                                                                                              
-
                                                                                                              Differences in Tracing
                                                                                                              • Docker (Kubernetes 1.23 and earlier):
                                                                                                                kubelet --> docker shim (in the kubelet process) --> docker --> containerd
                                                                                                                
+
                                                                                                                Differences in Tracing
                                                                                                                • Docker (Kubernetes v1.23 and earlier versions):
                                                                                                                  kubelet --> dockershim (in the kubelet process) --> docker --> containerd
                                                                                                                  
 
                                                                                                                • Docker (community solution for Kubernetes v1.24 or later):
                                                                                                                  kubelet --> cri-dockerd (kubelet uses CRI to connect to cri-dockerd) --> docker--> containerd 
                                                                                                                  
-
                                                                                                                • containerd:
                                                                                                                  kubelet --> cri plugin (in the containerd process) --> containerd
                                                                                                                  
+
                                                                                                                • containerd:
                                                                                                                  kubelet --> CRI plugin (in the containerd process) --> containerd
                                                                                                                  
 
                                                                                                                
 
                                                                                                                Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it also introduces bugs. Compared with containerd, Docker has one more layer of calling. Therefore, containerd is more resource-saving and secure.
                                                                                                                
 
                                                                                                                
diff --git a/docs/cce/umn/cce_10_0463.html b/docs/cce/umn/cce_10_0463.html
index 193947a4..19425fb7 100644
--- a/docs/cce/umn/cce_10_0463.html
+++ b/docs/cce/umn/cce_10_0463.html
@@ -1,97 +1,97 @@
 
 
-
                                                                                                                Kata Runtime and Common Runtime
                                                                                                                
-
                                                                                                                The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualization layer. With Kata runtime, kernels, compute resources, and networks are isolated between containers to protect pod resources and data from being preempted and stolen by other pods.
                                                                                                                
-
                                                                                                                CCE Turbo clusters allow you to create workloads using common runtime or Kata runtime as required. The differences between them are as follows.
                                                                                                                
+
                                                                                                                Secure Runtime and Common Runtime
                                                                                                                
+
                                                                                                                The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualization layer. With a secure runtime, kernels, compute resources, and networks are isolated between containers to protect pod resources and data from being preempted and stolen by other pods.
                                                                                                                
+
                                                                                                                CCE Turbo clusters allow you to create workloads using a common runtime or secure runtime as required. The differences between them are as follows.
                                                                                                                
 
 
                                                                                                              Table 1 QoS class changes before and after the upgrade
                                                                                                              Init Container (Calculated Based on spec.initContainers)
                                                                                                              
 
                                                                                                              Service Container (Calculated Based on spec.containers)
                                                                                                              
+
                                                                                                              Service Container (Calculated Based on spec.containers)
                                                                                                              
 
                                                                                                              Pod (Calculated Based on spec.containers and spec.initContainers)
                                                                                                              
+
                                                                                                              Pod (Calculated Based on spec.containers and spec.initContainers)
                                                                                                              
 
                                                                                                              Impacted or Not
                                                                                                              
+
                                                                                                              Impacted or Not
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Yes
                                                                                                              
+
                                                                                                              Yes
                                                                                                              
                                                                                                               		
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              No
                                                                                                              
+
                                                                                                              No
                                                                                                              
                                                                                                               		
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              No
                                                                                                              
+
                                                                                                              No
                                                                                                              
                                                                                                               		
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              No
                                                                                                              
+
                                                                                                              No
                                                                                                              
                                                                                                               		
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              No
                                                                                                              
+
                                                                                                              No
                                                                                                              
                                                                                                               		
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Yes
                                                                                                              
+
                                                                                                              Yes
                                                                                                              
                                                                                                               		
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Besteffort
                                                                                                              
+
                                                                                                              Besteffort
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Yes
                                                                                                              
+
                                                                                                              Yes
                                                                                                              
                                                                                                               		
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              No
                                                                                                              
+
                                                                                                              No
                                                                                                              
                                                                                                               		
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Guaranteed
                                                                                                              
+
                                                                                                              Guaranteed
                                                                                                              
 
                                                                                                              Burstable
                                                                                                              
+
                                                                                                              Burstable
                                                                                                              
 
                                                                                                              Yes
                                                                                                              
+
                                                                                                              Yes
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
                                                                                                              kubelet --> CRI plugin (in the containerd process) --> containerd
                                                                                                              
 
                                                                                                              • Docker (Kubernetes v1.23 and earlier):
                                                                                                                kubelet --> dockershim (in the kubelet process) --> docker --> containerd
                                                                                                                
+
                                                                                                              • Docker (Kubernetes v1.23 and earlier versions):
                                                                                                                kubelet --> dockershim (in the kubelet process) --> docker --> containerd
                                                                                                                
 
                                                                                                              • Docker (community solution for Kubernetes v1.24 or later):
                                                                                                                kubelet --> cri-dockerd (kubelet uses CRI to connect to cri-dockerd) --> docker--> containerd
                                                                                                                
 
                                                                                                              
 
                                                                                                              runC
                                                                                                              
                                                                                                               		
 
                                                                                                              HCE OS 2.0
                                                                                                              
+
                                                                                                              HCE OS 2.0
                                                                                                              
                                                                                                               		
 
                                                                                                              5.x
                                                                                                              
 
                                                                                                              
 
 
                                                                                                              ECS (VM)
                                                                                                              
-
                                                                                                              
+
                                                                                                              
                                                                                                               		
 
                                                                                                              EulerOS 2.9
                                                                                                              
                                                                                                               		
 
                                                                                                              4.x
                                                                                                              
                                                                                                               		
 
                                                                                                              Docker
                                                                                                              
-
                                                                                                              containerd
                                                                                                              
-
                                                                                                              
+
                                                                                                              containerd
                                                                                                              
                                                                                                               		
 
                                                                                                              OverlayFS
                                                                                                              
-
                                                                                                              
+
                                                                                                              
                                                                                                               		
 
                                                                                                              runC
                                                                                                              
-
                                                                                                              
+
                                                                                                              
                                                                                                               		
 
                                                                                                              HCE OS 2.0
                                                                                                              
+
                                                                                                              HCE OS 2.0
                                                                                                              
                                                                                                               		
 
                                                                                                              5.x
                                                                                                              
                                                                                                               		
 
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -100,7 +100,7 @@
 
                                                                                                              
 
                                                                                                              
-
                                                                                                              Parent topic: Workloads
                                                                                                              
+
                                                                                                              Parent topic: Configuring a Workload
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0465.html b/docs/cce/umn/cce_10_0465.html
index 8ed0f0bf..14cd85d9 100644
--- a/docs/cce/umn/cce_10_0465.html
+++ b/docs/cce/umn/cce_10_0465.html
@@ -12,7 +12,7 @@
 
                                                                                                              
-
                                                                                                              Parent topic: Permissions
                                                                                                              
+
                                                                                                              Parent topic: Workloads
                                                                                                              
 
                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0476.html b/docs/cce/umn/cce_10_0476.html
index 90628a30..d844384f 100644
--- a/docs/cce/umn/cce_10_0476.html
+++ b/docs/cce/umn/cce_10_0476.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                              Node OS
                                                                                                              
+
                                                                                                              Node OSs
                                                                                                              This section describes the mappings between released cluster versions and OS versions.
                                                                                                              
-
                                                                                                              Node OSs and Cluster Versions
                                                                                                              
-
                                                                                                              Category
                                                                                                              
 
                                                                                                              Kata Runtime
                                                                                                              
+
                                                                                                              Secure Runtime
                                                                                                              
 
                                                                                                              Common Runtime
                                                                                                              
+
                                                                                                              Common Runtime
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
                                                                                                              Node type used to run containers
                                                                                                              
 
                                                                                                              ECS (PM)
                                                                                                              
+
                                                                                                              ECS (PM)
                                                                                                              
 
                                                                                                              ECS (VM)
                                                                                                              
+
                                                                                                              ECS (VM)
                                                                                                              
 
                                                                                                              ECS (PM)
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Container engine
                                                                                                              
 
                                                                                                              containerd
                                                                                                              
+
                                                                                                              containerd
                                                                                                              
 
                                                                                                              Docker and containerd
                                                                                                              
+
                                                                                                              Docker and containerd
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Container runtime
                                                                                                              
 
                                                                                                              Kata
                                                                                                              
+
                                                                                                              Kata
                                                                                                              
 
                                                                                                              runC
                                                                                                              
+
                                                                                                              runC
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Container kernel
                                                                                                              
 
                                                                                                              Exclusive kernel
                                                                                                              
+
                                                                                                              Exclusive kernel
                                                                                                              
 
                                                                                                              Sharing the kernel with the host
                                                                                                              
+
                                                                                                              Sharing the kernel with the host
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Container isolation
                                                                                                              
 
                                                                                                              Lightweight VMs
                                                                                                              
+
                                                                                                              Lightweight VMs
                                                                                                              
 
                                                                                                              cgroups and namespaces
                                                                                                              
+
                                                                                                              cgroups and namespaces
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Container engine storage driver
                                                                                                              
 
                                                                                                              Device Mapper
                                                                                                              
+
                                                                                                              Device Mapper
                                                                                                              
 
                                                                                                              • Docker container: OverlayFS2
                                                                                                              • containerd container: OverlayFS
                                                                                                              
+
                                                                                                              • Docker container: OverlayFS2
                                                                                                              • containerd container: OverlayFS
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Pod overhead
                                                                                                              
 
                                                                                                              Memory: 100 MiB
                                                                                                              
+
                                                                                                              Memory: 100 MiB
                                                                                                              
 
                                                                                                              CPU: 0.1 cores
                                                                                                              
-
                                                                                                              Pod overhead is a feature for accounting for the resources consumed by the pod infrastructure on top of the container requests and limits. For example, if limits.cpu is set to 0.5 cores and limits.memory to 256 MiB for a pod, the pod will request 0.6-core CPUs and 356 MiB of memory.
                                                                                                              
+
                                                                                                              Pod overhead is a feature for accounting for the resources consumed by the pod infrastructure on top of the container requests and limits. For example, if limits.cpu is set to 0.5 cores and limits.memory to 256 MiB for a pod, the pod will request 0.6 CPU cores and 356 MiB of memory.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              Minimal specifications
                                                                                                              
+
                                                                                                              Minimize flavor
                                                                                                              
 
                                                                                                              Memory: 256 MiB
                                                                                                              
+
                                                                                                              Memory: 256 MiB
                                                                                                              
 
                                                                                                              CPU: 0.25 cores
                                                                                                              
 
                                                                                                              It is recommended that the ratio of CPU (unit: core) to memory (unit: GiB) be in the range of 1:1 to 1:8. For example, if CPU is 0.5 cores, the memory should range form 512 MiB to 4 GiB.
                                                                                                              
 
                                                                                                              None
                                                                                                              
+
                                                                                                              None
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Container engine CLI
                                                                                                              
 
                                                                                                              crictl
                                                                                                              
+
                                                                                                              crictl
                                                                                                              
 
                                                                                                              • Docker container: docker
                                                                                                              • containerd container: crictl
                                                                                                              
+
                                                                                                              • Docker container: docker
                                                                                                              • containerd container: crictl
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Pod computing resources
                                                                                                              
 
                                                                                                              The request and limit values must be the same for both CPU and memory.
                                                                                                              
+
                                                                                                              The request and limit values must be the same for both CPU and memory.
                                                                                                              
 
                                                                                                              The request and limit values can be different for both CPU and memory.
                                                                                                              
+
                                                                                                              The request and limit values can be different for both CPU and memory.
                                                                                                              
                                                                                                               		
 
                                                                                                              Host Network
                                                                                                              
+
                                                                                                              hostNetwork
                                                                                                              
 
                                                                                                              Not supported
                                                                                                              
+
                                                                                                              Not supported
                                                                                                              
 
                                                                                                              Supported
                                                                                                              
+
                                                                                                              Supported
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
 
 
 
 
                                                                                                              Table 1 Mapping between node OS versions and cluster versions
                                                                                                              OS
                                                                                                              
+
                                                                                                              Node OSs and Cluster Types
                                                                                                              
+
                                                                                                              
@@ -22,22 +22,31 @@
 
-
-
-
-
-
+
+
+
+
+
+
@@ -48,7 +57,7 @@
 
-
@@ -59,28 +68,39 @@
 
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
diff --git a/docs/cce/umn/cce_10_0477.html b/docs/cce/umn/cce_10_0477.html
index 50abc311..d6445089 100644
--- a/docs/cce/umn/cce_10_0477.html
+++ b/docs/cce/umn/cce_10_0477.html
@@ -10,8 +10,8 @@
 
                                                                                                               
                                                                                                              If you need a token that never expires, you can also manually manage secrets for service accounts. Although a permanent service account token can be manually created, you are advised to use a short-lived token by calling the TokenRequest API for higher security.
                                                                                                              
 
                                                                                                              Diagnosis
                                                                                                              Perform the following steps to check your CCE clusters of v1.21 or later:
                                                                                                              
-
                                                                                                              1. Use kubectl to connect to the cluster and run the kubectl get --raw "/metrics" | grep stale command to obtain the metrics. Check the metric named serviceaccount_stale_tokens_total.
                                                                                                                If the value is greater than 0, some workloads in the cluster may be using an earlier client-go version. In this case, check whether this problem occurs in your deployed applications. If yes, upgrade client-go to the version specified by the community as soon as possible. The version must be at least two major versions of the CCE cluster. For example, if your cluster version is 1.23, the Kubernetes dependency library version must be at least 1.19.
                                                                                                                
-
                                                                                                                
+
                                                                                                                1. Use kubectl to access the cluster and run the kubectl get --raw "/metrics" | grep stale command to obtain the metrics. Check the metric named serviceaccount_stale_tokens_total.
                                                                                                                  If the value is greater than 0, some workloads in the cluster may be using an earlier client-go version. In this case, check whether this problem occurs in your deployed applications. If yes, upgrade client-go to the version specified by the community as soon as possible. The version must be at least two major versions of the CCE cluster. For example, if your cluster version is 1.23, the Kubernetes dependency library version must be at least 1.19.
                                                                                                                  
+
                                                                                                                  
 
                                                                                                                
 
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0488.html b/docs/cce/umn/cce_10_0488.html
index 45b246f5..bae659ab 100644
--- a/docs/cce/umn/cce_10_0488.html
+++ b/docs/cce/umn/cce_10_0488.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                              IPv6 Capabilities of a CCE Turbo Cluster
                                                                                                              
+
                                                                                                              IPv6 Support in CCE Turbo Clusters
                                                                                                              Check Items
                                                                                                              If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Solution
                                                                                                              CCE Turbo clusters support IPv6 since v1.23. This feature is available in the following versions:
                                                                                                              • v1.23: 1.23.8-r0 or later
                                                                                                              • v1.25: 1.25.3-r0 or later
                                                                                                              • v1.25 or later
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0489.html b/docs/cce/umn/cce_10_0489.html
index 8a634263..9bdca389 100644
--- a/docs/cce/umn/cce_10_0489.html
+++ b/docs/cce/umn/cce_10_0489.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                              Node NetworkManager
                                                                                                              
+
                                                                                                              NetworkManager
                                                                                                              
 
                                                                                                              Check Items
                                                                                                              Check whether NetworkManager of a node is normal.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Solution
                                                                                                              Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager. If the command output is abnormal, run the systemctl restart NetworkManager command and obtain the status again.
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0493.html b/docs/cce/umn/cce_10_0493.html
index 2ed84628..9aac6455 100644
--- a/docs/cce/umn/cce_10_0493.html
+++ b/docs/cce/umn/cce_10_0493.html
@@ -22,7 +22,7 @@ exit(1);
 " > corefile_record.txt
 cat corefile_record.txt
 
                                                                                                            5. Compare the output differences between 2 and 3.
                                                                                                              diff corefile_now.txt corefile_record.txt -y;
                                                                                                              
-
                                                                                                              Figure 1 Viewing output differences
                                                                                                              
+
                                                                                                              Figure 1 Viewing output differences
                                                                                                              
 
                                                                                                            6. Return to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, select CoreDNS, and click Upgrade.
                                                                                                              To retain custom configurations, use either of the following methods:
                                                                                                              • (Recommended) Set parameterSyncStrategy to inherit. In this case, custom settings are automatically inherited. The system automatically parses, identifies, and inherits custom parameters.
                                                                                                              • Set parameterSyncStrategy to force. Manually enter the differential configuration. For details, see CoreDNS.
                                                                                                              
 
                                                                                                              
 
                                                                                                            7. Click OK. After the add-on upgrade is complete, check whether all CoreDNS instances are available and whether Corefile meets the expectation.
                                                                                                              kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}'
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0494.html b/docs/cce/umn/cce_10_0494.html
index 333e7a7f..16774eb3 100644
--- a/docs/cce/umn/cce_10_0494.html
+++ b/docs/cce/umn/cce_10_0494.html
@@ -1,7 +1,7 @@
 
 
-
                                                                                                              sudo Commands of a Node
                                                                                                              
-
                                                                                                              Check Items
                                                                                                              Whether the sudo commands and sudo-related files of the node are working
                                                                                                              
+
                                                                                                              sudo
                                                                                                              
+
                                                                                                              Check Items
                                                                                                              Check whether the sudo commands and sudo-related files of the node are working.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Solution
                                                                                                              • Scenario 1: The sudo command fails to be executed.
                                                                                                                During the in-place cluster upgrade, the sudo command must be available. Log in to the node and run the following command to check whether the sudo command is available:
                                                                                                                
 
                                                                                                                sudo echo hello
                                                                                                                
diff --git a/docs/cce/umn/cce_10_0495.html b/docs/cce/umn/cce_10_0495.html
index 77d943d8..38b4240d 100644
--- a/docs/cce/umn/cce_10_0495.html
+++ b/docs/cce/umn/cce_10_0495.html
@@ -1,11 +1,15 @@
 
 
-
                                                                                                                Key Commands of Nodes
                                                                                                                
+
                                                                                                                Key Node Commands
                                                                                                                
 
                                                                                                                Check Items
                                                                                                                Whether some key commands that the node upgrade depends on are working
                                                                                                                
 
                                                                                                                
 
                                                                                                                Solution
                                                                                                                • Scenario 1: Executing the package manager command failed.
                                                                                                                  Executing the rpm or dpkg command failed. In this case, log in to the affected node and check whether the following commands are available:
                                                                                                                  
 
                                                                                                                  • rpm:
                                                                                                                    rpm -qa
                                                                                                                    
-
                                                                                                                  • dpkg:
                                                                                                                    dpkg -l
                                                                                                                    
+
                                                                                                                    Run the following command for recovery:
                                                                                                                    rpm --rebuilddb
                                                                                                                    
+
                                                                                                                    
+
                                                                                                                  • dpkg:
                                                                                                                    dpkg -l
                                                                                                                    
+
                                                                                                                    Run the following command for recovery:
                                                                                                                    dpkg --configure -a
                                                                                                                    
+
                                                                                                                    
 
                                                                                                                  
 
                                                                                                                
 
                                                                                                                • Scenario 2: The systemctl status command fails to be executed.
                                                                                                                  If the systemctl status command on a node is unavailable, many check items will be affected. Log in to the node and check the availability of the following commands:
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0497.html b/docs/cce/umn/cce_10_0497.html
index c08a871c..603f66d2 100644
--- a/docs/cce/umn/cce_10_0497.html
+++ b/docs/cce/umn/cce_10_0497.html
@@ -4,13 +4,13 @@
 
                                                                                                                  Check Items
                                                                                                                  Check whether the certificate used by an HTTPS load balancer has been modified on ELB.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Solution
                                                                                                                  The certificate referenced by an HTTPS ingress created on CCE is modified on the ELB console. This leads to inconsistent certificate content in the CCE cluster and that required by the load balancer. After the CCE cluster is upgraded, the load balancer's certificate is overwritten.
                                                                                                                  
-
                                                                                                                  1. Log in to the ELB console, choose Elastic Load Balance > Certificates, locate the certificate, and find the secret_id in the certificate description.
                                                                                                                    The secret_id is the metadata.uid of the Secret in the cluster. Use this UID to obtain the Secret name in the cluster.
                                                                                                                    
-
                                                                                                                    Run the following kubectl command to obtain the Secret name (replace <secret_id> with the actual value):
                                                                                                                    kubectl get secret --all-namespaces -o jsonpath='{range .items[*]}{"uid:"}{.metadata.uid}{" namespace:"}{.metadata.namespace}{" name:"}{.metadata.name}{"\n"}{end}' | grep <secret_id>
                                                                                                                    
+
                                                                                                                    1. Log in to the ELB console, choose Elastic Load Balance > Certificates, locate the certificate, and find the secret_id in the certificate description.
                                                                                                                      The secret_id is the metadata.uid of the secret in the cluster. Use this UID to obtain the secret name in the cluster.
                                                                                                                      
+
                                                                                                                      Run the following kubectl command to obtain the secret name (replace <secret_id> with the actual value):
                                                                                                                      kubectl get secret --all-namespaces -o jsonpath='{range .items[*]}{"uid:"}{.metadata.uid}{" namespace:"}{.metadata.namespace}{" name:"}{.metadata.name}{"\n"}{end}' | grep <secret_id>
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                    2. Only clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, and later versions support certificates required by load balancers. For clusters of the earlier versions, see Solution 1. For clusters of other versions, see Solution 2.
                                                                                                                      • Solution 1: Replace the certificate used by an ingress with the one used by the load balancer. Then, you can create or edit the certificate on the ELB console.
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, locate the row containing the ingress that uses the certificate, and choose More > Update in the Operation column. If multiple ingresses are using this certificate, update the certificate for all of these ingresses. To check which ingresses are using a certificate, use the secertName parameter in spec.tls of the ingress YAML files.
                                                                                                                          Run the following kubectl command to obtain the ingresses using a certificate (replace <secret_id> with the actual value):
                                                                                                                          
+
                                                                                                                        2. Only clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, and later versions support certificates required by load balancers. For clusters of the earlier versions, see Solution 1. For clusters of other versions, see Solution 2.
                                                                                                                          • Solution 1: Replace the certificate used by an ingress with the one used by the load balancer. Then, you can create or edit the certificate on the ELB console.
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, locate the row containing the ingress that uses the certificate, and choose More > Update in the Operation column. If multiple ingresses are using this certificate, update the certificate for all of these ingresses. To check which ingresses are using a certificate, use the secretName parameter in spec.tls of the ingress YAML files.
                                                                                                                              Run the following kubectl command to obtain the ingresses using a certificate (replace <secret_name> with the actual value):
                                                                                                                              
 
                                                                                                                              kubectl get ingress --all-namespaces -o jsonpath='{range .items[*]}{"namespace:"}{.metadata.namespace}{" name:"}{.metadata.name}{" tls:"}{.spec.tls[*]}{"\n"}{end}' | grep <secret_name>
                                                                                                                              
-
                                                                                                                            2. When configuring a listener, select ELB server certificate for Certificate Source and click OK. In this way, the certificate can be created or edited on the ELB console.
                                                                                                                            3. On the ConfigMaps and Secrets page, delete the target Secret. Before the deletion, back up data.
                                                                                                                            
-
                                                                                                                          • Solution 2: Overwrite the certificate used by an ingress with the corresponding Secret resource of the cluster to prevent the certificate being updated on the ELB console during the cluster upgrade.
                                                                                                                            Log in to the CCE console and click the cluster name to access the cluster console. Choose ConfigMaps and Secrets from the navigation pane, click the Secrets tab, locate the row containing the target Secret, click Update in the Operation column, and enter the certificate you are using.
                                                                                                                            
+
                                                                                                                          • When configuring a listener, select ELB server certificate for Certificate Source and click OK. In this way, the certificate can be created or edited on the ELB console.
                                                                                                                          • On the ConfigMaps and Secrets page, delete the target secret. Before the deletion, back up data.
                                                                                                                        
+
                                                                                                                      • Solution 2: Overwrite the certificate used by an ingress with the corresponding secret resource of the cluster to prevent the certificate being updated on the ELB console during the cluster upgrade.
                                                                                                                        Log in to the CCE console and click the cluster name to access the cluster console. Choose ConfigMaps and Secrets from the navigation pane, click the Secrets tab, locate the row containing the target secret, click Update in the Operation column, and enter the certificate you are using.
                                                                                                                        
 
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0498.html b/docs/cce/umn/cce_10_0498.html
index 8e158337..95bae5d9 100644
--- a/docs/cce/umn/cce_10_0498.html
+++ b/docs/cce/umn/cce_10_0498.html
@@ -2,15 +2,15 @@
 
 
                                                                                                                    Node Mounting
                                                                                                                    
 
                                                                                                                    Check Items
                                                                                                                    Check whether the default mount directory and soft link on the node have been manually mounted or modified.
                                                                                                                    
-
                                                                                                                    • Non-shared disk
                                                                                                                      • By default, /var/lib/docker, containerd, or /mnt/paas/kubernetes/kubelet is mounted to CCE nodes. Check whether /var, /var/lib, /mnt, /mnt/paas, and /mnt/paas/kubernetes have been manually mounted.
                                                                                                                      • The soft link of /var/lib/kubelet to /mnt/paas/kubernetes/kubelet is created for CCE by default. Check whether it has been manually modified.
                                                                                                                      
-
                                                                                                                    • Shared disk
                                                                                                                      • By default, /mnt/paas/ is mounted to CCE nodes. Check whether /mnt has been manually mounted.
                                                                                                                      • The soft link of /var/lib/kubelet to /mnt/paas/kubernetes/kubelet, or /var/lib/docker or containerd to /mnt/paas/runtime is created for CCE by default. Check whether the soft links have been manually modified.
                                                                                                                      
+
                                                                                                                      • Non-shared disk
                                                                                                                        • By default, /var/lib/docker, containerd, or /mnt/paas/kubernetes/kubelet is mounted to CCE nodes. Check whether /var, /var/lib, /mnt, /mnt/paas, and /mnt/paas/kubernetes have been manually mounted.
                                                                                                                        • CCE creates the /var/lib/kubelet to /mnt/paas/kubernetes/kubelet link by default. Check whether the link has been manually modified.
                                                                                                                        
+
                                                                                                                      • Shared disk
                                                                                                                        • By default, /mnt/paas/ is mounted to CCE nodes. Check whether /mnt has been manually mounted.
                                                                                                                        • CCE creates the /var/lib/kubelet to /mnt/paas/kubernetes/kubelet and /var/lib/docker or /var/lib/containerd to /mnt/paas/runtime soft links by default. Check whether the links have been manually modified.
                                                                                                                        
 
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    Solution
                                                                                                                    How Do I Check Whether a Disk Is Shared?
                                                                                                                    
-
                                                                                                                    1. Log in to the target node based on the check information.
                                                                                                                    2. Run the lsblk command to check whether vgpaas-share is mounted to /mnt/paas. If yes, a shared disk is used.
                                                                                                                      Figure 1 Checking whether a shared disk is used
                                                                                                                      
+
                                                                                                                      1. Log in to the target node based on the check information.
                                                                                                                      2. Run the lsblk command to check whether vgpaas-share is mounted to /mnt/paas. If yes, a shared disk is used.
                                                                                                                        Figure 1 Checking whether a shared disk is used
                                                                                                                        
 
                                                                                                                      
 
                                                                                                                      What Can I Do If an Error Occurred in a Node Mounting Check?
                                                                                                                      
-
                                                                                                                      1. Cancel the manually modified mount point.
                                                                                                                      2. Cancel the modification on the default soft link.
                                                                                                                      
+
                                                                                                                      1. Cancel the manually modified mount point.
                                                                                                                      2. Cancel the modification on the default soft links.
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0500.html b/docs/cce/umn/cce_10_0500.html
index e61b3f47..fa9bd0d2 100644
--- a/docs/cce/umn/cce_10_0500.html
+++ b/docs/cce/umn/cce_10_0500.html
@@ -5,8 +5,8 @@
 
                                                                                                                    
 
                                                                                                                    Solution
                                                                                                                    Solution 1: Delete the Service that is associated with a load balancer without a private IPv4 address.
                                                                                                                    
 
                                                                                                                    Solution 2: Bind a private IP address to the load balancer without a private IPv4 address. The procedure is as follows:
                                                                                                                    
-
                                                                                                                    1. Obtain the load balancer associated with the target Service.
                                                                                                                      • Method 1: Obtain the load balancer ID based on the pre-upgrade check log. Go to the ELB console and filter load balancers by load balancer ID.
                                                                                                                        elbs (ids: [*****]) without ipv4 private ip, please bind private ip tothese elbs and try again
                                                                                                                        
-
                                                                                                                      • Method 2: Log in to the CCE console and click the cluster name to access the cluster console. Then, choose Services & Ingresses in the navigation pane and click the name of the target load balancer to go to the ELB page.
                                                                                                                      
+
                                                                                                                      1. Obtain the load balancer associated with the target Service.
                                                                                                                        • Method 1: Obtain the load balancer ID based on the pre-upgrade check log. Go to the ELB console and filter load balancers by load balancer ID.
                                                                                                                          elbs (ids: [*****]) without ipv4 private ip, please bind private ip to these elbs and try again
                                                                                                                          
+
                                                                                                                        • Method 2: Log in to the CCE console and click the cluster name to access the cluster console. Then, choose Services & Ingresses in the navigation pane. In the right pane, click the name of the target load balancer to go to the ELB page.
                                                                                                                        
 
                                                                                                                      2. Check whether the load balancer has a private IPv4 address.
                                                                                                                        
 
                                                                                                                      3. Bind a private IP address to the load balancer without a private IPv4 address.
                                                                                                                        1. Log in to the CCE console and click the name of the target load balancer.
                                                                                                                        2. On the Summary tab, click Bind next to Private IPv4 address.
                                                                                                                        3. Configure the subnet and IPv4 address, and click OK.
                                                                                                                          
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0504.html b/docs/cce/umn/cce_10_0504.html
index 07fe9381..6c49978c 100644
--- a/docs/cce/umn/cce_10_0504.html
+++ b/docs/cce/umn/cce_10_0504.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                        Nodes' System Parameter Settings
                                                                                                                        
+
                                                                                                                        Nodes' System Parameters
                                                                                                                        
 
                                                                                                                        Check Items
                                                                                                                        Check whether the default system parameter settings on your nodes are modified.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Solution
                                                                                                                        If the MTU value of the bond0 network on your BMS node is not the default value 1500, this check item failed.
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0505.html b/docs/cce/umn/cce_10_0505.html
index 9704f0c0..8b52a933 100644
--- a/docs/cce/umn/cce_10_0505.html
+++ b/docs/cce/umn/cce_10_0505.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                        Residual Package Versions
                                                                                                                        
+
                                                                                                                        Residual Package Version Data
                                                                                                                        
 
                                                                                                                        Check Items
                                                                                                                        Check whether there are residual package version data in the current cluster.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Solution
                                                                                                                        A message is displayed indicating that there are residual 10.12.1.109 CRD resources in your cluster. This issue occurs because CRD resources are not cleared after nodes in earlier CCE versions are deleted.
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0510.html b/docs/cce/umn/cce_10_0510.html
index 9dd8ab57..c7285c82 100644
--- a/docs/cce/umn/cce_10_0510.html
+++ b/docs/cce/umn/cce_10_0510.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                        Check containerd pod restart risk
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether the service container running on the node may restart when the containerd component is upgraded on the node that uses containerd in the current cluster.
                                                                                                                        
+
                                                                                                                        containerd Pod Restart Risks
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether the service pods running on a containerd node are restarted when containerd is upgraded.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        Ensure that the cluster is upgraded when the impact on services is controllable (for example, during off-peak hours) to mitigate the impact of service container restart. If you need help, contact O&M personnel.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        Upgrade the cluster when the impact on services is controllable (for example, during off-peak hours) to minimize the impact. If you need help, contact O&M personnel.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0511.html b/docs/cce/umn/cce_10_0511.html
index acdcf802..e1cc28f8 100644
--- a/docs/cce/umn/cce_10_0511.html
+++ b/docs/cce/umn/cce_10_0511.html
@@ -1,12 +1,12 @@
 
 
 
                                                                                                                        Key GPU Add-on Parameters
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                        2. Run the following command to obtain the add-on instance details:
                                                                                                                          kubectl get ds nvidia-driver-installer -nkube-system -oyaml
                                                                                                                          
-
                                                                                                                        3. Check whether the UpdateStrategy value is changed to OnDelete. If so, change it back to RollingUpdate.
                                                                                                                        4. Check whether the NVIDIA_DRIVER_DOWNLOAD_URL value is the same as the add-on IP address on the add-on details page. If no, change the value on the web page.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                        2. Run the following command to obtain the add-on instance details:
                                                                                                                          kubectl get ds nvidia-driver-installer -nkube-system -oyaml
                                                                                                                          
+
                                                                                                                        3. Check whether the UpdateStrategy value is changed to OnDelete. If so, change it back to RollingUpdate.
                                                                                                                        4. Check whether the NVIDIA_DRIVER_DOWNLOAD_URL value is the same as the add-on IP address on the add-on details page. If no, change the value on the web page.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        
+
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0512.html b/docs/cce/umn/cce_10_0512.html
index bdd8aa90..bdf15700 100644
--- a/docs/cce/umn/cce_10_0512.html
+++ b/docs/cce/umn/cce_10_0512.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                        GPU or NPU Pod Rebuild Risks
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether GPU or NPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                                        
+
                                                                                                                        GPU Pod Rebuild Risks
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        Upgrade the cluster when the impact on services is controllable (for example, during off-peak hours) to minimize the impact. If you need help, contact O&M personnel.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        Upgrade the cluster when the impact on services is controllable (for example, during off-peak hours) to minimize the impact. If you need help, contact O&M personnel.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0513.html b/docs/cce/umn/cce_10_0513.html
index 27cab7a7..79f66d7f 100644
--- a/docs/cce/umn/cce_10_0513.html
+++ b/docs/cce/umn/cce_10_0513.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                        ELB Listener Access Control
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether the access control of the ELB listener has been configured for the Service in the current cluster using annotations and whether the configurations are correct.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether the access control of the ELB listener has been configured for the Service in the current cluster using annotations and whether the configurations are correct.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        In case of an incorrect configuration, contact O&M personnel.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        In case of an incorrect configuration, contact O&M personnel.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0514.html b/docs/cce/umn/cce_10_0514.html
index a03628e7..2faf54b5 100644
--- a/docs/cce/umn/cce_10_0514.html
+++ b/docs/cce/umn/cce_10_0514.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                        Master Node Flavor
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        Flavor inconsistency is typically due to a modification made on the master nodes. After the cluster is upgraded, the modification of the master nodes may be restored. If the impact of the restoration cannot be evaluated, contact O&M personnel.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        Flavor inconsistency is typically due to a modification made on the master nodes. After the cluster is upgraded, the modification of the master nodes may be restored. If the impact of the restoration cannot be evaluated, contact O&M personnel.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0515.html b/docs/cce/umn/cce_10_0515.html
index 0fea5c8e..fcd12deb 100644
--- a/docs/cce/umn/cce_10_0515.html
+++ b/docs/cce/umn/cce_10_0515.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                        Subnet Quota of Master Nodes
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        If the number of IP addresses in the selected cluster subnet is insufficient, rolling upgrade is not supported. Contact O&M personnel for support.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        If the number of IP addresses in the selected cluster subnet is insufficient, rolling upgrade is not supported. Contact O&M personnel for support.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0516.html b/docs/cce/umn/cce_10_0516.html
index e9feb6f3..0deb1f01 100644
--- a/docs/cce/umn/cce_10_0516.html
+++ b/docs/cce/umn/cce_10_0516.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                        Node Runtime
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        If the runtime on your node is not containerd, change the runtime of the node to containerd by resetting the node. 
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        If the runtime on your node is not containerd, change the runtime of the node to containerd by resetting the node. 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0517.html b/docs/cce/umn/cce_10_0517.html
index 1d79e1a9..70d6dd89 100644
--- a/docs/cce/umn/cce_10_0517.html
+++ b/docs/cce/umn/cce_10_0517.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                        Node Pool Runtime
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        If the runtime on your node pool is not containerd, change the runtime of the node pool to containerd by updating the node pool. 
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        If the runtime on your node pool is not containerd, change the runtime of the node pool to containerd by updating the node pool. 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0518.html b/docs/cce/umn/cce_10_0518.html
index fbe06bca..69d68a69 100644
--- a/docs/cce/umn/cce_10_0518.html
+++ b/docs/cce/umn/cce_10_0518.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                        Number of Node Images
                                                                                                                        
-
                                                                                                                        Check Items
                                                                                                                        Check the number of images on your node. If the number is greater than 1000, Docker startup may be slow.
                                                                                                                        
+
                                                                                                                        Check Items
                                                                                                                        Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions such as Nginx.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Solution
                                                                                                                        Contact O&M personnel to check whether this issue affects the upgrade.
                                                                                                                        
+
                                                                                                                        Solution
                                                                                                                        Manually delete residual images.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0549.html b/docs/cce/umn/cce_10_0549.html
index fb539528..ecfb323a 100644
--- a/docs/cce/umn/cce_10_0549.html
+++ b/docs/cce/umn/cce_10_0549.html
@@ -57,14 +57,14 @@
 
 
                                                                                                              8. 
-
-
-
-
@@ -260,14 +260,14 @@
 
-
-
@@ -302,14 +302,14 @@
 
-
-
-
@@ -372,14 +372,14 @@
 
-
-
@@ -400,65 +400,65 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0550.html b/docs/cce/umn/cce_10_0550.html
index e9b9020d..2dfbbe7a 100644
--- a/docs/cce/umn/cce_10_0550.html
+++ b/docs/cce/umn/cce_10_0550.html
@@ -21,7 +21,7 @@
 
                                                                                                            8. Security Groups
                                                                                                              
 
                                                                                                              9. 
-
                                                                                                            9. To-Be-Migrated Nodes
                                                                                                              
+
                                                                                                            10. Residual Nodes
                                                                                                              
 
                                                                                                            11. Discarded Kubernetes Resources
                                                                                                              
 
                                                                                                              12. 
@@ -39,7 +39,7 @@
 
                                                                                                            12. Node Key Directory File Permissions
                                                                                                              
 
                                                                                                              13. 
-
                                                                                                            13. Kubelet
                                                                                                              
+
                                                                                                            14. kubelet
                                                                                                              
 
                                                                                                            15. Node Memory
                                                                                                              
 
                                                                                                              16. 
@@ -77,9 +77,9 @@
 
                                                                                                            16. Discarded Kubernetes APIs
                                                                                                              
 
                                                                                                              17. 
-
                                                                                                            17. IPv6 Capabilities of a CCE Turbo Cluster
                                                                                                              
+
                                                                                                            18. IPv6 Support in CCE Turbo Clusters
                                                                                                              
 
                                                                                                              19. 
-
                                                                                                            19. Node NetworkManager
                                                                                                              
+
                                                                                                            20. NetworkManager
                                                                                                              
 
                                                                                                            21. Node ID File
                                                                                                              
 
                                                                                                              22. 
@@ -89,9 +89,9 @@
 
                                                                                                            22. CoreDNS Configuration Consistency
                                                                                                              
 
                                                                                                              23. 
-
                                                                                                            23. sudo Commands of a Node
                                                                                                              
+
                                                                                                            24. sudo
                                                                                                              
 
                                                                                                              25. 
-
                                                                                                            25. Key Commands of Nodes
                                                                                                              
+
                                                                                                            26. Key Node Commands
                                                                                                              
 
                                                                                                            27. Mounting of a Sock File on a Node
                                                                                                              
 
                                                                                                              28. 
@@ -109,19 +109,19 @@
 
                                                                                                            28. GPU Add-on
                                                                                                              
 
                                                                                                              29. 
-
                                                                                                            29. Nodes' System Parameter Settings
                                                                                                              
+
                                                                                                            30. Nodes' System Parameters
                                                                                                              
 
                                                                                                              31. 
-
                                                                                                            31. Residual Package Versions
                                                                                                              
+
                                                                                                            32. Residual Package Version Data
                                                                                                              
 
                                                                                                            33. Node Commands
                                                                                                              
 
                                                                                                            34. Node Swap
                                                                                                              
 
                                                                                                              35. 
-
                                                                                                            35. Check containerd pod restart risk
                                                                                                              
+
                                                                                                            36. containerd Pod Restart Risks
                                                                                                              
 
                                                                                                            37. Key GPU Add-on Parameters
                                                                                                              
 
                                                                                                              38. 
-
                                                                                                            38. GPU or NPU Pod Rebuild Risks
                                                                                                              
+
                                                                                                            39. GPU Pod Rebuild Risks
                                                                                                              
 
                                                                                                            40. ELB Listener Access Control
                                                                                                              
 
                                                                                                              41. 
diff --git a/docs/cce/umn/cce_10_0552.html b/docs/cce/umn/cce_10_0552.html
index b5d5f051..5d510487 100644
--- a/docs/cce/umn/cce_10_0552.html
+++ b/docs/cce/umn/cce_10_0552.html
@@ -17,13 +17,13 @@ spec:
         memory: "200Mi"
         cpu: "1"
                                                                                                              This feature is built on the optimized CPU scheduling in the HCE OS 2.0 kernel. When the CPU usage preferentially used by a container exceeds 85%, the container is automatically allocated to other CPUs with low usage to ensure the response capability of applications.
                                                                                                              
-
                                                                                                              
+
                                                                                                               
                                                                                                              • When enhanced CPU policy is enabled, the application performance is better than that of the none) policy but worse than that of the static policy.
                                                                                                              • CPU would not be exclusively used by burstable pods, it is still in the shared CPU pool. When the burstable pods are in the low tide, other pods can share this CPU.
                                                                                                              
 
                                                                                                              
-
                                                                                                              Constraints
                                                                                                              To use this feature, the following conditions must be met:
                                                                                                              
+
                                                                                                              Notes and Constraints
                                                                                                              To use this feature, the following conditions must be met:
                                                                                                              
 
                                                                                                              • The cluster version must be v1.23 or later.
                                                                                                              • The node OS is HCE OS 2.0.
                                                                                                              • The CPU management policy cannot take effect on physical cloud server nodes.
                                                                                                              
 
                                                                                                              
-
                                                                                                              Procedure
                                                                                                              1. Log in to the CCE console.
                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                              3. Select a node pool whose OS is HCE OS 2.0 and click Manage in the Operation column.
                                                                                                              4. In the Manage Components window that is displayed, change the cpu-manager-policy value of the kubelet component to enhanced-static.
                                                                                                              5. Click OK.
                                                                                                              
+
                                                                                                              Procedure
                                                                                                              1. Log in to the CCE console.
                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                              3. Select a node pool whose OS is HCE OS 2.0 and click Manage in the Operation column.
                                                                                                              4. In the Manage Components window that is displayed, change the cpu-manager-policy value of the kubelet component to enhanced-static.
                                                                                                              5. Click OK.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Verification
                                                                                                              Take a node with 8 vCPUs and 32 GB memory as an example. Deploy a workload whose CPU request is 1 and limit is 2 in the cluster in advance.
                                                                                                              
 
                                                                                                              1. Log in to a node in the node pool and view the /var/lib/kubelet/cpu_manager_state output.
                                                                                                                cat /var/lib/kubelet/cpu_manager_state
                                                                                                                
diff --git a/docs/cce/umn/cce_10_0601.html b/docs/cce/umn/cce_10_0601.html
index 5e326932..1aec408b 100644
--- a/docs/cce/umn/cce_10_0601.html
+++ b/docs/cce/umn/cce_10_0601.html
@@ -1,11 +1,10 @@
 
 
 
                                                                                                                Migrating Nodes from Docker to containerd
                                                                                                                
-
                                                                                                                Context
                                                                                                                Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Docker to containerd.
                                                                                                                
-
                                                                                                                
+
                                                                                                                Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Docker to containerd.
                                                                                                                
 
                                                                                                                Prerequisites
                                                                                                                
 
                                                                                                                
-
                                                                                                                Precautions
                                                                                                                • Theoretically, migration during container running will interrupt services for a short period of time. Therefore, it is strongly recommended that the services to be migrated have been deployed as multi-instance. In addition, you are advised to test the migration impact in the test environment to minimize potential risks.
                                                                                                                • containerd cannot build images. Do not use the docker build command to build images on containerd nodes. For other differences between Docker and containerd, see Container Engine.
                                                                                                                
+
                                                                                                                Precautions
                                                                                                                • Theoretically, migration during container running will interrupt services for a short period of time. Therefore, it is strongly recommended that the services to be migrated have been deployed as multi-instance. In addition, you are advised to test the migration impact in the test environment to minimize potential risks.
                                                                                                                • containerd cannot build images. Do not use the docker build command to build images on containerd nodes. For other differences between Docker and containerd, see Container Engines.
                                                                                                                
 
                                                                                                                
 
                                                                                                                Migrating a Node
                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                3. In the node list, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
                                                                                                                4. Set Container Engine to containerd. You can adjust other parameters as required or retain them as set during creation.
                                                                                                                  
 
                                                                                                                5. If the node status is Installing, the node is being reset.
                                                                                                                  When the node status is Running, you can see that the node version is switched to containerd. You can log in to the node and run containerd commands such as crictl to view information about the containers running on the node.
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0602.html b/docs/cce/umn/cce_10_0602.html
index d76b7b13..c7796419 100644
--- a/docs/cce/umn/cce_10_0602.html
+++ b/docs/cce/umn/cce_10_0602.html
@@ -1,16 +1,16 @@
 
 
-
                                                                                                                  Cluster Overload Control
                                                                                                                  
-
                                                                                                                  Scenario
                                                                                                                  If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                                                  
+
                                                                                                                  Enabling Overload Control for a Cluster
                                                                                                                  
+
                                                                                                                  Scenario
                                                                                                                  After overload control is enabled, the number of simultaneous requests is dynamically regulated according to the resource pressure on the master nodes. This ensures that both the nodes and the cluster remain accessible.
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                  Constraints
                                                                                                                  The cluster version must be 1.23 or later.
                                                                                                                  
+
                                                                                                                  Notes and Constraints
                                                                                                                  The cluster version must be 1.23 or later.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Enabling Overload Control
                                                                                                                  Method 1: Enabling it when creating a cluster
                                                                                                                  
 
                                                                                                                  When creating a cluster of v1.23 or later, you can enable overload control during the cluster creation.
                                                                                                                  
 
                                                                                                                  Method 2: Enabling it in an existing cluster
                                                                                                                  
 
                                                                                                                  1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                                  2. On the Overview page, check the master node information. If overload control is not enabled, a message will be displayed. You can click Enable to enable the function.
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                  Disabling Cluster Overload Control
                                                                                                                  1. Log in to the CCE console and go to an existing cluster whose version is v1.23 or later.
                                                                                                                  2. In the navigation pane, choose Settings.
                                                                                                                  3. On the Cluster Access tab page, disable overload control.
                                                                                                                  4. Click OK.
                                                                                                                  
+
                                                                                                                  Disabling Cluster Overload Control
                                                                                                                  1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                                  2. In the navigation pane, choose Settings.
                                                                                                                  3. On the Cluster Access tab page, disable overload control.
                                                                                                                  4. Click OK.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0603.html b/docs/cce/umn/cce_10_0603.html
index f5a3068b..ee5ed0d8 100644
--- a/docs/cce/umn/cce_10_0603.html
+++ b/docs/cce/umn/cce_10_0603.html
@@ -9,7 +9,7 @@
 
                                                                                                                  
 
                                                                                                                  Using the CCE Console
                                                                                                                  When creating a workload on the console, you can set the static IP address for a pod in the Advanced Settings > Network Configuration area.
                                                                                                                  
 
                                                                                                                  • Whether to enable fixed IP addresses: After the function is enabled, the pod IP address does not change each time the pod is restarted.
                                                                                                                  • Recycling Interval: Retention period of related IP addresses after the pod is deleted. During this interval, the original pod IP address cannot be used by other pods.
                                                                                                                  
-
                                                                                                                  
+
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Using kubectl
                                                                                                                  You can add annotations to a StatefulSet to enable or disable the static IP address function of the pod.
                                                                                                                  
 
                                                                                                                  apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0604.html b/docs/cce/umn/cce_10_0604.html
index bedcdf0c..f34f6cc9 100644
--- a/docs/cce/umn/cce_10_0604.html
+++ b/docs/cce/umn/cce_10_0604.html
@@ -3,12 +3,11 @@
 
                                                                                                                  Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs
                                                                                                                  
 
                                                                                                                  Application Scenarios
                                                                                                                  By default, pods with IPv6 dual-stack ENIs can access only the IPv6 private network. To access the public network, configure shared bandwidth for such pods.
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                  Constraints
                                                                                                                  • Only CCE Turbo clusters are supported and the following constraints must be met:
                                                                                                                    • IPv6 dual stack has been enabled for the cluster.
                                                                                                                    • The cluster version is v1.23.8-r0, v1.25.3-r0, or later.
                                                                                                                    
+
                                                                                                                    Notes and Constraints
                                                                                                                    • Only CCE Turbo clusters are supported and the following constraints must be met:
                                                                                                                      • IPv6 dual stack has been enabled for the cluster.
                                                                                                                      • The cluster version is v1.23.8-r0, v1.25.3-r0, or later.
                                                                                                                      
 
                                                                                                                    • The number of IPv6 ENIs that can be added to a shared bandwidth is limited by the tenant quota. The default value is 20. 
                                                                                                                    • HostNetwork Pods are not supported.
                                                                                                                    • All types of workloads are supported. When configuring IPv6 shared bandwidth for workloads with the replicas attribute, such as Deployment and StatefulSet, ensure that the number of replicas and the maximum number of pods during the upgrade are less than the remaining quota of IPv6 ENIs that can be added to the shared bandwidth.
                                                                                                                    • IPv6 dual-stack pod configured with shared bandwidth: When a pod is created, the CNI returns a success message only after the IPv6 dual-stack ENI is inserted into the shared bandwidth. When a pod is deleted, the IPv6 dual-stack ENI is removed from the shared bandwidth after the pod is completely deleted or the pod is in the deleting status for 30 seconds.
                                                                                                                    • If the IPv6 dual-stack ENI corresponding to the pod fails to be added to the shared bandwidth, an alarm event FailedIPv6InsertBandwidth is generated on the pod, for example, when the quota is exceeded or flow control is triggered. Rectify the fault based on the alarm event.
                                                                                                                    • On the Shared Bandwidths page of the EIP console, go to the target shared bandwidth details page, and click the IPv6 Addresses tab. The IPv6 dual-stack ENI whose Associated Instance is CCE is displayed. Do not remove the ENI directly on the page or using VPC APIs, otherwise, your services may be affected.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Using the CCE Console
                                                                                                                    When creating a workload, you can set the IPv6 shared bandwidth on the Advanced Settings > Network Configuration area.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Using kubectl
                                                                                                                    You can add annotations to a Deployment to specify the shared bandwidth to be added to the IPv6 dual-stack ENI of the pod. The following is an example:
                                                                                                                    
 
                                                                                                                    ...
diff --git a/docs/cce/umn/cce_10_0605.html b/docs/cce/umn/cce_10_0605.html
index 0987cbc6..7cfddefc 100644
--- a/docs/cce/umn/cce_10_0605.html
+++ b/docs/cce/umn/cce_10_0605.html
@@ -1,14 +1,16 @@
 
 
 
                                                                                                                    Draining a Node
                                                                                                                    
-
                                                                                                                    Scenario
                                                                                                                    After you enable nodal drainage on the console, CCE configures the node to be non-schedulable and securely evicts all pods that comply with Nodal Drainage Rules on the node. Subsequent new pods will not be scheduled to this node.
                                                                                                                    
+
                                                                                                                    Scenario
                                                                                                                    After you enable nodal drainage on the console, CCE configures the node to be non-schedulable and securely evicts all pods that comply with Rules for Draining Nodes on the node. Subsequent new pods will not be scheduled to this node.
                                                                                                                    
 
                                                                                                                    When a node becomes faulty, nodal drainage quickly isolates the faulty node. The pods evicted from the faulty node will be scheduled by the workload controller to other nodes that are running properly.
                                                                                                                    
+
                                                                                                                     
                                                                                                                    To ensure service availability during drainage, specify a disruption budget for your application. Otherwise, the application may become unavailable during pod rescheduling.
                                                                                                                    
+
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Constraints
                                                                                                                    • Only clusters of the following versions support the nodal drainage function:
                                                                                                                      • v1.21: v1.21.10-r0 or later
                                                                                                                      • v1.23: v1.23.8-r0 or later
                                                                                                                      • v1.25: v1.25.3-r0 or later
                                                                                                                      • v1.25 or later
                                                                                                                      
-
                                                                                                                    • To use the nodal drainage function, an IAM user must have at least one of the following permissions. For details, see Namespace Permissions (Kubernetes RBAC-based).
                                                                                                                      • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                      • drainage-editor: drain a node.
                                                                                                                      • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                      
-
                                                                                                                    • If a disruption budget is not specify for the workload, the workload function may be unavailable during pod rescheduling.
                                                                                                                    
+
                                                                                                                    Prerequisites
                                                                                                                    • A cluster is available and the cluster version meets the following requirements:
                                                                                                                      • v1.21: v1.21.10-r0 or later
                                                                                                                      • v1.23: v1.23.8-r0 or later
                                                                                                                      • v1.25: v1.25.3-r0 or later
                                                                                                                      • Versions later than v1.25
                                                                                                                      
+
                                                                                                                    • To drain a node as an IAM user, you must have at least one of the following permissions (for details, see Namespace Permissions (Kubernetes RBAC-based)):
                                                                                                                      • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                      • drainage-editor: drain a node.
                                                                                                                      • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                      
+
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Nodal Drainage Rules
                                                                                                                    The nodal drainage function securely evicts pods on a node. However, for pods that meet the following filtering criteria, the system performs the corresponding operations:
                                                                                                                    
+
                                                                                                                    Rules for Draining Nodes
                                                                                                                    When a node is drained, all pods on the node will be safely evicted. However, CCE will take specific actions for pods that meet certain filtering criteria.
                                                                                                                    
 
 
                                                                                                              Table 1 Mapping between node OSs and cluster types
                                                                                                              OS
                                                                                                              
                                                                                                               		
 
                                                                                                              Cluster Version
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              HCE OS 2.0
                                                                                                              
-
                                                                                                              
-
                                                                                                              
+
                                                                                                              HCE OS 2.0
                                                                                                              
 
                                                                                                              v1.28
                                                                                                              
+
                                                                                                              v1.29
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
                                                                                                               		
 
                                                                                                              √
                                                                                                              
                                                                                                               		
 
                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.27
                                                                                                              
+
                                                                                                              v1.28
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                              
+
                                                                                                              v1.27
                                                                                                              
                                                                                                               		
 
                                                                                                              √
                                                                                                              
 
                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.25
                                                                                                              
+
                                                                                                              v1.25
                                                                                                              
                                                                                                               		
 
                                                                                                              √
                                                                                                              
 
                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                              
                                                                                                               		
 
                                                                                                              Ubuntu 22.04
                                                                                                              
+
                                                                                                              Ubuntu 22.04
                                                                                                              
 
                                                                                                              v1.28
                                                                                                              
+
                                                                                                              v1.29
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              x
                                                                                                              
+
                                                                                                              x
                                                                                                              
                                                                                                               		
 
                                                                                                              √
                                                                                                              
                                                                                                               		
 
                                                                                                              5.15.0-53-generic
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.27
                                                                                                              
+
                                                                                                              v1.28
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              x
                                                                                                              
+
                                                                                                              x
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              5.15.0-53-generic
                                                                                                              
+
                                                                                                              5.15.0-53-generic
                                                                                                              
+
                                                                                                              v1.27
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              x
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              5.15.0-53-generic
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.25
                                                                                                              
@@ -94,28 +114,39 @@
 
                                                                                                              5.15.0-53-generic
                                                                                                              
                                                                                                               		
 
                                                                                                              EulerOS release 2.9
                                                                                                              
+
                                                                                                              EulerOS release 2.9
                                                                                                              
 
                                                                                                              v1.28
                                                                                                              
+
                                                                                                              v1.29
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
                                                                                                               		
 
                                                                                                              √
                                                                                                              
                                                                                                               		
 
                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                              
                                                                                                               		
 
                                                                                                              v1.27
                                                                                                              
+
                                                                                                              v1.28
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                              
+
                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                              
+
                                                                                                              v1.27
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
+
                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              v1.25
                                                                                                              
@@ -166,9 +197,9 @@
                                                                                                               		
 
                                                                                                              v1.25
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
 
                                                                                                              √
                                                                                                              
+
                                                                                                              √
                                                                                                              
                                                                                                               		
 
                                                                                                              √
                                                                                                              
                                                                                                               		
 
 
 
                                                                                                              Security Groups
                                                                                                              
 
                                                                                                              Check whether the Protocol & Port of the worker node security groups are set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.
                                                                                                              
+
                                                                                                              Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node security group is deleted.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              8
                                                                                                              
 
                                                                                                              To-Be-Migrated Nodes
                                                                                                              
+
                                                                                                              Residual Nodes
                                                                                                              
 
                                                                                                              Check whether the node needs to be migrated.
                                                                                                              
+
                                                                                                              Check whether nodes need to be migrated.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              9
                                                                                                              
@@ -125,7 +125,7 @@
 
                                                                                                              
 
                                                                                                              17
                                                                                                              
 
                                                                                                              Kubelet
                                                                                                              
+
                                                                                                              kubelet
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether the kubelet on the node is running properly.
                                                                                                              
 
                                                                                                              
 
                                                                                                              36
                                                                                                              
 
                                                                                                              IPv6 Capabilities of a CCE Turbo Cluster
                                                                                                              
+
                                                                                                              IPv6 Support in CCE Turbo Clusters
                                                                                                              
                                                                                                               		
 
                                                                                                              If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              37
                                                                                                              
 
                                                                                                              Node NetworkManager
                                                                                                              
+
                                                                                                              NetworkManager
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether NetworkManager of a node is normal.
                                                                                                              
 
                                                                                                              
 
                                                                                                              42
                                                                                                              
 
                                                                                                              sudo Commands of a Node
                                                                                                              
+
                                                                                                              sudo
                                                                                                              
 
                                                                                                              Whether the sudo commands and sudo-related files of the node are working
                                                                                                              
+
                                                                                                              Check whether the sudo commands and sudo-related files of the node are working.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              43
                                                                                                              
 
                                                                                                              Key Commands of Nodes
                                                                                                              
+
                                                                                                              Key Node Commands
                                                                                                              
                                                                                                               		
 
                                                                                                              Whether some key commands that the node upgrade depends on are working
                                                                                                              
 
                                                                                                              
 
                                                                                                              52
                                                                                                              
 
                                                                                                              Nodes' System Parameter Settings
                                                                                                              
+
                                                                                                              Nodes' System Parameters
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether the default system parameter settings on your nodes are modified.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              53
                                                                                                              
 
                                                                                                              Residual Package Versions
                                                                                                              
+
                                                                                                              Residual Package Version Data
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether there are residual package version data in the current cluster.
                                                                                                              
 
                                                                                                              
 
                                                                                                              56
                                                                                                              
 
                                                                                                              Check containerd pod restart risk
                                                                                                              
+
                                                                                                              containerd Pod Restart Risks
                                                                                                              
 
                                                                                                              Check whether the service container running on the node may restart when the containerd component is upgraded on the node that uses containerd in the current cluster.
                                                                                                              
+
                                                                                                              Check whether the service pods running on a containerd node are restarted when containerd is upgraded.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              57
                                                                                                              
                                                                                                               		
 
                                                                                                              Key GPU Add-on Parameters
                                                                                                              
 
                                                                                                              Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                              
+
                                                                                                              Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              58
                                                                                                              
 
                                                                                                              GPU or NPU Pod Rebuild Risks
                                                                                                              
+
                                                                                                              GPU Pod Rebuild Risks
                                                                                                              
 
                                                                                                              Check whether GPU or NPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                              
+
                                                                                                              Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                              
                                                                                                               		
 
                                                                                                              59
                                                                                                              
+
                                                                                                              59
                                                                                                              
                                                                                                               		
 
                                                                                                              ELB Listener Access Control
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether the access control of the ELB listener has been configured for the Service in the current cluster using annotations and whether the configurations are correct.
                                                                                                              
                                                                                                               		
 
                                                                                                              60
                                                                                                              
+
                                                                                                              60
                                                                                                              
                                                                                                               		
 
                                                                                                              Master Node Flavor
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                              
                                                                                                               		
 
                                                                                                              61
                                                                                                              
+
                                                                                                              61
                                                                                                              
                                                                                                               		
 
                                                                                                              Subnet Quota of Master Nodes
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                              
                                                                                                               		
 
                                                                                                              62
                                                                                                              
+
                                                                                                              62
                                                                                                              
                                                                                                               		
 
                                                                                                              Node Runtime
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                              
                                                                                                               		
 
                                                                                                              63
                                                                                                              
+
                                                                                                              63
                                                                                                              
                                                                                                               		
 
                                                                                                              Node Pool Runtime
                                                                                                              
                                                                                                               		
 
                                                                                                              Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                              
                                                                                                               		
 
                                                                                                              64
                                                                                                              
+
                                                                                                              64
                                                                                                              
                                                                                                               		
 
                                                                                                              Number of Node Images
                                                                                                              
 
                                                                                                              Check the number of images on your node. If the number is greater than 1000, Docker startup may be slow.
                                                                                                              
+
                                                                                                              Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions such as Nginx.
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                                                              
@@ -56,12 +58,17 @@
 
                                                                                                              Filter Criterion
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              
-
                                                                                                               
                                                                                                              The following operations may be performed on pods during nodal drainage:
                                                                                                              
+
                                                                                                               
                                                                                                              The following operations may be performed on pods during node drainage:
                                                                                                              
 
                                                                                                              • Deletion: The pod is deleted from the current node and will not be scheduled to other nodes.
                                                                                                              • Eviction: The pod is deleted from the current node and rescheduled to another node.
                                                                                                              • None: The pod will not be evicted or deleted.
                                                                                                              • Drainage cancellation: If a pod on a node cancels drainage, the drainage process of the node is terminated and no pod is evicted or deleted.
                                                                                                              
 
                                                                                                              
 
                                                                                                              
-
                                                                                                              Procedure
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                              2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                              3. Locate the target node and choose More > Nodal Drainage in the Operation column.
                                                                                                              4. In the Nodal Drainage window displayed, set parameters.
                                                                                                                • Timeout (s): The drainage task automatically fails after the preset timeout period. The value 0 indicates that the timeout period is not set.
                                                                                                                • Forced Drainage: If this function is enabled, pods managed by DaemonSet will be ignored, and pods with emptyDir volumes and pods not managed by controllers will be deleted. For details, see Nodal Drainage Rules.
                                                                                                                
-
                                                                                                              5. Click OK and wait until the nodal drainage is complete.
                                                                                                              
+
                                                                                                              Procedure
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                              2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                              3. Locate the target node and choose More > Nodal Drainage in the Operation column.
                                                                                                              4. In the Nodal Drainage window displayed, set parameters.
                                                                                                                • Timeout (s): The drainage task automatically fails after the preset timeout period. The value 0 indicates that the timeout period is not set.
                                                                                                                • Forced Drainage: If this function is enabled, pods managed by DaemonSet will be ignored, and pods with emptyDir volumes and pods not managed by controllers will be deleted. For details, see Rules for Draining Nodes.
                                                                                                                
+
                                                                                                              5. Click OK and wait until the node drainage is complete.
                                                                                                              
+
                                                                                                              
+
                                                                                                              Cancelling Node Drainage
                                                                                                               
                                                                                                              In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, node drainage can be canceled.
                                                                                                              
+
                                                                                                              This operation will abort drainage on nodes, but workloads that have been evicted from these nodes will not be automatically migrated back.
                                                                                                              
+
                                                                                                              
+
                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                              2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                              3. Locate the node that is being drained and click Cancel Drainage.
                                                                                                              4. In the displayed dialog box, click OK. The node status changes to Drainage cancelled. You can click Enable Scheduling to restore the node to the schedulable state.
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0613.html b/docs/cce/umn/cce_10_0613.html
index 25e50b9b..1f76923d 100644
--- a/docs/cce/umn/cce_10_0613.html
+++ b/docs/cce/umn/cce_10_0613.html
@@ -3,7 +3,7 @@
 
                                                                                                              Overview
                                                                                                              
 
                                                                                                              To achieve persistent storage, CCE allows you to mount the storage volumes created from Elastic Volume Service (EVS) disks to a path of a container. When the container is migrated within an AZ, the mounted EVS volumes are also migrated. By using EVS volumes, you can mount the remote file directory of a storage system to a container so that data in the data volume is permanently preserved. Even if the container is deleted, the data in the data volume is still stored in the storage system.
                                                                                                              
 
                                                                                                              EVS Disk Performance Specifications
                                                                                                              EVS performance metrics include:
                                                                                                              
-
                                                                                                              • IOPS: number of read/write operations performed by an EVS disk per second
                                                                                                              • Throughput: amount of data read from and written into an EVS disk per second
                                                                                                              • Read/write I/O latency: minimum interval between two consecutive read/write operations on an EVS disk
                                                                                                              
+
                                                                                                              • IOPS: the number of input/output operations performed by an EVS disk per second
                                                                                                              • Throughput: the amount of data read from and written into an EVS disk per second
                                                                                                              • I/O latency: the minimum interval between two consecutive I/O operations on an EVS disk
                                                                                                              
 
 
                                                                                                              
@@ -62,9 +62,9 @@
 
-
-
@@ -92,7 +92,7 @@
 
                                                                                                              Application Scenarios
                                                                                                              EVS disks can be mounted in the following modes based on application scenarios:
                                                                                                              
-
                                                                                                              • Using an Existing EVS Disk Through a Static PV: static creation mode, where you use an existing EVS disk to create a PV and then mount storage to the workload through a PVC. This mode applies to scenarios where the underlying storage is available.
                                                                                                              • Using an EVS Disk Through a Dynamic PV: dynamic creation mode, where you do not need to create EVS volumes in advance. Instead, specify a StorageClass during PVC creation and an EVS disk and a PV will be automatically created. This mode applies to scenarios where no underlying storage is available.
                                                                                                              • Dynamically Mounting an EVS Disk to a StatefulSet: Only StatefulSets support this mode. Each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                              
+
                                                                                                              • Using an Existing EVS Disk Through a Static PV: static creation mode, where you use an existing EVS disk to create a PV and then mount storage to the workload through a PVC. This mode applies if the underlying storage is available.
                                                                                                              • Using an EVS Disk Through a Dynamic PV: dynamic creation mode, in which you do not need to create EVS volumes beforehand. Instead, specify a StorageClass when creating a PVC. Then, an EVS volume and PV will be created automatically. This mode applies to scenarios where no underlying storage is available.
                                                                                                              • Dynamically Mounting an EVS Disk to a StatefulSet: available only for StatefulSets. In this mode, each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                              
 
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0614.html b/docs/cce/umn/cce_10_0614.html
index 37b92af5..01a92985 100644
--- a/docs/cce/umn/cce_10_0614.html
+++ b/docs/cce/umn/cce_10_0614.html
@@ -2,13 +2,13 @@
 
 
                                                                                                              Using an Existing EVS Disk Through a Static PV
                                                                                                              
 
                                                                                                              CCE allows you to create a PV using an existing EVS disk. After the PV is created, you can create a PVC and bind it to the PV. This mode applies if the underlying storage is available.
                                                                                                              
-
                                                                                                              Prerequisites
                                                                                                              • You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                              • You have created an EVS disk that meets the following requirements:
                                                                                                                • The existing EVS disk cannot be a system disk, DSS disk, or shared disk.
                                                                                                                • The EVS disk must be of the SCSI type (the default disk type is VBD when you create an EVS disk).
                                                                                                                • The EVS disk must be available and not used by other resources.
                                                                                                                • The AZ of the EVS disk must be the same as that of the cluster node. Otherwise, the EVS disk cannot be mounted and the pod cannot start.
                                                                                                                • If the EVS disk is encrypted, the key must be available.
                                                                                                                • EVS disks that have been partitioned are not supported.
                                                                                                                
-
                                                                                                              • Before creating a cluster using commands, ensure kubectl is used to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                              
+
                                                                                                              Prerequisites
                                                                                                              • You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                              • You have created an EVS disk that meets the following requirements:
                                                                                                                • The EVS disk cannot be a system disk, DSS disk, or shared disk.
                                                                                                                • The EVS disk must be of the SCSI type (the default disk type is VBD when you create an EVS disk).
                                                                                                                • The EVS disk must be available and not used by other resources.
                                                                                                                • The AZ of the EVS disk must be the same as that of the cluster node. Otherwise, the EVS disk cannot be mounted and the pod cannot start.
                                                                                                                • If the EVS disk is encrypted, the key must be available.
                                                                                                                • EVS disks that have been partitioned are not supported.
                                                                                                                
+
                                                                                                              • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                              
 
                                                                                                              
-
                                                                                                              Constraints
                                                                                                              • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                              • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                
+
                                                                                                                Notes and Constraints
                                                                                                                • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attached to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, select only one pod when creating a Deployment that uses EVS disks.
                                                                                                                • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                  For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                  
 
                                                                                                                
 
                                                                                                                
-
                                                                                                                Using an Existing EVS Disk on the Console
                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                2. Statically create a PVC and PV.
                                                                                                                  1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                    Using an Existing EVS Disk on the Console
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. Statically create a PVC and PV.
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                              Table 1 EVS disk performance specifications
                                                                                                              Parameter
                                                                                                              
 
                                                                                                              
 
                                                                                                              Disk throughput (MiB/s)
                                                                                                              
 
                                                                                                              Min. (350, 120 + 0.5 × Capacity)
                                                                                                              
+
                                                                                                              Min. (350, 120 + 0.5 x Capacity)
                                                                                                              
 
                                                                                                              Min. (150, 100 + 0.15 × Capacity)
                                                                                                              
+
                                                                                                              Min. (150, 100 + 0.15 x Capacity)
                                                                                                              
                                                                                                               		
 
                                                                                                              50
                                                                                                              
                                                                                                               		
 
 
 
 
                                                                                                              
-
-
-
-
-
                                                                                                              Parameter
                                                                                                              
                                                                                                               		
 
                                                                                                              Description
                                                                                                              
@@ -22,24 +22,24 @@
 
                                                                                                              
 
                                                                                                              PVC Name
                                                                                                              
 
                                                                                                              Enter the PVC name, which must be unique in the same namespace.
                                                                                                              
+
                                                                                                              Enter the PVC name, which must be unique in a namespace.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Creation Method
                                                                                                              
 
                                                                                                              • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created.
                                                                                                              • If no underlying storage is available, select Dynamically provision. For details, see Using an EVS Disk Through a Dynamic PV.
                                                                                                              
-
                                                                                                              In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                              
+
                                                                                                              • If underlying storage is available, create a PV or use an existing PV to statically create a PVC.
                                                                                                              • If no underlying storage is available, select Dynamically provision. For details, see Using an EVS Disk Through a Dynamic PV.
                                                                                                              
+
                                                                                                              In this example, select Create new to create both a PV and PVC on the console.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              PVa
                                                                                                              
 
                                                                                                              Select an existing PV volume in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                                              
+
                                                                                                              Select an existing PV in the cluster. For details about how to create a PV, see "Creating a storage volume" in Related Operations.
                                                                                                              
 
                                                                                                              You do not need to specify this parameter in this example.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              EVSb
                                                                                                              
 
                                                                                                              Click Select EVS. On the displayed page, select the EVS disk that meets your requirements and click OK.
                                                                                                              
+
                                                                                                              Click Select EVS. On the displayed page, select the EVS volume that meets your requirements and click OK.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              PV Nameb
                                                                                                              
@@ -49,7 +49,7 @@
 
                                                                                                              
 
                                                                                                              Access Modeb
                                                                                                              
 
                                                                                                              EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                              
+
                                                                                                              EVS volumes support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              Reclaim Policyb
                                                                                                              
@@ -65,7 +65,7 @@
 
 
                                                                                                            41. Click Create to create a PVC and a PV.
                                                                                                              You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                              
 
                                                                                                              42. 
-
                                                                                                            42. Create an application.
                                                                                                              1. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                              2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                              3. Create an application.
                                                                                                                1. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
 
                                                                                                                  
@@ -93,7 +93,7 @@
 
-
@@ -101,40 +101,40 @@
 
                                                                                                                  In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the EVS disk.
                                                                                                                  
-
                                                                                                                   
                                                                                                                  A non-shared EVS disk cannot be attached to multiple pods in a workload. Otherwise, the pods cannot start properly. Ensure that the number of workload pods is 1 when you attach an EVS disk.
                                                                                                                  
+
                                                                                                                   
                                                                                                                  A non-shared EVS disk can be attached to only one workload pod. If there are multiple pods, extra pods cannot start properly. Ensure that the number of workload pods is 1 if an EVS disk is attached.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                3. After the configuration, click Create Workload.
                                                                                                                  After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                  
 
                                                                                                                  4. 
 
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                  (kubectl) Using an Existing EVS Disk
                                                                                                                  1. Use kubectl to access the cluster.
                                                                                                                  2. Create a PV. If a PV has been created in your cluster, skip this step.
                                                                                                                    1. Create the pv-evs.yaml file.
                                                                                                                      apiVersion: v1
+
                                                                                                                      Using an Existing EVS Disk Through kubectl
                                                                                                                      1. Use kubectl to access the cluster.
                                                                                                                      2. Create a PV. If a PV has been created in your cluster, skip this step.
                                                                                                                        1. Create the pv-evs.yaml file.
                                                                                                                          apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only         # (Optional) The PV is deleted while the underlying volume is retained.
-  name: pv-evs    # PV name.
+    everest.io/reclaim-policy: retain-volume-only         # (Optional) The underlying volume is retained when the PV is deleted.
+  name: pv-evs    # PV name
   labels:
-    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
-    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
-    - ReadWriteOnce     # Access mode. The value must be ReadWriteOnce for EVS disks.
+    - ReadWriteOnce     # Access mode, which must be ReadWriteOnce for EVS disks
   capacity:
     storage: 10Gi       # EVS disk capacity, in the unit of GiB. The value ranges from 1 to 32768.
   csi:
-    driver: disk.csi.everest.io     # Dependent storage driver for the mounting.
+    driver: disk.csi.everest.io     # Dependent storage driver for the mounting
     fsType: ext4    # Must be the same as that of the original file system of the disk.
-    volumeHandle: <your_volume_id>   # Volume ID of the EVS disk.
+    volumeHandle: <your_volume_id>   # EVS volume ID
     volumeAttributes:
       everest.io/disk-mode: SCSI           # Device type of the EVS disk. Only SCSI is supported.
-      everest.io/disk-volume-type: SAS     # EVS disk type.
+      everest.io/disk-volume-type: SAS     # EVS disk type
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
-  persistentVolumeReclaimPolicy: Delete    # Reclaim policy.
-  storageClassName: csi-disk              # Storage class name. The value must be csi-disk for EVS disks.
                                                                                                                          
+  persistentVolumeReclaimPolicy: Delete    # Reclaim policy
+  storageClassName: csi-disk              # StorageClass name. The value must be csi-disk for EVS disks.
                                                                                                                      
 
 
                                                                                                                  Table 1 Mounting a storage volume
                                                                                                                  Parameter
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Description
                                                                                                                  
@@ -75,13 +75,13 @@
 
                                                                                                                  PVC
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Select an existing EVS volume.
                                                                                                                  
-
                                                                                                                  An EVS volume cannot be repeatedly mounted to multiple workloads.
                                                                                                                  
+
                                                                                                                  An EVS volume can be mounted to only one workload.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  Mount Path
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                  
-
                                                                                                                  This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                   NOTICE: 
                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                  
+
                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                   NOTICE: 
                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Permission
                                                                                                                  
 
                                                                                                                  • Read-only: You can only read the data in the mounted volumes.
                                                                                                                  • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                  
+
                                                                                                                  • Read-only: You can only read the data in the mounted volumes.
                                                                                                                  • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
                                                                                                                   
 
 
                                                                                                                  
@@ -149,8 +149,8 @@ spec:
 
-
@@ -183,7 +183,7 @@ spec:
 
                                                                                                                  Table 2 Key parameters
                                                                                                                  Parameter
                                                                                                                  
 
                                                                                                                  No
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Optional.
                                                                                                                  
-
                                                                                                                  Currently, only retain-volume-only is supported.
                                                                                                                  
-
                                                                                                                  This field is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                  
+
                                                                                                                  Only retain-volume-only is supported.
                                                                                                                  
+
                                                                                                                  This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  failure-domain.beta.kubernetes.io/region
                                                                                                                  
@@ -158,7 +158,7 @@ spec:
 
                                                                                                                  Yes
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Region where the cluster is located.
                                                                                                                  
-
                                                                                                                  For details about the value of region, see Regions and Endpoints.
                                                                                                                  
+
                                                                                                                  For details about the value of region, see Regions and Endpoints.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  failure-domain.beta.kubernetes.io/zone
                                                                                                                  
@@ -166,14 +166,14 @@ spec:
 
                                                                                                                  Yes
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                  
-
                                                                                                                  For details about the value of zone, see Regions and Endpoints.
                                                                                                                  
+
                                                                                                                  For details about the value of zone, see Regions and Endpoints.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  fsType
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Yes
                                                                                                                  
 
                                                                                                                  Configure the file system type. The value defaults to ext4.
                                                                                                                  
+
                                                                                                                  File system type, which defaults to ext4.
                                                                                                                  
 
                                                                                                                  The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                  • The nodes must run CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                  • Only common containers are supported.
                                                                                                                  
 
                                                                                                                  
 
                                                                                                                  Yes
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Volume ID of the EVS disk.
                                                                                                                  
-
                                                                                                                  To obtain the volume ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, click the copy button after ID.
                                                                                                                  
+
                                                                                                                  To obtain a volume ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, click the copy button after ID.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  everest.io/disk-volume-type
                                                                                                                  
@@ -199,7 +199,7 @@ spec:
 
                                                                                                                  No
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Mandatory when the EVS disk is encrypted. Enter the encryption key ID selected during EVS disk creation.
                                                                                                                  
-
                                                                                                                  To obtain the encryption key ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, copy the value of KMS Key ID in the Configuration Information area.
                                                                                                                  
+
                                                                                                                  To obtain an encryption key ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, copy the value of KMS Key ID in the Configuration Information area.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  persistentVolumeReclaimPolicy
                                                                                                                  
@@ -209,8 +209,8 @@ spec:
 
                                                                                                                  A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                                  
 
                                                                                                                  The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If high data security is required, select Retain to prevent data from being deleted by mistake.
                                                                                                                  
 
                                                                                                                  Delete:
                                                                                                                  
-
                                                                                                                  • If everest.io/reclaim-policy is not specified, both the PV and EVS volume are deleted when a PVC is deleted.
                                                                                                                  • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the EVS resources are retained.
                                                                                                                  
-
                                                                                                                  Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                  
+
                                                                                                                  • If everest.io/reclaim-policy is not specified, both the PV and EVS disk will be deleted when a PVC is deleted.
                                                                                                                  • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV will be deleted but the EVS disk will be retained.
                                                                                                                  
+
                                                                                                                  Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  storageClassName
                                                                                                                  
@@ -231,20 +231,20 @@ metadata:
   name: pvc-evs
   namespace: default
   annotations:
-      everest.io/disk-volume-type: SAS    # EVS disk type.
-    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+      everest.io/disk-volume-type: SAS    # EVS disk type
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
   labels:
-    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
-    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
   - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
   resources:
     requests:
       storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768. The value must be the same as the storage size of the existing PV.
-  storageClassName: csi-disk    # The storage class is EVS.
-  volumeName: pv-evs            # PV name.
+  storageClassName: csi-disk    # StorageClass is EVS.
+  volumeName: pv-evs            # PV name
 
 
                                                                                                                  
@@ -259,7 +259,7 @@ spec:
 
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0615.html b/docs/cce/umn/cce_10_0615.html
index f5ef0c34..8872ceb6 100644
--- a/docs/cce/umn/cce_10_0615.html
+++ b/docs/cce/umn/cce_10_0615.html
@@ -2,12 +2,13 @@
 
 
                                                                                                                  Using an EVS Disk Through a Dynamic PV
                                                                                                                  CCE allows you to specify a StorageClass to automatically create an EVS disk and the corresponding PV. This function is applicable when no underlying storage volume is available.
                                                                                                                  
-
                                                                                                                  Prerequisites
                                                                                                                  
+
                                                                                                                  Prerequisites
                                                                                                                  
 
                                                                                                                  
-
                                                                                                                  Constraints
                                                                                                                  • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                                  • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                    For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                    
+
                                                                                                                    Notes and Constraints
                                                                                                                    • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attached to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, select only one pod when creating a Deployment that uses EVS disks.
                                                                                                                    • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                      For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                      
 
                                                                                                                    
+
                                                                                                                    • Resource tags can be added to dynamically created EVS disks. After the EVS disks are created, the resource tags cannot be updated on CCE. To update them, go to the EVS console. If you use an existing EVS disk to create a PV, you also need to add or update resource tags on the EVS console.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    (Console) Automatically Creating an EVS Disk
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. Dynamically create a PVC and PV.
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                        (Console) Automatically Creating an EVS Disk
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. Dynamically create a PVC and PV.
                                                                                                                          1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                  Table 3 Key parameters
                                                                                                                  Parameter
                                                                                                                  
 
                                                                                                                  Yes
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Region where the cluster is located.
                                                                                                                  
-
                                                                                                                  For details about the value of region, see Regions and Endpoints.
                                                                                                                  
+
                                                                                                                  For details about the value of region, see Regions and Endpoints.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  failure-domain.beta.kubernetes.io/zone
                                                                                                                  
@@ -267,7 +267,7 @@ spec:
 
                                                                                                                  Yes
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                  
-
                                                                                                                  For details about the value of zone, see Regions and Endpoints.
                                                                                                                  
+
                                                                                                                  For details about the value of zone, see Regions and Endpoints.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  storage
                                                                                                                  
@@ -308,7 +308,7 @@ spec:
   selector:
     matchLabels:
       app: web-evs
-  serviceName: web-evs   # Headless Service name.
+  serviceName: web-evs   # Headless Service name
   template:
     metadata:
       labels:
@@ -319,18 +319,18 @@ spec:
         image: nginx:latest
         volumeMounts:
         - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-disk    # Volume name, which can be customized.
+        - name: pvc-disk    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-evs    # Name of the created PVC.
+            claimName: pvc-evs    # Name of the created PVC
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: web-evs   # Headless Service name.
+  name: web-evs   # Headless Service name
   namespace: default
   labels:
     app: web-evs
@@ -356,12 +356,12 @@ spec:
 
                                                                                                                4. Run the following command to check whether the EVS volume has been mounted to the /data path:
                                                                                                                  kubectl exec web-evs-0 -- df | grep data
                                                                                                                  
 
                                                                                                                  Expected output:
                                                                                                                  
 
                                                                                                                  /dev/sdc              10255636     36888  10202364   0% /data
                                                                                                                  
-
                                                                                                                5. Run the following command to view the files in the /data path:
                                                                                                                  kubectl exec web-evs-0 -- ls /data
                                                                                                                  
+
                                                                                                                6. Run the following command to check the files in the /data path:
                                                                                                                  kubectl exec web-evs-0 -- ls /data
                                                                                                                  
 
                                                                                                                  Expected output:
                                                                                                                  
 
                                                                                                                  lost+found
                                                                                                                  
 
                                                                                                                  7. 
 
                                                                                                                7. Run the following command to create a file named static in the /data path:
                                                                                                                  kubectl exec web-evs-0 --  touch /data/static
                                                                                                                  
-
                                                                                                                8. Run the following command to view the files in the /data path:
                                                                                                                  kubectl exec web-evs-0 -- ls /data
                                                                                                                  
+
                                                                                                                9. Run the following command to check the files in the /data path:
                                                                                                                  kubectl exec web-evs-0 -- ls /data
                                                                                                                  
 
                                                                                                                  Expected output:
                                                                                                                  
 
                                                                                                                  lost+found
 static
                                                                                                                  
@@ -372,7 +372,7 @@ spec:
 
                                                                                                                  Expected output:
                                                                                                                  
 
                                                                                                                  lost+found
 static
                                                                                                                  
-
                                                                                                                  If the static file still exists, the data in the EVS volume can be stored persistently.
                                                                                                                  
+
                                                                                                                  The static file is retained, indicating that the data in the EVS volume can be stored persistently.
                                                                                                                  
 
                                                                                                                  10. 
 
 
                                                                                                                  Related Operations
                                                                                                                  You can also perform the operations listed in Table 4.
@@ -388,29 +388,29 @@ spec:
 
                                                                                                                  		
 
                                                                                                                  Create a PV on the CCE console.
                                                                                                                  
 
                                                                                                                  1. Choose Storage in the navigation pane and click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                    • Volume Type: Select EVS.
                                                                                                                    • EVS: Click Select EVS. On the displayed page, select the EVS disk that meets your requirements and click OK.
                                                                                                                    • PV Name: Enter the PV name, which must be unique in the same cluster.
                                                                                                                    • Access Mode: EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                    • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                                    
+
                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                    • Volume Type: Select EVS.
                                                                                                                    • EVS: Click Select EVS. On the displayed page, select the EVS volume that meets your requirements and click OK.
                                                                                                                    • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                    • Access Mode: EVS volumes support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                    • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                                    
 
                                                                                                                  2. Click Create.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  Expanding the capacity of an EVS disk
                                                                                                                  
 
                                                                                                                  Quickly expand the capacity of a mounted EVS disk on the CCE console.
                                                                                                                  
+
                                                                                                                  Quickly expand the capacity of an attached EVS disk on the CCE console.
                                                                                                                  
 
                                                                                                                  1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                  2. Enter the capacity to be added and click OK.
                                                                                                                  
+
                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                  2. Enter the capacity to be added and click OK.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  Viewing events
                                                                                                                  
 
                                                                                                                  You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                  
+
                                                                                                                  View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                  
 
                                                                                                                  1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                  2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                  
+
                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                  2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  Viewing a YAML file
                                                                                                                  
 
                                                                                                                  You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                  
+
                                                                                                                  View, copy, or download the YAML file of a PVC or PV.
                                                                                                                  
 
                                                                                                                  1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                  2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                  
+
                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                  2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
 
                                                                                                                  
-
-
@@ -35,6 +36,13 @@
 
+
+
+
-
-
-
-
                                                                                                                  Parameter
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Description
                                                                                                                  
@@ -21,12 +22,12 @@
 
                                                                                                                  
 
                                                                                                                  PVC Name
                                                                                                                  
 
                                                                                                                  Enter the PVC name, which must be unique in the same namespace.
                                                                                                                  
+
                                                                                                                  Enter the PVC name, which must be unique in a namespace.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  Creation Method
                                                                                                                  
 
                                                                                                                  • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                  • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV is available. For details, see Using an Existing EVS Disk Through a Static PV.
                                                                                                                  
+
                                                                                                                  • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                  • If underlying storage is available, create a PV or use an existing PV to statically create a PVC. For details, see Using an Existing EVS Disk Through a Static PV.
                                                                                                                  
 
                                                                                                                  In this example, select Dynamically provision.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  The storage class for EVS disks is csi-disk.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  (Optional) Storage Volume Name Prefix
                                                                                                                  
+
                                                                                                                  Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                  
+
                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                  
+
                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                  
+
                                                                                                                  
 
                                                                                                                  AZ
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Select the AZ of the EVS disk. The AZ must be the same as that of the cluster node.
                                                                                                                  
@@ -47,14 +55,14 @@
 
                                                                                                                  Select an EVS disk type. EVS disk types vary depending on regions. Obtain the available EVS types on the console.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Access Mode
                                                                                                                  
+
                                                                                                                  Capacity (GiB)
                                                                                                                  
 
                                                                                                                  EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                  
+
                                                                                                                  Capacity of the requested storage volume.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  Capacity (GiB)
                                                                                                                  
+
                                                                                                                  Access Mode
                                                                                                                  
 
                                                                                                                  Capacity of the requested storage volume.
                                                                                                                  
+
                                                                                                                  EVS volumes support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                  
                                                                                                                   		
 
                                                                                                                  
 
                                                                                                                  Encryption
                                                                                                                  
@@ -76,7 +84,7 @@
 
 
                                                                                                                10. Click Create.
                                                                                                                  You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                  
 
                                                                                                                  11. 
-
                                                                                                                11. Create an application.
                                                                                                                  1. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                  3. Create an application.
                                                                                                                    1. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                                    2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                      Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
 
                                                                                                                      
@@ -104,7 +112,7 @@
 
-
@@ -112,34 +120,35 @@
 
                                                                                                                      In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the EVS disk.
                                                                                                                      
-
                                                                                                                       
                                                                                                                      A non-shared EVS disk cannot be attached to multiple pods in a workload. Otherwise, the pods cannot start properly. Ensure that the number of workload pods is 1 when you attach an EVS disk.
                                                                                                                      
+
                                                                                                                       
                                                                                                                      A non-shared EVS disk can be attached to only one workload pod. If there are multiple pods, extra pods cannot start properly. Ensure that the number of workload pods is 1 if an EVS disk is attached.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                    3. After the configuration, click Create Workload.
                                                                                                                      After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                      
 
                                                                                                                      4. 
 
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      (kubectl) Automatically Creating an EVS Disk
                                                                                                                      1. Use kubectl to access the cluster.
                                                                                                                      2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                        1. Create the pvc-evs-auto.yaml file.
                                                                                                                          apiVersion: v1
+
                                                                                                                          Automatically Creating an EVS Volume Through kubectl
                                                                                                                          1. Use kubectl to access the cluster.
                                                                                                                          2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                            1. Create the pvc-evs-auto.yaml file.
                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-evs-auto
   namespace: default
   annotations:
-      everest.io/disk-volume-type: SAS    # EVS disk type.
-    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+      everest.io/disk-volume-type: SAS    # EVS disk type
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
-    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
-    csi.storage.k8s.io/fstype: xfs    # (Optional) Set the file system type to xfs. If it is left blank, ext4 is used by default.
+    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+    csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
+    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
   labels:
-    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
-    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
   - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
   resources:
     requests:
       storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768.
-  storageClassName: csi-disk    # The storage class is EVS.
                                                                                                                              
+  storageClassName: csi-disk    # StorageClass is EVS.
                                                                                                                          
 
 
                                                                                                                      Table 1 Mounting a storage volume
                                                                                                                      Parameter
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Description
                                                                                                                      
@@ -86,13 +94,13 @@
 
                                                                                                                      PVC
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Select an existing EVS volume.
                                                                                                                      
-
                                                                                                                      An EVS volume cannot be repeatedly mounted to multiple workloads.
                                                                                                                      
+
                                                                                                                      An EVS volume can be mounted to only one workload.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Mount Path
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                      
-
                                                                                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                       NOTICE: 
                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                      
+
                                                                                                                      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                       NOTICE: 
                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Permission
                                                                                                                      
 
                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                      • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                      
+
                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                      • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
                                                                                                                       
 
 
                                                                                                                      
@@ -154,7 +163,7 @@ spec:
 
-
+
+
+
+
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0616.html b/docs/cce/umn/cce_10_0616.html
index 8aecab97..84fa6e9b 100644
--- a/docs/cce/umn/cce_10_0616.html
+++ b/docs/cce/umn/cce_10_0616.html
@@ -1,11 +1,11 @@
 
                                                                                                                      Dynamically Mounting an EVS Disk to a StatefulSet
                                                                                                                      
-
                                                                                                                      Application Scenarios
                                                                                                                      Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on the storage class to dynamically provision PVs. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                      
+
                                                                                                                      Application Scenarios
                                                                                                                      Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on dynamic creation of PVs through StorageClass. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Prerequisites
                                                                                                                      
+
                                                                                                                      Prerequisites
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      (Console) Dynamically Mounting an EVS Disk
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                      3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate (VTC).
                                                                                                                      4. Click Create PVC. In the dialog box displayed, configure the PVC parameters.
                                                                                                                        Click Create.
+
                                                                                                                        Dynamically Mounting an EVS Disk on the Console
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                                        3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate.
                                                                                                                        4. Click Create PVC. In the dialog box displayed, configure PVC parameters.
                                                                                                                          Click Create.
 
                                                                                                                      Table 2 Key parameters
                                                                                                                      Parameter
                                                                                                                      
 
                                                                                                                      Yes
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Region where the cluster is located.
                                                                                                                      
-
                                                                                                                      For details about the value of region, see Regions and Endpoints.
                                                                                                                      
+
                                                                                                                      For details about the value of region, see Regions and Endpoints.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      failure-domain.beta.kubernetes.io/zone
                                                                                                                      
@@ -162,7 +171,7 @@ spec:
 
                                                                                                                      Yes
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                      
-
                                                                                                                      For details about the value of zone, see Regions and Endpoints.
                                                                                                                      
+
                                                                                                                      For details about the value of zone, see Regions and Endpoints.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      everest.io/disk-volume-type
                                                                                                                      
@@ -195,11 +204,21 @@ spec:
                                                                                                                       		
 
                                                                                                                      No
                                                                                                                      
 
                                                                                                                      This field is optional. It specifies the file system type. The default value is ext4.
                                                                                                                      
+
                                                                                                                      This field is optional. It specifies the file system type, which defaults to ext4.
                                                                                                                      
 
                                                                                                                      The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                      • The nodes must run CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                      • Only common containers are supported.
                                                                                                                      
 
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      everest.io/csi.volume-name-prefix
                                                                                                                      
+
                                                                                                                      No
                                                                                                                      
+
                                                                                                                      (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                      
+
                                                                                                                      This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                      
+
                                                                                                                      Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                      
+
                                                                                                                      For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                      
+
                                                                                                                      
 
                                                                                                                      storage
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Yes
                                                                                                                      
@@ -229,7 +248,7 @@ spec:
   selector:
     matchLabels:
       app: web-evs-auto
-  serviceName: web-evs-auto   # Headless Service name.
+  serviceName: web-evs-auto   # Headless Service name
   template:
     metadata:
       labels:
@@ -240,18 +259,18 @@ spec:
         image: nginx:latest
         volumeMounts:
         - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-disk    # Volume name, which can be customized.
+        - name: pvc-disk    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-evs-auto    # Name of the created PVC.
+            claimName: pvc-evs-auto    # Name of the created PVC
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: web-evs-auto   # Headless Service name.
+  name: web-evs-auto   # Headless Service name
   namespace: default
   labels:
     app: web-evs-auto
@@ -277,12 +296,12 @@ spec:
 
                                                                                                                    4. Run the following command to check whether the EVS volume has been mounted to the /data path:
                                                                                                                      kubectl exec web-evs-auto-0 -- df | grep data
                                                                                                                      
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      /dev/sdc              10255636     36888  10202364   0% /data
                                                                                                                      
-
                                                                                                                    5. Run the following command to view the files in the /data path:
                                                                                                                      kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                      
+
                                                                                                                    6. Run the following command to check the files in the /data path:
                                                                                                                      kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                      
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      lost+found
                                                                                                                      
 
                                                                                                                      7. 
 
                                                                                                                    7. Run the following command to create a file named static in the /data path:
                                                                                                                      kubectl exec web-evs-auto-0 --  touch /data/static
                                                                                                                      
-
                                                                                                                    8. Run the following command to view the files in the /data path:
                                                                                                                      kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                      
+
                                                                                                                    9. Run the following command to check the files in the /data path:
                                                                                                                      kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                      
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      lost+found
 static
                                                                                                                      
@@ -293,7 +312,7 @@ spec:
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      lost+found
 static
                                                                                                                      
-
                                                                                                                      If the static file still exists, the data in the EVS volume can be stored persistently.
                                                                                                                      
+
                                                                                                                      The static file is retained, indicating that the data in the EVS volume can be stored persistently.
                                                                                                                      
 
                                                                                                                      10. 
 
 
                                                                                                                      Related Operations
                                                                                                                      You can also perform the operations listed in Table 3.
@@ -305,25 +324,25 @@ spec:
 
 
                                                                                                                      
 
                                                                                                                      Expanding the capacity of an EVS disk
                                                                                                                      
+
                                                                                                                      Expanding the capacity of an EVS disk
                                                                                                                      
 
                                                                                                                      Quickly expand the capacity of a mounted EVS disk on the CCE console.
                                                                                                                      
+
                                                                                                                      Quickly expand the capacity of an attached EVS disk on the CCE console.
                                                                                                                      
 
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                      2. Enter the capacity to be added and click OK.
                                                                                                                      
+
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                      2. Enter the capacity to be added and click OK.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Viewing events
                                                                                                                      
 
                                                                                                                      You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                      
+
                                                                                                                      View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                      
 
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                      2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                      
+
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                      2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Viewing a YAML file
                                                                                                                      
 
                                                                                                                      You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                      
+
                                                                                                                      View, copy, or download the YAML file of a PVC or PV.
                                                                                                                      
 
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                      2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                      
+
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                      2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
                                                                                                                       
 
 
                                                                                                                      
+
+
+
-
-
-
-
@@ -94,7 +101,7 @@
 
-
@@ -105,7 +112,7 @@
 
                                                                                                                    10. Dynamically mount and use storage volumes. For details about other parameters, see Creating a StatefulSet. After the configuration, click Create Workload.
                                                                                                                      After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                      
 
                                                                                                                      11. 
-
                                                                                                                      Dynamically Mounting an EVS Volume Using kubectl
                                                                                                                      1. Use kubectl to access the cluster.
                                                                                                                      2. Create a file named statefulset-evs.yaml. In this example, the EVS volume is mounted to the /data path.
                                                                                                                        apiVersion: apps/v1
+
                                                                                                                        Dynamically Mounting an EVS Volume Through kubectl
                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                        2. Create a file named statefulset-evs.yaml. In this example, the EVS volume is mounted to the /data path.
                                                                                                                          apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: statefulset-evs
@@ -124,10 +131,10 @@ spec:
           image: nginx:latest
           volumeMounts:
             - name: pvc-disk           # The value must be the same as that in the volumeClaimTemplates field.
-              mountPath: /data         # Location where the storage volume is mounted.
+              mountPath: /data         # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
-  serviceName: statefulset-evs         # Headless Service name.
+  serviceName: statefulset-evs         # Headless Service name
   replicas: 2
   volumeClaimTemplates:
     - apiVersion: v1
@@ -136,26 +143,27 @@ spec:
         name: pvc-disk
         namespace: default
         annotations:
-          everest.io/disk-volume-type: SAS    # EVS disk type.
-          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+          everest.io/disk-volume-type: SAS    # EVS disk type
+          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
-          everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
-          csi.storage.k8s.io/fstype: xfs    # (Optional) Set the file system type to xfs. If it is left blank, ext4 is used by default.
+          everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+          csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
+          everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
         labels:
-          failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
-          failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+          failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+          failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
       spec:
         accessModes:
           - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
         resources:
           requests:
-            storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768.
-        storageClassName: csi-disk    # The storage class is EVS.
+            storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768
+        storageClassName: csi-disk    # StorageClass is EVS
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: statefulset-evs   # Headless Service name.
+  name: statefulset-evs   # Headless Service name
   namespace: default
   labels:
     app: statefulset-evs
@@ -171,76 +179,86 @@ spec:
       protocol: TCP
   type: ClusterIP
                                                                                                                          
 
-
                                                                                                                      Parameter
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Description
                                                                                                                      
@@ -32,6 +32,13 @@
 
                                                                                                                      The storage class for EVS disks is csi-disk.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      (Optional) Storage Volume Name Prefix
                                                                                                                      
+
                                                                                                                      Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                      
+
                                                                                                                      This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                      
+
                                                                                                                      For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                      
+
                                                                                                                      
 
                                                                                                                      AZ
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Select the AZ of the EVS disk. The AZ must be the same as that of the cluster node.
                                                                                                                      
@@ -44,14 +51,14 @@
 
                                                                                                                      Select an EVS disk type. EVS disk types vary depending on regions. Obtain the available EVS types on the console.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Access Mode
                                                                                                                      
+
                                                                                                                      Capacity (GiB)
                                                                                                                      
 
                                                                                                                      EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                      
+
                                                                                                                      Capacity of the requested storage volume.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Capacity (GiB)
                                                                                                                      
+
                                                                                                                      Access Mode
                                                                                                                      
 
                                                                                                                      Capacity of the requested storage volume.
                                                                                                                      
+
                                                                                                                      EVS volumes support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Encryption
                                                                                                                      
@@ -82,7 +89,7 @@
 
                                                                                                                      Mount Path
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                      
-
                                                                                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                       NOTICE: 
                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                      
+
                                                                                                                      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                       NOTICE: 
                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Permission
                                                                                                                      
 
                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                      • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                      
+
                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                      • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
                                                                                                                       
 
                                                                                                                      Table 2 Key parameters
                                                                                                                      Parameter
                                                                                                                      
+
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
@@ -257,12 +275,12 @@ statefulset-evs-1          1/1     Running   0             28s
                                                                                                                    11. Run the following command to check whether the EVS volume has been mounted to the /data path:
                                                                                                                      kubectl exec statefulset-evs-0 -- df | grep data
                                                                                                                      
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      /dev/sdd              10255636     36888  10202364   0% /data
                                                                                                                      
-
                                                                                                                    12. Run the following command to view the files in the /data path:
                                                                                                                      kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                      
+
                                                                                                                    13. Run the following command to check the files in the /data path:
                                                                                                                      kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                      
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      lost+found
                                                                                                                      
 
                                                                                                                    14. Run the following command to create a file named static in the /data path:
                                                                                                                      kubectl exec statefulset-evs-0 --  touch /data/static
                                                                                                                      
-
                                                                                                                    15. Run the following command to view the files in the /data path:
                                                                                                                      kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                      
+
                                                                                                                    16. Run the following command to check the files in the /data path:
                                                                                                                      kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                      
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      lost+found
 static
                                                                                                                      
@@ -273,7 +291,7 @@ statefulset-evs-1          1/1     Running   0             28s
 
                                                                                                                      Expected output:
                                                                                                                      
 
                                                                                                                      lost+found
 static
                                                                                                                      
-
                                                                                                                      If the static file still exists, the data in the EVS volume can be stored persistently.
                                                                                                                      
+
                                                                                                                      The static file is retained, indicating that the data in the EVS volume can be stored persistently.
                                                                                                                      
 
                                                                                                                      17. Related Operations
                                                                                                                      You can also perform the operations listed in Table 3.
@@ -285,25 +303,25 @@ statefulset-evs-1          1/1     Running   0             28s
 
 
 
-
                                                                                                                      
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0617.html b/docs/cce/umn/cce_10_0617.html
index 1c35b79d..5aab99a2 100644
--- a/docs/cce/umn/cce_10_0617.html
+++ b/docs/cce/umn/cce_10_0617.html
@@ -3,10 +3,10 @@
 
                                                                                                                      Overview
                                                                                                                      Introduction
                                                                                                                      CCE allows you to mount a volume created from a Scalable File Service (SFS) file system to a container to store data persistently. SFS volumes are commonly used in ReadWriteMany scenarios for large-capacity expansion and cost-sensitive services, such as media processing, content management, big data analysis, and workload process analysis. For services with massive volume of small files, SFS Turbo file systems are recommended.
                                                                                                                      
 
                                                                                                                      Expandable to petabytes, SFS provides fully hosted shared file storage, highly available and stable to handle data- and bandwidth-intensive applications
                                                                                                                      
-
                                                                                                                      • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                      • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                      • Private network: Users can access data only in private networks of data centers.
                                                                                                                      • Capacity and performance: The capacity of a single file system is high (PB level) and the performance is excellent (ms-level read/write I/O latency).
                                                                                                                      • Use cases: Deployments/StatefulSets in the ReadWriteMany mode and jobs created for high-performance computing (HPC), media processing, content management, web services, big data analysis, and workload process analysis
                                                                                                                      
+
                                                                                                                      • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                      • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                      • Private network: Users can access data only in private networks of data centers.
                                                                                                                      • Capacity and performance: The capacity of a single file system is high (PB level) and the performance is excellent (ms-level I/O latency).
                                                                                                                      • Use cases: Deployments/StatefulSets in the ReadWriteMany mode and jobs created for high-performance computing (HPC), media processing, content management, web services, big data analysis, and workload process analysis
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      Application Scenarios
                                                                                                                      SFS supports the following mounting modes based on application scenarios:
                                                                                                                      
-
                                                                                                                      • Using an Existing SFS File System Through a Static PV: static creation mode, where you use an existing SFS volume to create a PV and then mount storage to the workload through a PVC. This mode applies to scenarios where the underlying storage is available.
                                                                                                                      • Using an SFS File System Through a Dynamic PV: dynamic creation mode, where you do not need to create SFS volumes in advance. Instead, specify a StorageClass during PVC creation and an SFS volume and a PV will be automatically created. This mode applies to scenarios where no underlying storage is available.
                                                                                                                      
+
                                                                                                                      • Using an Existing SFS File System Through a Static PV: static creation mode, where you use an existing SFS volume to create a PV and then mount storage to the workload through a PVC. This mode applies if the underlying storage is available.
                                                                                                                      • Using an SFS File System Through a Dynamic PV: dynamic creation mode, in which you do not need to create SFS file systems beforehand. Instead, specify a StorageClass when creating a PVC. Then, a file system and PV will be created automatically. This mode applies to scenarios where no underlying storage is available.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0619.html b/docs/cce/umn/cce_10_0619.html
index 04e4a87a..f2d2956c 100644
--- a/docs/cce/umn/cce_10_0619.html
+++ b/docs/cce/umn/cce_10_0619.html
@@ -2,12 +2,12 @@
 
 
                                                                                                                      Using an Existing SFS File System Through a Static PV
                                                                                                                      
 
                                                                                                                      SFS is a network-attached storage (NAS) that provides shared, scalable, and high-performance file storage. It applies to large-capacity expansion and cost-sensitive services. This section describes how to use an existing SFS file system to statically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                                      
-
                                                                                                                      Prerequisites
                                                                                                                      
+
                                                                                                                      Prerequisites
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Constraints
                                                                                                                      • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                        • Do not mount all PVCs/PVs that use the same underlying SFS or SFS Turbo file system to a pod. This leads to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle values of these PVs.
                                                                                                                        • The persistentVolumeReclaimPolicy parameter in the PVs is suggested to be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                        • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                        
+
                                                                                                                        Notes and Constraints
                                                                                                                        • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                          • Do not mount the PVCs/PVs that use the same underlying SFS or SFS Turbo volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                                          • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                          • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Using an Existing SFS File System on the Console
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. Statically create a PVC and PV.
                                                                                                                          1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                            Using an Existing SFS File System on the Console
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                            2. Statically create a PVC and PV.
                                                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                      Table 2 Key parameters
                                                                                                                      Parameter
                                                                                                                      
 
                                                                                                                      Mandatory
                                                                                                                      
+
                                                                                                                      Mandatory
                                                                                                                      
 
                                                                                                                      Description
                                                                                                                      
+
                                                                                                                      Description
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      failure-domain.beta.kubernetes.io/region
                                                                                                                      
+
                                                                                                                      failure-domain.beta.kubernetes.io/region
                                                                                                                      
 
                                                                                                                      Yes
                                                                                                                      
+
                                                                                                                      Yes
                                                                                                                      
 
                                                                                                                      Region where the cluster is located.
                                                                                                                      
-
                                                                                                                      For details about the value of region, see Regions and Endpoints.
                                                                                                                      
+
                                                                                                                      Region where the cluster is located.
                                                                                                                      
+
                                                                                                                      For details about the value of region, see Regions and Endpoints.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      failure-domain.beta.kubernetes.io/zone
                                                                                                                      
+
                                                                                                                      failure-domain.beta.kubernetes.io/zone
                                                                                                                      
 
                                                                                                                      Yes
                                                                                                                      
+
                                                                                                                      Yes
                                                                                                                      
 
                                                                                                                      AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                      
-
                                                                                                                      For details about the value of zone, see Regions and Endpoints.
                                                                                                                      
+
                                                                                                                      AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                      
+
                                                                                                                      For details about the value of zone, see Regions and Endpoints.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      everest.io/disk-volume-type
                                                                                                                      
+
                                                                                                                      everest.io/disk-volume-type
                                                                                                                      
 
                                                                                                                      Yes
                                                                                                                      
+
                                                                                                                      Yes
                                                                                                                      
 
                                                                                                                      EVS disk type. All letters are in uppercase.
                                                                                                                      • SATA: common I/O
                                                                                                                      • SAS: high I/O
                                                                                                                      • SSD: ultra-high I/O
                                                                                                                      
+
                                                                                                                      EVS disk type. All letters are in uppercase.
                                                                                                                      • SATA: common I/O
                                                                                                                      • SAS: high I/O
                                                                                                                      • SSD: ultra-high I/O
                                                                                                                      
 
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      everest.io/crypt-key-id
                                                                                                                      
+
                                                                                                                      everest.io/crypt-key-id
                                                                                                                      
 
                                                                                                                      No
                                                                                                                      
+
                                                                                                                      No
                                                                                                                      
 
                                                                                                                      Mandatory when the EVS disk is encrypted. Enter the encryption key ID selected during EVS disk creation.
                                                                                                                      
-
                                                                                                                      To obtain the encryption key ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, copy the value of KMS Key ID in the Configuration Information area.
                                                                                                                      
+
                                                                                                                      Mandatory when the EVS disk is encrypted. Enter the encryption key ID selected during EVS disk creation.
                                                                                                                      
+
                                                                                                                      To obtain an encryption key ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, copy the value of KMS Key ID in the Configuration Information area.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      everest.io/disk-volume-tags
                                                                                                                      
+
                                                                                                                      everest.io/disk-volume-tags
                                                                                                                      
 
                                                                                                                      No
                                                                                                                      
+
                                                                                                                      No
                                                                                                                      
 
                                                                                                                      This field is optional. It is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                      
+
                                                                                                                      This field is optional. It is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                      
 
                                                                                                                      You can add resource tags to classify resources.
                                                                                                                      
 
                                                                                                                      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                      
 
                                                                                                                      CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      csi.storage.k8s.io/fstype
                                                                                                                      
+
                                                                                                                      csi.storage.k8s.io/fstype
                                                                                                                      
 
                                                                                                                      No
                                                                                                                      
+
                                                                                                                      No
                                                                                                                      
 
                                                                                                                      This field is optional. It is supported by nodes running CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.1.53 or later.
                                                                                                                      
+
                                                                                                                      This field is optional. It is supported by nodes running CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.1.53 or later.
                                                                                                                      
 
                                                                                                                      You can use it to configure a file system type, which can be ext4 or xfs. If it is left blank, the default value ext4 will be used.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      storage
                                                                                                                      
+
                                                                                                                      everest.io/csi.volume-name-prefix
                                                                                                                      
 
                                                                                                                      Yes
                                                                                                                      
+
                                                                                                                      No
                                                                                                                      
 
                                                                                                                      Requested PVC capacity, in Gi. The value ranges from 1 to 32768.
                                                                                                                      
+
                                                                                                                      (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                      
+
                                                                                                                      This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                      
+
                                                                                                                      Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                      
+
                                                                                                                      For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      storageClassName
                                                                                                                      
+
                                                                                                                      storage
                                                                                                                      
 
                                                                                                                      Yes
                                                                                                                      
+
                                                                                                                      Yes
                                                                                                                      
 
                                                                                                                      The storage class for EVS disks is csi-disk.
                                                                                                                      
+
                                                                                                                      Requested PVC capacity, in Gi. The value ranges from 1 to 32768.
                                                                                                                      
+
                                                                                                                      storageClassName
                                                                                                                      
+
                                                                                                                      Yes
                                                                                                                      
+
                                                                                                                      The storage class for EVS disks is csi-disk.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
                                                                                                                       
 
 
 
 
                                                                                                                      Expanding the capacity of an EVS disk
                                                                                                                      
+
                                                                                                                      Expanding the capacity of an EVS disk
                                                                                                                      
 
                                                                                                                      Quickly expand the capacity of a mounted EVS disk on the CCE console.
                                                                                                                      
+
                                                                                                                      Quickly expand the capacity of an attached EVS disk on the CCE console.
                                                                                                                      
 
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                      2. Enter the capacity to be added and click OK.
                                                                                                                      
+
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                      2. Enter the capacity to be added and click OK.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Viewing events
                                                                                                                      
 
                                                                                                                      You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                      
+
                                                                                                                      View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                      
 
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                      2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                      
+
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                      2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Viewing a YAML file
                                                                                                                      
 
                                                                                                                      You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                      
+
                                                                                                                      View, copy, or download the YAML file of a PVC or PV.
                                                                                                                      
 
                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                      2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                      
+
                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                      2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
                                                                                                                       
 
 
                                                                                                                      
-
-
-
@@ -56,7 +56,7 @@
 
@@ -73,34 +73,34 @@
 
                                                                                                                    17. Click Create to create a PVC and a PV.
                                                                                                                      You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                      
 
                                                                                                                      18. 
-
                                                                                                                    18. Create an application.
                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                                      19. Parameter
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Description
                                                                                                                      
@@ -21,18 +21,18 @@
 
                                                                                                                      
 
                                                                                                                      PVC Name
                                                                                                                      
 
                                                                                                                      Enter the PVC name, which must be unique in the same namespace.
                                                                                                                      
+
                                                                                                                      Enter the PVC name, which must be unique in a namespace.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      Creation Method
                                                                                                                      
 
                                                                                                                      • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV is available.
                                                                                                                      • If no underlying storage is available, select Dynamically provision. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                      
-
                                                                                                                      In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                                      
+
                                                                                                                      • If underlying storage is available, create a PV or use an existing PV to statically create a PVC.
                                                                                                                      • If no underlying storage is available, select Dynamically provision. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                      
+
                                                                                                                      In this example, select Create new to create both a PV and PVC on the console.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      
 
                                                                                                                      PVa
                                                                                                                      
 
                                                                                                                      Select an existing PV in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                                                      
+
                                                                                                                      Select an existing PV in the cluster. For details about how to create a PV, see "Creating a storage volume" in Related Operations.
                                                                                                                      
 
                                                                                                                      You do not need to specify this parameter in this example.
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      Reclaim Policyb
                                                                                                                      
                                                                                                                       		
 
                                                                                                                      You can select Delete or Retain to specify the reclaim policy of the underlying storage when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                                                      
-
                                                                                                                       NOTE: 
                                                                                                                      If multiple PVs use the same underlying storage volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                      
+
                                                                                                                       NOTE: 
                                                                                                                      If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                      
 
                                                                                                                      
 
                                                                                                                      		
 
                                                                                                                      
 
                                                                                                                      Table 1 Mounting a storage volume
                                                                                                                      Parameter
                                                                                                                      
+
                                                                                                                    19. Create an application.
                                                                                                                      1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                        
-
-
-
-
-
-
-
-
-
@@ -113,68 +113,67 @@
 
                                                                                                                        
-
                                                                                                                        (kubectl) Using an Existing SFS File System
                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                        2. Create a PV.
                                                                                                                          1. Create the pv-sfs.yaml file.
                                                                                                                            SFS Capacity-Oriented:
                                                                                                                            apiVersion: v1
+
                                                                                                                            Using an Existing SFS File System Through kubectl
                                                                                                                            1. Use kubectl to access the cluster.
                                                                                                                            2. Create a PV.
                                                                                                                              1. Create the pv-sfs.yaml file.
                                                                                                                                SFS Capacity-Oriented:
                                                                                                                                apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
-  name: pv-sfs    # PV name.
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The underlying volume is retained when the PV is deleted.
+  name: pv-sfs    # PV name
 spec:
   accessModes:
   - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
   capacity:
-    storage: 1Gi     # SFS volume capacity.
+    storage: 1Gi     # SFS volume capacity
   csi:
-    driver: disk.csi.everest.io   # Dependent storage driver for the mounting.
+    driver: nas.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
-    volumeHandle: <your_volume_id>   # SFS Capacity-Oriented volume ID.
+    volumeHandle: <your_volume_id>   # SFS Capacity-Oriented volume ID
     volumeAttributes:
-      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume.
+      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-nas               # Storage class name. csi-nas indicates that SFS Capacity-Oriented is used.
-  mountOptions: []                         # Mount options.
                                                                                                                                
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy
+  storageClassName: csi-nas               # StorageClass name. csi-nas indicates that SFS Capacity-Oriented is used.
+  mountOptions: []                         # Mount options
                                                                                                                            
 
                                                                                                                            
 
-
                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                        Parameter
                                                                                                                        
 
                                                                                                                        Description
                                                                                                                        
+
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        PVC
                                                                                                                        
+
                                                                                                                        PVC
                                                                                                                        
 
                                                                                                                        Select an existing SFS volume.
                                                                                                                        
+
                                                                                                                        Select an existing SFS volume.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Mount Path
                                                                                                                        
+
                                                                                                                        Mount Path
                                                                                                                        
 
                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                        
-
                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                         NOTICE: 
                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                        
+
                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                        
+
                                                                                                                        This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                         NOTICE: 
                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Subpath
                                                                                                                        
+
                                                                                                                        Subpath
                                                                                                                        
 
                                                                                                                        Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                        
+
                                                                                                                        Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Permission
                                                                                                                        
+
                                                                                                                        Permission
                                                                                                                        
 
                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                        
+
                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                        • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
                                                                                                                         
 
 
                                                                                                                        Table 2 Key parameters
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -220,28 +218,28 @@ spec:
   resources:
     requests:
       storage: 1Gi               # SFS volume capacity.
-storageClassName: csi-nas # Storage class name, which must be the same as the PV's storage class.
-  volumeName: pv-sfs    # PV name.
+  storageClassName: csi-nas     # Storage class name, which must be the same as the PV's storage class. 
+  volumeName: pv-sfs    # PV name
 
-
                                                                                                                        Table 2 Key parameters
                                                                                                                        Parameter
                                                                                                                        
 
                                                                                                                        Mandatory
                                                                                                                        
+
                                                                                                                        Mandatory
                                                                                                                        
 
                                                                                                                        Description
                                                                                                                        
+
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        everest.io/reclaim-policy: retain-volume-only
                                                                                                                        
+
                                                                                                                        everest.io/reclaim-policy
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        Optional.
                                                                                                                        
-
                                                                                                                        Currently, only retain-volume-only is supported.
                                                                                                                        
-
                                                                                                                        This field is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                        
+
                                                                                                                        Only retain-volume-only is supported.
                                                                                                                        
+
                                                                                                                        This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        volumeHandle
                                                                                                                        
+
                                                                                                                        volumeHandle
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        • If an SFS Capacity-Oriented volume is used, enter the volume ID.
                                                                                                                          Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS file system. On the details page, copy the content following ID.
                                                                                                                          
+
                                                                                                                        • If an SFS Capacity-Oriented volume is used, enter the volume ID.
                                                                                                                          Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Capacity-Oriented. In the list, click the name of the target SFS file system. On the details page, copy the content following ID.
                                                                                                                          
 
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        everest.io/share-export-location
                                                                                                                        
+
                                                                                                                        everest.io/share-export-location
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        Shared path of the file system.
                                                                                                                        
+
                                                                                                                        Shared path of the file system.
                                                                                                                        
 
                                                                                                                        • For an SFS Capacity-Oriented file system, log in to the CCE console, choose Service List > Storage > Scalable File Service, and obtain the shared path from the Mount Address column.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        mountOptions
                                                                                                                        
+
                                                                                                                        mountOptions
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        Mount options.
                                                                                                                        
+
                                                                                                                        Mount options.
                                                                                                                        
 
                                                                                                                        If not specified, the following configurations are used by default. For details, see Configuring SFS Volume Mount Options.
                                                                                                                        
 
                                                                                                                        mountOptions:
 - vers=3
@@ -183,22 +182,21 @@ spec:
 - hard
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        persistentVolumeReclaimPolicy
                                                                                                                        
+
                                                                                                                        persistentVolumeReclaimPolicy
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                                        
+
                                                                                                                        A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                                        
 
                                                                                                                        The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same SFS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                        
-
                                                                                                                        Delete:
                                                                                                                        
-
                                                                                                                        • If everest.io/reclaim-policy is not specified, both the PV and SFS volume are deleted when a PVC is deleted.
                                                                                                                        • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the SFS volume resources are retained.
                                                                                                                        
-
                                                                                                                        Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                        
+
                                                                                                                        Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                        
+
                                                                                                                        Delete: When a PVC is deleted, its PV will also be deleted.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        storage
                                                                                                                        
+
                                                                                                                        storage
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                        
+
                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                        
 
                                                                                                                        For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Table 3 Key parameters
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                        
-
-
-
-
-
@@ -270,14 +268,14 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-sfs-volume    # Volume name, which can be customized.
+        - name: pvc-sfs-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-sfs    # Name of the created PVC.
+            claimName: pvc-sfs    # Name of the created PVC
                                                                                                                      3. Run the following command to create a workload to which the SFS volume is mounted:
                                                                                                                        kubectl apply -f web-demo.yaml
                                                                                                                        
 
                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                        
 
                                                                                                                        4. 
@@ -292,7 +290,7 @@ kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                        If no result is returned for both pods, no file exists in the /data path.
                                                                                                                      4. Run the following command to create a file named static in the /data path:
                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                        
-
                                                                                                                      5. Run the following command to view the files in the /data path:
                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                        
+
                                                                                                                      6. Run the following command to check the files in the /data path:
                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                        
 
                                                                                                                        Expected output:
                                                                                                                        
 
                                                                                                                        static
                                                                                                                        
 
                                                                                                                      7. Verify data persistence.
                                                                                                                        1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                          kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                          
@@ -306,7 +304,7 @@ web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
 
                                                                                                                        2. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                          kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                          
 
                                                                                                                          Expected output:
                                                                                                                          
 
                                                                                                                          static
                                                                                                                          
-
                                                                                                                          If the static file still exists, the data can be stored persistently.
                                                                                                                          
+
                                                                                                                          The static file is retained, indicating that the data in the file system can be stored persistently.
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                      8. Verify data sharing.
                                                                                                                        1. Run the following command to view the created pod:
                                                                                                                          kubectl get pod | grep web-demo
                                                                                                                          
 
                                                                                                                          Expected output:
                                                                                                                          web-demo-846b489584-d4d4j   1/1     Running   0             7m
@@ -339,7 +337,7 @@ static
                                                                                                                          
 
 
                                                                                                                        9. 
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0620.html b/docs/cce/umn/cce_10_0620.html
index 0b41a278..651ab978 100644
--- a/docs/cce/umn/cce_10_0620.html
+++ b/docs/cce/umn/cce_10_0620.html
@@ -1,10 +1,10 @@
 
                                                                                                                        Using an SFS File System Through a Dynamic PV
                                                                                                                        
-
                                                                                                                        This section describes how to use storage classes to dynamically create PVs and PVCs and implement data persistence and sharing in workloads.
                                                                                                                        
-
                                                                                                                        Prerequisites
                                                                                                                        
+
                                                                                                                        This section describes how to use storage classes to dynamically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                                        
+
                                                                                                                        Prerequisites
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Automatically Creating an SFS File System on the Console
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. Dynamically create a PVC and PV.
                                                                                                                          1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                            Automatically Creating an SFS File System on the Console
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                            2. Dynamically create a PVC and PV.
                                                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                        Table 3 Key parameters
                                                                                                                        Parameter
                                                                                                                        
 
                                                                                                                        Mandatory
                                                                                                                        
+
                                                                                                                        Mandatory
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        storage
                                                                                                                        
+
                                                                                                                        storage
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                        
 
                                                                                                                        The value must be the same as the storage size of the existing PV.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        volumeName
                                                                                                                        
+
                                                                                                                        volumeName
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        PV name, which must be the same as the PV name in 1.
                                                                                                                        
                                                                                                                         		
 
 
 
 
                                                                                                                        Create a PV on the CCE console.
                                                                                                                        
 
                                                                                                                        1. Choose Storage in the navigation pane and click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure the parameters.
                                                                                                                          • Volume Type: Select SFS.
                                                                                                                          • SFS: Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                                          • PV Name: Enter the PV name. The PV name must be unique in the same cluster.
                                                                                                                          • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                          • Reclaim Policy: Delete or Retain. For details, see PV Reclaim Policy.
                                                                                                                             NOTE: 
                                                                                                                            If multiple PVs use the same underlying storage volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                            
+
                                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                          • Volume Type: Select SFS.
                                                                                                                          • SFS: Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                                          • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                          • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                          • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                                             NOTE: 
                                                                                                                            If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                          • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Volume Mount Options.
                                                                                                                          
 
                                                                                                                        2. Click Create.
                                                                                                                        
@@ -347,16 +345,16 @@ static
 
                                                                                                                        
 
                                                                                                                        Viewing events
                                                                                                                        
 
                                                                                                                        You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                        
+
                                                                                                                        View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                        
 
                                                                                                                        1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                        2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                        
+
                                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                        2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        Viewing a YAML file
                                                                                                                        
 
                                                                                                                        You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                        
+
                                                                                                                        View, copy, or download the YAML file of a PVC or PV.
                                                                                                                        
 
                                                                                                                        1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                        2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                        
+
                                                                                                                        1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                        2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
                                                                                                                         
 
 
                                                                                                                        
-
-
-
+
+
+
-
@@ -47,34 +54,34 @@
 
                                                                                                                      9. Click Create to create a PVC and a PV.
                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                        
 
                                                                                                                        10. 
-
                                                                                                                      10. Create an application.
                                                                                                                        1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                        2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                          Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                                        11. Parameter
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Description
                                                                                                                        
@@ -18,18 +18,25 @@
 
                                                                                                                        
 
                                                                                                                        PVC Name
                                                                                                                        
 
                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                        
+
                                                                                                                        Enter the PVC name, which must be unique in a namespace.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        Creation Method
                                                                                                                        
 
                                                                                                                        • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                        • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV is available. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                        
-
                                                                                                                        In this example, select Dynamically provision.
                                                                                                                        
+
                                                                                                                        • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                        • If underlying storage is available, create a PV or use an existing PV to statically create a PVC. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                        
+
                                                                                                                        In this document, Dynamically provision is selected.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        Storage Classes
                                                                                                                        
 
                                                                                                                        The storage class for SFS volumes is csi-nas.
                                                                                                                        
+
                                                                                                                        The storage class for SFS volumes is csi-nas.
                                                                                                                        
+
                                                                                                                        (Optional) Storage Volume Name Prefix
                                                                                                                        
+
                                                                                                                        Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                        
+
                                                                                                                        This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                        
+
                                                                                                                        For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        Access Mode
                                                                                                                        
@@ -39,7 +46,7 @@
 
                                                                                                                        
 
                                                                                                                        Encryption
                                                                                                                        
 
                                                                                                                        Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured.
                                                                                                                        
+
                                                                                                                        Configure whether to encrypt underlying storage if the storage class is csi-nas. If you select Enabled (key), an encryption key must be configured.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
 
                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                      11. Create an application.
                                                                                                                        1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                        2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                          Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                          
-
-
-
-
-
-
-
-
-
@@ -87,63 +94,77 @@
 
                                                                                                                          
-
                                                                                                                          (kubectl) Automatically Creating an SFS File System
                                                                                                                          1. Use kubectl to access the cluster.
                                                                                                                          2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                            1. Create the pvc-sfs-auto.yaml file.
                                                                                                                              apiVersion: v1
+
                                                                                                                              Automatically Creating an SFS File System Through kubectl
                                                                                                                              1. Use kubectl to access the cluster.
                                                                                                                              2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                1. Create the pvc-sfs-auto.yaml file.
                                                                                                                                  apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-sfs-auto
   namespace: default
   annotations: 
     everest.io/crypt-key-id: <your_key_id>      # (Optional) ID of the key for encrypting file systems
+
     everest.io/crypt-alias: sfs/default         # (Optional) Key name. Mandatory for encrypting volumes.
+
     everest.io/crypt-domain-id: <your_domain_id>   # (Optional) ID of the tenant to which an encrypted volume belongs. Mandatory for encrypting volumes.
+
+    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
 spec:
   accessModes:
     - ReadWriteMany             # The value must be ReadWriteMany for SFS.
   resources:
     requests:
-      storage: 1Gi             # SFS volume capacity.
-  storageClassName: csi-nas    # The storage class is SFS.
                                                                                                                                  
+      storage: 1Gi             # SFS volume capacity
+  storageClassName: csi-nas    # StorageClass is SFS.
                                                                                                                              
 
-
                                                                                                                          Table 1 Mounting a storage volume
                                                                                                                          Parameter
                                                                                                                          
 
                                                                                                                          Description
                                                                                                                          
+
                                                                                                                          Description
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          PVC
                                                                                                                          
+
                                                                                                                          PVC
                                                                                                                          
 
                                                                                                                          Select an existing SFS volume.
                                                                                                                          
+
                                                                                                                          Select an existing SFS volume.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Mount Path
                                                                                                                          
+
                                                                                                                          Mount Path
                                                                                                                          
 
                                                                                                                          Enter a mount path, for example, /tmp.
                                                                                                                          
-
                                                                                                                          This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                           NOTICE: 
                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                          
+
                                                                                                                          Enter a mount path, for example, /tmp.
                                                                                                                          
+
                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                           NOTICE: 
                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Subpath
                                                                                                                          
+
                                                                                                                          Subpath
                                                                                                                          
 
                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                          
+
                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Permission
                                                                                                                          
+
                                                                                                                          Permission
                                                                                                                          
 
                                                                                                                          • Read-only: You can only read the data in the mounted volumes.
                                                                                                                          • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                          
+
                                                                                                                          • Read-only: You can only read the data in the mounted volumes.
                                                                                                                          • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
                                                                                                                           
 
 
                                                                                                                          
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0624.html b/docs/cce/umn/cce_10_0624.html
index e3d4c073..bf2740c5 100644
--- a/docs/cce/umn/cce_10_0624.html
+++ b/docs/cce/umn/cce_10_0624.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                          Overview
                                                                                                                          Introduction
                                                                                                                          CCE allows you to mount storage volumes created by SFS Turbo file systems to a path of a container to meet data persistence requirements. SFS Turbo file systems are fast, on-demand, and scalable, which are suitable for scenarios with a massive number of small files, such as DevOps, containerized microservices, and enterprise office applications.
                                                                                                                          
-
                                                                                                                          Expandable to 320 TB, SFS Turbo provides a fully hosted shared file storage, which is highly available and stable, to support small files and applications requiring low latency and high IOPS.
                                                                                                                          
+
                                                                                                                          Expandable to 320 TB, SFS Turbo provides fully hosted shared file storage, which is highly available and stable, to support small files and applications requiring low latency and high IOPS.
                                                                                                                          
 
                                                                                                                          • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                          • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                          • Private network: Users can access data only in private networks of data centers.
                                                                                                                          • Data isolation: The on-cloud storage service provides exclusive cloud file storage, which delivers data isolation and ensures IOPS performance.
                                                                                                                          • Use cases: Deployments/StatefulSets in the ReadWriteMany mode, DaemonSets, and jobs created for high-traffic websites, log storage, DevOps, and enterprise OA applications
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          Application Scenarios
                                                                                                                          SFS Turbo supports the following mounting modes:
                                                                                                                          
-
+
 
                                                                                                                          
 
                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0625.html b/docs/cce/umn/cce_10_0625.html
index 43e0a45a..1e710f34 100644
--- a/docs/cce/umn/cce_10_0625.html
+++ b/docs/cce/umn/cce_10_0625.html
@@ -2,12 +2,12 @@
 
 
                                                                                                                          Using an Existing SFS Turbo File System Through a Static PV
                                                                                                                          
 
                                                                                                                          SFS Turbo is a shared file system with high availability and durability. It is suitable for applications that contain massive small files and require low latency, and high IOPS. This section describes how to use an existing SFS Turbo file system to statically create PVs and PVCs for data persistence and sharing in workloads.
                                                                                                                          
-
                                                                                                                          Prerequisites
                                                                                                                          • You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                                          • Before creating a cluster using commands, ensure kubectl is used to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                          • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                                          
+
                                                                                                                          Prerequisites
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Constraints
                                                                                                                          • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                            • Do not mount all PVCs/PVs that use the same underlying SFS or SFS Turbo file system to a pod. This leads to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle values of these PVs.
                                                                                                                            • The persistentVolumeReclaimPolicy parameter in the PVs is suggested to be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                            • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                            
+
                                                                                                                            Notes and Constraints
                                                                                                                            • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                              • Do not mount the PVCs/PVs that use the same underlying SFS or SFS Turbo volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                                              • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                              • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                              
 
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Using an Existing SFS Turbo File System on the Console
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                            2. Statically create a PVC and PV.
                                                                                                                              1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                Using an Existing SFS Turbo File System on the Console
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. Statically create a PVC and PV.
                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                          Table 2 Key parameters
                                                                                                                          Parameter
                                                                                                                          
+
                                                                                                                          
-
-
-
-
-
-
-
-
-
+
+
+
+
                                                                                                                          Table 2 Key parameters
                                                                                                                          Parameter
                                                                                                                          
 
                                                                                                                          Mandatory
                                                                                                                          
+
                                                                                                                          Mandatory
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Description
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          storage
                                                                                                                          
+
                                                                                                                          storage
                                                                                                                          
 
                                                                                                                          Yes
                                                                                                                          
+
                                                                                                                          Yes
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Requested capacity in the PVC, in Gi.
                                                                                                                          
 
                                                                                                                          For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          everest.io/crypt-key-id
                                                                                                                          
+
                                                                                                                          everest.io/crypt-key-id
                                                                                                                          
 
                                                                                                                          No
                                                                                                                          
+
                                                                                                                          No
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          This parameter is mandatory when an SFS system is encrypted. Enter the encryption key ID selected during SFS system creation. You can use a custom key or the default key named sfs/default.
                                                                                                                          
 
                                                                                                                          To obtain a key ID, log in to the DEW console, locate the key to be encrypted, and copy the key ID.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          everest.io/crypt-alias
                                                                                                                          
+
                                                                                                                          everest.io/crypt-alias
                                                                                                                          
 
                                                                                                                          No
                                                                                                                          
+
                                                                                                                          No
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Key name, which is mandatory when you create an encrypted volume.
                                                                                                                          
 
                                                                                                                          To obtain a key name, log in to the DEW console, locate the key to be encrypted, and copy the key name.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          everest.io/crypt-domain-id
                                                                                                                          
+
                                                                                                                          everest.io/crypt-domain-id
                                                                                                                          
 
                                                                                                                          No
                                                                                                                          
+
                                                                                                                          No
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          ID of the tenant to which the encrypted volume belongs. This parameter is mandatory for creating an encrypted volume.
                                                                                                                          
 
                                                                                                                          To obtain a tenant ID, hover the cursor over the username in the upper right corner of the ECS console, choose My Credentials, and copy the account ID.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          everest.io/csi.volume-name-prefix
                                                                                                                          
+
                                                                                                                          No
                                                                                                                          
+
                                                                                                                          (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                          
+
                                                                                                                          This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                          
+
                                                                                                                          Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                          
+
                                                                                                                          For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                          
+
                                                                                                                          
                                                                                                                           
 
                                                                                                                          
 
                                                                                                                          
@@ -168,14 +189,14 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-sfs-volume    # Volume name, which can be customized.
+        - name: pvc-sfs-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-sfs-auto    # Name of the created PVC.
+            claimName: pvc-sfs-auto    # Name of the created PVC
 
                                                                                                                        3. Run the following command to create a workload to which the SFS volume is mounted:
                                                                                                                          kubectl apply -f web-demo.yaml
                                                                                                                          
 
                                                                                                                          After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                          
 
                                                                                                                          4. 
@@ -190,7 +211,7 @@ kubectl exec web-demo-846b489584-wvv5s -- ls /data
 
                                                                                                                          If no result is returned for both pods, no file exists in the /data path.
                                                                                                                          
 
 
                                                                                                                        4. Run the following command to create a file named static in the /data path:
                                                                                                                          kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                          
-
                                                                                                                        5. Run the following command to view the files in the /data path:
                                                                                                                          kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                          
+
                                                                                                                        6. Run the following command to check the files in the /data path:
                                                                                                                          kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                          
 
                                                                                                                          Expected output:
                                                                                                                          
 
                                                                                                                          static
                                                                                                                          
 
                                                                                                                        7. Verify data persistence.
                                                                                                                          1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                            kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                            
@@ -204,7 +225,7 @@ web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
 
                                                                                                                          2. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                            kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                            
 
                                                                                                                            Expected output:
                                                                                                                            
 
                                                                                                                            static
                                                                                                                            
-
                                                                                                                            If the static file still exists, the data can be stored persistently.
                                                                                                                            
+
                                                                                                                            The static file is retained, indicating that the data in the file system can be stored persistently.
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                        8. Verify data sharing.
                                                                                                                          1. Run the following command to view the created pod:
                                                                                                                            kubectl get pod | grep web-demo
                                                                                                                            
 
                                                                                                                            Expected output:
                                                                                                                            web-demo-846b489584-d4d4j   1/1     Running   0             7m
@@ -235,16 +256,16 @@ static
                                                                                                                            
 
                                                                                                                          9. 
 
                                                                                                                          Viewing events
                                                                                                                          
 
                                                                                                                          You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                          
+
                                                                                                                          View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                          
 
                                                                                                                          1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                          2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                          
+
                                                                                                                          1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                          2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          Viewing a YAML file
                                                                                                                          
 
                                                                                                                          You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                          
+
                                                                                                                          View, copy, or download the YAML file of a PVC or PV.
                                                                                                                          
 
                                                                                                                          1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                          2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                          
+
                                                                                                                          1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                          2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
                                                                                                                           
 
 
                                                                                                                          
-
-
@@ -41,6 +41,11 @@
 
+
+
+
+
+
+
                                                                                                                          Parameter
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Description
                                                                                                                          
@@ -21,18 +21,18 @@
 
                                                                                                                          
 
                                                                                                                          PVC Name
                                                                                                                          
 
                                                                                                                          Enter the PVC name, which must be unique in the same namespace.
                                                                                                                          
+
                                                                                                                          Enter the PVC name, which must be unique in a namespace.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          Creation Method
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          You can create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created.
                                                                                                                          
-
                                                                                                                          In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                                          
+
                                                                                                                          In this example, select Create new to create both a PV and PVC on the console.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          PVa
                                                                                                                          
 
                                                                                                                          Select an existing PV volume in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                                                          
+
                                                                                                                          Select an existing PV in the cluster. For details about how to create a PV, see "Creating a storage volume" in Related Operations.
                                                                                                                          
 
                                                                                                                          You do not need to specify this parameter in this example.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Click Select SFS Turbo. On the displayed page, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Subdirectoryb
                                                                                                                          
+
                                                                                                                          Determine whether to use subdirectories to create PVs. Enter the absolute path of a subdirectory, for example, /a/b. Ensure that the subdirectory is available.
                                                                                                                          
+
                                                                                                                          
 
                                                                                                                          PV Nameb
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Enter the PV name, which must be unique in the same cluster.
                                                                                                                          
@@ -56,6 +61,12 @@
 
                                                                                                                          Only Retain is available. This indicates that the PV is not deleted when the PVC is deleted. For details, see PV Reclaim Policy. 
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Subdirectory Reclaim Policyb
                                                                                                                          
+
                                                                                                                          Determine whether to retain subdirectories when a PVC is deleted. This parameter must be used with PV Reclaim Policy and can be configured when PV Reclaim Policy is set to Delete.
                                                                                                                          
+
                                                                                                                          • Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                          • Delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                          
+
                                                                                                                          
 
                                                                                                                          Mount Optionsb
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                          
@@ -69,34 +80,34 @@
 
 
                                                                                                                        9. Click Create to create a PVC and a PV.
                                                                                                                          You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                          
 
                                                                                                                          10. 
-
                                                                                                                        10. Create an application.
                                                                                                                          1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                          2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                            Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                                            Table 1 Mounting a storage volume
                                                                                                                            Parameter
                                                                                                                            
+
                                                                                                                          3. Create an application.
                                                                                                                            1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                            2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                              Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                              
-
-
-
-
-
-
-
-
-
@@ -109,28 +120,31 @@
 
                                                                                                                              
-
                                                                                                                              (kubectl) Using an Existing SFS File System
                                                                                                                              1. Use kubectl to access the cluster.
                                                                                                                              2. Create a PV.
                                                                                                                                1. Create the pv-sfsturbo.yaml file.
                                                                                                                                  apiVersion: v1
+
                                                                                                                                  Using an Existing SFS File System Through kubectl
                                                                                                                                  1. Use kubectl to access the cluster.
                                                                                                                                  2. Create a PV.
                                                                                                                                    1. Create the pv-sfsturbo.yaml file.
                                                                                                                                      apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-  name: pv-sfsturbo    # PV name.
+    everest.io/reclaim-policy: retain-volume-only    # Used for a subdirectory when the reclaim policy is Delete. This parameter indicates that when a PVC is deleted, the PV will be deleted but the subdirectory associated with the PV will be retained.
+  name: pv-sfsturbo    # PV name
 spec:
   accessModes:
   - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
   capacity:
-    storage: 500Gi       # SFS Turbo volume capacity.
+    storage: 500Gi       # SFS Turbo volume capacity
   csi:
-    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting.
+    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
-    volumeHandle: <your_volume_id>   # SFS Turbo volume ID.
+    volumeHandle: <your_volume_id>   # SFS Turbo volume ID
     volumeAttributes:
-      everest.io/share-export-location: <your_location>   # Shared path of the SFS Turbo volume.
+      everest.io/share-export-location: <your_location>   # Shared path of the SFS Turbo volume
 
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-sfsturbo          # Storage class name of the SFS Turbo file system.
-  mountOptions: []                         # Mount options.
                                                                                                                                      
+      everest.io/share-export-location: /a  # (Optional) This parameter indicates an automatically created subdirectory, which must be an absolute path. 
+      everest.io/volume-as: absolute-path   # (Optional) An SFS Turbo subdirectory is used. 
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy, which can be set to Delete when subdirectories are automatically created
+  storageClassName: csi-sfsturbo          # Storage class name of the SFS Turbo file system
+  mountOptions: []                         # Mount options
                                                                                                                                  
 
 
                                                                                                                              Table 1 Mounting a storage volume
                                                                                                                              Parameter
                                                                                                                              
 
                                                                                                                              Description
                                                                                                                              
+
                                                                                                                              Description
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              PVC
                                                                                                                              
+
                                                                                                                              PVC
                                                                                                                              
 
                                                                                                                              Select an existing SFS Turbo volume.
                                                                                                                              
+
                                                                                                                              Select an existing SFS Turbo volume.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              Mount Path
                                                                                                                              
+
                                                                                                                              Mount Path
                                                                                                                              
 
                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                              
-
                                                                                                                              This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                               NOTICE: 
                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                              
+
                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                              
+
                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                               NOTICE: 
                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              Subpath
                                                                                                                              
+
                                                                                                                              Subpath
                                                                                                                              
 
                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                              
+
                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              Permission
                                                                                                                              
+
                                                                                                                              Permission
                                                                                                                              
 
                                                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                                                              • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                              
+
                                                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                                                              • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
                                                                                                                               
 
 
                                                                                                                              
@@ -145,7 +159,7 @@ spec:
 
-
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                              Table 2 Key parameters
                                                                                                                              Parameter
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              SFS Turbo volume ID.
                                                                                                                              
-
                                                                                                                              How to obtain: Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS Turbo volume. On the details page, copy the content following ID.
                                                                                                                              
+
                                                                                                                              How to obtain: Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS Turbo file system. On the details page, copy the content following ID.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              everest.io/share-export-location
                                                                                                                              
@@ -173,9 +187,33 @@ spec:
                                                                                                                               		
 
                                                                                                                              Yes
                                                                                                                              
 
                                                                                                                              A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                                              
-
                                                                                                                              Only the Retain reclaim policy is supported. For details, see PV Reclaim Policy.
                                                                                                                              
-
                                                                                                                              Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                              
+
                                                                                                                              A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9. For details, see PV Reclaim Policy.
                                                                                                                              
+
                                                                                                                              Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                              
+
                                                                                                                              everest.io/reclaim-policy
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                              
+
                                                                                                                              • retain-volume-only: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                              • delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                 NOTE: 
                                                                                                                                When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                              
+
                                                                                                                              everest.io/volume-as
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                              
+
                                                                                                                              Ensure Everest of v2.3.23 or later has been installed in the cluster.
                                                                                                                              
+
                                                                                                                              everest.io/path
                                                                                                                              
+
                                                                                                                              No
                                                                                                                              
+
                                                                                                                              Subdirectory that is automatically created, which must be an absolute path.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              storage
                                                                                                                              
@@ -211,36 +249,36 @@ spec:
   resources:
     requests:
       storage: 500Gi               # SFS Turbo volume capacity.
-  storageClassName: csi-sfsturbo       # Storage class of the SFS Turbo volume, which must be the same as that of the PV.
-  volumeName: pv-sfsturbo    # PV name.
+  storageClassName: csi-sfsturbo       # Storage class name of the SFS Turbo file system, which must be the same as that of the PV
+  volumeName: pv-sfsturbo    # PV name
 
-
                                                                                                                              Table 3 Key parameters
                                                                                                                              Parameter
                                                                                                                              
+
                                                                                                                              
-
-
-
-
-
-
-
@@ -269,14 +307,14 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-sfsturbo-volume    #Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+        - name: pvc-sfsturbo-volume    # Volume name, which must be the same as the volume name in the volumes field
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-sfsturbo-volume    # Volume name, which can be customized.
+        - name: pvc-sfsturbo-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-sfsturbo    # Name of the created PVC.
+            claimName: pvc-sfsturbo    # Name of the created PVC
                                                                                                                            3. Run the following command to create a workload to which the SFS Turbo volume is mounted:
                                                                                                                              kubectl apply -f web-demo.yaml
                                                                                                                              
 
                                                                                                                              After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                                                              
 
                                                                                                                              4. 
@@ -291,7 +329,7 @@ kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                              If no result is returned for both pods, no file exists in the /data path.
                                                                                                                            4. Run the following command to create a file named static in the /data path:
                                                                                                                              kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                              
-
                                                                                                                            5. Run the following command to view the files in the /data path:
                                                                                                                              kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                              
+
                                                                                                                            6. Run the following command to check the files in the /data path:
                                                                                                                              kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                              
 
                                                                                                                              Expected output:
                                                                                                                              
 
                                                                                                                              static
                                                                                                                              
 
                                                                                                                            7. Verify data persistence.
                                                                                                                              1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                
@@ -305,7 +343,7 @@ web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
 
                                                                                                                              2. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                
 
                                                                                                                                Expected output:
                                                                                                                                
 
                                                                                                                                static
                                                                                                                                
-
                                                                                                                                If the static file still exists, the data can be stored persistently.
                                                                                                                                
+
                                                                                                                                The static file is retained, indicating that the data in the file system can be stored persistently.
                                                                                                                                
 
                                                                                                                              
 
                                                                                                                            8. Verify data sharing.
                                                                                                                              1. Run the following command to view the created pod:
                                                                                                                                kubectl get pod | grep web-demo
                                                                                                                                
 
                                                                                                                                Expected output:
                                                                                                                                web-demo-846b489584-d4d4j   1/1     Running   0             7m
@@ -338,7 +376,9 @@ static
                                                                                                                                
 
 
                                                                                                                              9. 
-
@@ -346,21 +386,21 @@ static
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0626.html b/docs/cce/umn/cce_10_0626.html
index e367e3e8..954b358a 100644
--- a/docs/cce/umn/cce_10_0626.html
+++ b/docs/cce/umn/cce_10_0626.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                              Configuring SFS Turbo Mount Options
                                                                                                                              This section describes how to configure SFS Turbo mount options. For SFS Turbo, you can only set mount options in a PV and bind the PV by creating a PVC.
                                                                                                                              
-
                                                                                                                              Prerequisites
                                                                                                                              The CCE Container Storage (Everest) add-on version must be 1.2.8 or later. This add-on identifies the mount options and transfers them to the underlying storage resources. The parameter settings take effect only if the underlying storage resources support the specified options.
                                                                                                                              
+
                                                                                                                              Prerequisites
                                                                                                                              The CCE Container Storage (Everest) version must be 1.2.8 or later. This add-on identifies the mount options and transfers them to the underlying storage resources. The parameter settings take effect only if the underlying storage resources support the specified options.
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                              Constraints
                                                                                                                              • Mount options cannot be configured for Kata containers.
                                                                                                                              • Due to the restrictions of the NFS protocol, if an SFS volume is mounted to a node for multiple times, link-related mounting parameters (such as timeo) take effect only when the SFS volume is mounted for the first time by default. For example, if the same SFS file system is mounted to multiple pods running on a node, the mounting parameter set later does not overwrite the existing parameter value. If you want to configure different mounting parameters in the preceding scenario, additionally configure the nosharecache parameter.
                                                                                                                              
+
                                                                                                                              Notes and Constraints
                                                                                                                              • Mount options cannot be configured for Kata containers.
                                                                                                                              • Due to the restrictions of the NFS protocol, if an SFS volume is mounted to a node for multiple times, link-related mounting parameters (such as timeo) take effect only when the SFS volume is mounted for the first time by default. For example, if the same SFS file system is mounted to multiple pods running on a node, the mounting parameter set later does not overwrite the existing parameter value. If you want to configure different mounting parameters in the preceding scenario, additionally configure the nosharecache parameter.
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                              SFS Turbo Mount Options
                                                                                                                              The Everest add-on in CCE presets the options described in Table 1 for mounting SFS Turbo volumes.
                                                                                                                              
 
@@ -50,7 +50,7 @@
 
 
                                                                                                                              
-
@@ -61,28 +61,28 @@
 
                                                                                                                              You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                              Configuring Mount Options in a PV
                                                                                                                              You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Turbo Mount Options.
                                                                                                                              
-
                                                                                                                              1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                              2. Configure mount options in a PV. Example:
                                                                                                                                apiVersion: v1
+
                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                2. Configure mount options in a PV. Example:
                                                                                                                                  apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-  name: pv-sfsturbo    # PV name.
+  name: pv-sfsturbo    # PV name
 spec:
   accessModes:
   - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
   capacity:
-    storage: 500Gi       # SFS Turbo volume capacity.
+    storage: 500Gi       # SFS Turbo volume capacity
   csi:
-    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting.
+    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
     volumeHandle: {your_volume_id}   # SFS Turbo volume ID
     volumeAttributes:
-      everest.io/share-export-location: {your_location}   # Shared path of the SFS Turbo volume.
+      everest.io/share-export-location: {your_location}   # Shared path of the SFS Turbo volume
 
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-sfsturbo           # SFS Turbo storage class name.
-  mountOptions:                            # Mount options.
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy
+  storageClassName: csi-sfsturbo           # Storage class name of the SFS Turbo file system
+  mountOptions:                            # Mount options
   - vers=3
   - nolock
   - timeo=600
diff --git a/docs/cce/umn/cce_10_0628.html b/docs/cce/umn/cce_10_0628.html
index 02a8d05d..75084d1e 100644
--- a/docs/cce/umn/cce_10_0628.html
+++ b/docs/cce/umn/cce_10_0628.html
@@ -1,15 +1,47 @@
 
 
 
                                                                                                                                  Overview
                                                                                                                                  
-
                                                                                                                                  Introduction
                                                                                                                                  Object Storage Service (OBS) provides massive, secure, and cost-effective data storage capabilities for you to store data of any type and size. You can use it in enterprise backup/archiving, video on demand (VoD), video surveillance, and many other scenarios.
                                                                                                                                  
-
                                                                                                                                  • Standard APIs: With HTTP RESTful APIs, OBS allows you to use client tools or third-party tools to access object storage.
                                                                                                                                  • Data sharing: Servers, embedded devices, and IoT devices can use the same path to access shared object data in OBS.
                                                                                                                                  • Public/Private networks: OBS allows data to be accessed from public networks to meet Internet application requirements.
                                                                                                                                  • Capacity and performance: No capacity limit; high performance (read/write I/O latency within 10 ms).
                                                                                                                                  • Use cases: Deployments/StatefulSets in the ReadOnlyMany mode and jobs created for big data analysis, static website hosting, online VOD, gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks). You can create object storage by using the OBS console, tools, and SDKs.
                                                                                                                                  
+
                                                                                                                                  Introduction
                                                                                                                                  Object Storage Service (OBS) provides massive, secure, and cost-effective data storage for you to store data of any type and size. You can use it in enterprise backup/archiving, video on demand (VoD), video surveillance, and many other scenarios.
                                                                                                                                  
+
                                                                                                                                  • Standard APIs: With HTTP RESTful APIs, OBS allows you to use client tools or third-party tools to access object storage.
                                                                                                                                  • Data sharing: Servers, embedded devices, and IoT devices can use the same path to access shared object data in OBS.
                                                                                                                                  • Public/Private networks: OBS allows data to be accessed from public networks to meet Internet application requirements.
                                                                                                                                  • Capacity and performance: No capacity limit; high performance (I/O latency within 10 ms).
                                                                                                                                  • Use cases: Deployments/StatefulSets in the ReadOnlyMany mode and jobs created for big data analysis, static website hosting, online VOD, gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks). You can create object storage by using the OBS console, tools, and SDKs.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  OBS Specifications
                                                                                                                                  OBS provides multiple storage classes to meet customers' requirements on storage performance and costs.
                                                                                                                                  
-
                                                                                                                                  • Parallel File System (PFS, recommended): It is an optimized high-performance file system provided by OBS. It provides millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS, and can quickly process HPC workloads. PFS outperforms OBS buckets.  
                                                                                                                                  • Object bucket (not recommended):
                                                                                                                                    • Standard: features low latency and high throughput. It is therefore good for storing frequently (multiple times per month) accessed files or small files (less than 1 MB). Its application scenarios include big data analytics, mobile apps, hot videos, and social apps.
                                                                                                                                    • OBS Infrequent Access: applicable to storing semi-frequently accessed (less than 12 times a year) data requiring quick response. Its application scenarios include file synchronization or sharing, and enterprise-level backup. This storage class has the same durability, low latency, and high throughput as the Standard storage class, with a lower cost, but its availability is slightly lower than the Standard storage class.
                                                                                                                                    
+
                                                                                                                                    • Parallel File System (PFS): an optimized high-performance file system provided by OBS for speedy processing of HPC workloads. PFS boasts millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS, making it a reliable choice for those seeking top-notch performance. PFS outperforms OBS buckets. 
                                                                                                                                    • Object bucket
                                                                                                                                      • Standard: features low latency and high throughput. It is therefore good for storing frequently (multiple times per month) accessed files or small files (less than 1 MB). Its application scenarios include big data analytics, mobile apps, hot videos, and social apps.
                                                                                                                                      • OBS Infrequent Access: applicable to storing semi-frequently accessed (less than 12 times a year) data requiring quick response. Its application scenarios include file synchronization or sharing, and enterprise-level backup. This storage class has the same durability, low latency, and high throughput as the Standard storage class, with a lower cost, but its availability is slightly lower than the Standard storage class.
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                  
+
                                                                                                                                  Performance
                                                                                                                                  Every time an OBS volume is mounted to a container workload, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. The amount of memory required in these scenarios is listed Table 1. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                                  
+
+
                                                                                                                              Table 3 Key parameters
                                                                                                                              Parameter
                                                                                                                              
 
                                                                                                                              Mandatory
                                                                                                                              
+
                                                                                                                              Mandatory
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              Description
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              storage
                                                                                                                              
+
                                                                                                                              storage
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
+
                                                                                                                              Yes
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              Requested capacity in the PVC, in Gi.
                                                                                                                              
 
                                                                                                                              The value must be the same as the storage size of the existing PV.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              storageClassName
                                                                                                                              
+
                                                                                                                              storageClassName
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
+
                                                                                                                              Yes
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                              
 
                                                                                                                              The storage class name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              volumeName
                                                                                                                              
+
                                                                                                                              volumeName
                                                                                                                              
 
                                                                                                                              Yes
                                                                                                                              
+
                                                                                                                              Yes
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              PV name, which must be the same as the PV name in 1.
                                                                                                                              
                                                                                                                               		
 
 
 
 
                                                                                                                              Create a PV on the CCE console.
                                                                                                                              
 
                                                                                                                              1. Choose Storage in the navigation pane and click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                                • Volume Type: Select SFS Turbo.
                                                                                                                                • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo volume that meets the requirements and click OK.
                                                                                                                                • PV Name: Enter the PV name, which must be unique in the same cluster.
                                                                                                                                • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                • Reclaim Policy: Only Retain is supported. For details, see PV Reclaim Policy. 
                                                                                                                                • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                
+
                                                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                                • Volume Type: Select SFS Turbo.
                                                                                                                                • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                • Subdirectory: Determine whether to use subdirectories to create PVs. Enter the absolute path of a subdirectory, for example, /a/b. Ensure that the subdirectory is available.
                                                                                                                                • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                                • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                • Reclaim Policy: Only Retain is supported if you do not use subdirectories to create PVs. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                                                • Subdirectory Reclaim Policy: Determine whether to retain subdirectories when a PVC is deleted. This parameter must be used with PV Reclaim Policy and can be configured when PV Reclaim Policy is set to Delete.
                                                                                                                                  Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                  
+
                                                                                                                                  Delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                  
+
                                                                                                                                • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                
 
                                                                                                                              2. Click Create.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
 
                                                                                                                              Quickly expand the capacity of a mounted SFS Turbo volume on the CCE console.
                                                                                                                              
 
                                                                                                                              1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                              2. Enter the capacity to be added and click OK.
                                                                                                                              
+
                                                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                              2. Enter the capacity to be added and click OK.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              Viewing events
                                                                                                                              
 
                                                                                                                              You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                              
+
                                                                                                                              View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                              
 
                                                                                                                              1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                              2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                              
+
                                                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                              2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
 
                                                                                                                              Viewing a YAML file
                                                                                                                              
 
                                                                                                                              You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                              
+
                                                                                                                              View, copy, or download the YAML file of a PVC or PV.
                                                                                                                              
 
                                                                                                                              1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                              2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                              
+
                                                                                                                              1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                              2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                              
                                                                                                                               		
 
                                                                                                                              
                                                                                                                               
 
                                                                                                                              Blank
                                                                                                                              
 
                                                                                                                              How the data cache and attribute cache are shared when one file system is concurrently mounted to different clients. If this parameter is set to sharecache, the caches are shared. If this parameter is set to nosharecache, the caches are not shared, and one cache is configured for each client mounting. The default value is sharecache.
                                                                                                                              
+
                                                                                                                              How the data cache and attribute cache are shared when one file system is concurrently mounted to different clients. If this parameter is set to sharecache, the caches are shared between the mountings. If this parameter is set to nosharecache, the caches are not shared, and one cache is configured for each client mounting. The default value is sharecache.
                                                                                                                              
 
                                                                                                                               NOTE: 
                                                                                                                              The nosharecache setting will affect the performance. The mounting information must be obtained for each mounting, which increases the communication overhead with the NFS server and the memory consumption of the NFS clients. In addition, the nosharecache setting on the NFS clients may lead to inconsistent caches. Determine whether to use nosharecache based on site requirements.
                                                                                                                              
 
                                                                                                                              
                                                                                                                               		
 
 
                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                              Table 1 Memory required by a single object storage resident process
                                                                                                                              Test Item
                                                                                                                              
+
                                                                                                                              Memory Usage
                                                                                                                              
+
                                                                                                                              Long-term stable running
                                                                                                                              
+
                                                                                                                              About 50 MiB
                                                                                                                              
+
                                                                                                                              Concurrent write to a 10 MB file from two processes
                                                                                                                              
+
                                                                                                                              About 110 MiB
                                                                                                                              
+
                                                                                                                              Concurrent write to a 10 MB file from four processes
                                                                                                                              
+
                                                                                                                              About 220 MiB
                                                                                                                              
+
                                                                                                                              Write to a 100 GB file from a single process
                                                                                                                              
+
                                                                                                                              About 300 MiB
                                                                                                                              
+
                                                                                                                              
+
                                                                                                                              
+
 
                                                                                                                              Application Scenarios
                                                                                                                              OBS supports the following mounting modes based on application scenarios:
                                                                                                                              
-
                                                                                                                              • Using an Existing OBS Bucket Through a Static PV: static creation mode, where you use an existing OBS volume to create a PV and then mount storage to the workload through a PVC. This mode applies to scenarios where the underlying storage is available.
                                                                                                                              • Using an OBS Bucket Through a Dynamic PV: dynamic creation mode, where you do not need to create OBS volumes in advance. Instead, specify a StorageClass during PVC creation and an OBS volume and a PV will be automatically created. This mode applies to scenarios where no underlying storage is available.
                                                                                                                              
+
                                                                                                                              • Using an Existing OBS Bucket Through a Static PV: static creation mode, where you use an existing OBS volume to create a PV and then mount storage to the workload through a PVC. This mode applies if the underlying storage is available.
                                                                                                                              • Using an OBS Bucket Through a Dynamic PV: dynamic creation mode, in which you do not need to create OBS volumes beforehand. Instead, specify a StorageClass when creating a PVC. Then, an OBS volume and PV will be created automatically. This mode applies to scenarios where no underlying storage is available.
                                                                                                                              
 
                                                                                                                              
 
 
                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0630.html b/docs/cce/umn/cce_10_0630.html
index 42591855..9226dd51 100644
--- a/docs/cce/umn/cce_10_0630.html
+++ b/docs/cce/umn/cce_10_0630.html
@@ -2,14 +2,10 @@
 
 
                                                                                                                              Using an OBS Bucket Through a Dynamic PV
                                                                                                                              
 
                                                                                                                              This section describes how to automatically create an OBS bucket. It is applicable when no underlying storage volume is available.
                                                                                                                              
-
                                                                                                                              Constraints
                                                                                                                              • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                              • CCE allows parallel file systems to be mounted using OBS SDKs or PVCs. If PVC mounting is used, the obsfs tool provided by OBS must be used. An obsfs resident process is generated each time an object storage volume generated from the parallel file system is mounted to a node, as shown in the following figure.
                                                                                                                                Figure 1 obsfs resident process
                                                                                                                                
-
                                                                                                                                Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, an obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                                                
-
                                                                                                                                 
                                                                                                                                • An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to a parallel file system, the node will be unavailable. Control the number of pods mounted to a parallel file system on a single node.
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                              • Kata containers do not support OBS volumes.
                                                                                                                              
+
                                                                                                                              Notes and Constraints
                                                                                                                              • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                              • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                              • Kata containers do not support OBS volumes.
                                                                                                                              • Hard links are not supported when common buckets are mounted.
                                                                                                                              
 
                                                                                                                              • OBS allows a single user to create a maximum of 100 buckets. If a large number of dynamic PVCs are created, the number of buckets may exceed the upper limit, and no more OBS buckets can be created. In this case, use OBS by calling its API or SDK and do not mount OBS buckets to workloads.
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                              Automatically Creating an OBS Volume on the Console
                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                              2. Dynamically create a PVC and PV.
                                                                                                                                1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                  Automatically Creating an OBS Volume on the Console
                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                  2. Dynamically create a PVC and PV.
                                                                                                                                    1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                                      
-
-
-
+
+
+
-
@@ -65,7 +68,7 @@
 
                                                                                                                                    2. Click Create to create a PVC and a PV.
                                                                                                                                      You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                                      
 
                                                                                                                                      3. 
-
                                                                                                                                    3. Create an application.
                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                      3. Create an application.
                                                                                                                                        1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                                        2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                          Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
 
                                                                                                                                      4. Parameter
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Description
                                                                                                                                      
@@ -23,18 +19,25 @@
 
                                                                                                                                      
 
                                                                                                                                      PVC Name
                                                                                                                                      
 
                                                                                                                                      Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                      
+
                                                                                                                                      Enter the PVC name, which must be unique in a namespace.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Creation Method
                                                                                                                                      
 
                                                                                                                                      • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                      • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                      
+
                                                                                                                                      • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                      • If underlying storage is available, create a PV or use an existing PV to statically create a PVC. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                      
 
                                                                                                                                      In this example, select Dynamically provision.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Storage Classes
                                                                                                                                      
 
                                                                                                                                      The storage class of OBS volumes is csi-obs.
                                                                                                                                      
+
                                                                                                                                      StorageClass name, which is csi-obs for an OBS volume.
                                                                                                                                      
+
                                                                                                                                      (Optional) Storage Volume Name Prefix
                                                                                                                                      
+
                                                                                                                                      Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                      
+
                                                                                                                                      This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                      
+
                                                                                                                                      For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Instance Type
                                                                                                                                      
@@ -55,7 +58,7 @@
 
                                                                                                                                      
 
                                                                                                                                      Access Key (AK/SK)
                                                                                                                                      
 
                                                                                                                                      Custom: Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                      
+
                                                                                                                                      Custom (Recommended): Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                      
 
                                                                                                                                      Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                                                      • Name: Enter a secret name.
                                                                                                                                      • Namespace: Select the namespace where the secret is.
                                                                                                                                      • Access Key (AK/SK): Upload a key file in .csv format. For details, see Obtaining an Access Key.
                                                                                                                                      
 
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
-
@@ -92,7 +95,7 @@
 
-
@@ -105,24 +108,25 @@
 
                                                                                                                                      
-
                                                                                                                                      (kubectl) Automatically Creating an OBS Volume
                                                                                                                                      1. Use kubectl to connect to the cluster.
                                                                                                                                      2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                        1. Create the pvc-obs-auto.yaml file.
                                                                                                                                          apiVersion: v1
+
                                                                                                                                          Automatically Creating an OBS Volume Through kubectl
                                                                                                                                          1. Use kubectl to access the cluster.
                                                                                                                                          2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                            1. Create the pvc-obs-auto.yaml file.
                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-obs-auto
   namespace: default
   annotations:
-    everest.io/obs-volume-type: STANDARD    # Object storage type.
-    csi.storage.k8s.io/fstype: obsfs        # Instance type.
-    csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>       # Custom secret name.
-    csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>    # Namespace of the custom secret.
+    everest.io/obs-volume-type: STANDARD    # OBS
+    csi.storage.k8s.io/fstype: obsfs        # Instance type
+    csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>       # Custom secret name
+    csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>    # Namespace of the custom secret
 
+    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
 spec:
   accessModes:
-    - ReadWriteMany             # The value must be ReadWriteMany for object storage.
+    - ReadWriteMany             # The value must be ReadWriteMany for OBS.
   resources:
     requests:
-      storage: 1Gi               # OBS volume capacity.
-  storageClassName: csi-obs    # The storage class type is OBS.
                                                                                                                                              
+      storage: 1Gi               # OBS volume capacity
+  storageClassName: csi-obs    # StorageClass is OBS.
                                                                                                                                          
 
 
                                                                                                                                      Table 1 Mounting a storage volume
                                                                                                                                      Parameter
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Description
                                                                                                                                      
@@ -74,13 +77,13 @@
 
                                                                                                                                      
 
                                                                                                                                      PVC
                                                                                                                                      
 
                                                                                                                                      Select an existing object storage volume.
                                                                                                                                      
+
                                                                                                                                      Select an existing OBS volume.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Mount Path
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                                      
-
                                                                                                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                       NOTICE: 
                                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                      
+
                                                                                                                                      This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                       NOTICE: 
                                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      Permission
                                                                                                                                      
 
                                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                      • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                      
+
                                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                      • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
                                                                                                                                       
 
 
                                                                                                                                      
@@ -145,7 +149,7 @@ spec:
 
+
+
+
+
-
@@ -202,14 +216,14 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-obs-volume    #Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  # Location where the storage volume is mounted.
+        - name: pvc-obs-volume    # Volume name, which must be the same as the volume name in the volumes field
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-obs-volume    # Volume name, which can be customized.
+        - name: pvc-obs-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-obs-auto    # Name of the created PVC.
+            claimName: pvc-obs-auto    # Name of the created PVC
                                                                                                                                    4. Run the following command to create a workload to which the OBS volume is mounted:
                                                                                                                                      kubectl apply -f web-demo.yaml
                                                                                                                                      
 
                                                                                                                                      After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                                                                      
 
                                                                                                                                      5. 
@@ -224,7 +238,7 @@ kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                      If no result is returned for both pods, no file exists in the /data path.
                                                                                                                                    5. Run the following command to create a file named static in the /data path:
                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                                      
-
                                                                                                                                    6. Run the following command to view the files in the /data path:
                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                      
+
                                                                                                                                    7. Run the following command to check the files in the /data path:
                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                      
 
                                                                                                                                      Expected output:
                                                                                                                                      
 
                                                                                                                                      static
                                                                                                                                      
 
                                                                                                                                    8. Verify data persistence.
                                                                                                                                      1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                        kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                        
@@ -238,7 +252,7 @@ web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
 
                                                                                                                                      2. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                        
 
                                                                                                                                        Expected output:
                                                                                                                                        
 
                                                                                                                                        static
                                                                                                                                        
-
                                                                                                                                        If the static file still exists, the data can be stored persistently.
                                                                                                                                        
+
                                                                                                                                        The static file is retained, indicating that the data in the file system can be stored persistently.
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                    9. Verify data sharing.
                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                        
 
                                                                                                                                        Expected output:
                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             7m
@@ -271,23 +285,23 @@ static
                                                                                                                                        
 
 
                                                                                                                                      10. 
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0631.html b/docs/cce/umn/cce_10_0631.html
index c9ab79e0..f2671080 100644
--- a/docs/cce/umn/cce_10_0631.html
+++ b/docs/cce/umn/cce_10_0631.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                      Configuring OBS Mount Options
                                                                                                                                      This section describes how to configure OBS volume mount options. You can configure mount options in a PV and bind the PV to a PVC. Alternatively, configure mount options in a StorageClass and use the StorageClass to create a PVC. In this way, PVs can be dynamically created and inherit mount options configured in the StorageClass by default.
                                                                                                                                      
-
                                                                                                                                      Prerequisites
                                                                                                                                      The CCE Container Storage (Everest) add-on version must be 1.2.8 or later. This add-on identifies the mount options and transfers them to the underlying storage resources. The parameter settings take effect only if the underlying storage resources support the specified options.
                                                                                                                                      
+
                                                                                                                                      Prerequisites
                                                                                                                                      The CCE Container Storage (Everest) version must be 1.2.8 or later. This add-on identifies the mount options and transfers them to the underlying storage resources. The parameter settings take effect only if the underlying storage resources support the specified options.
                                                                                                                                      
 
                                                                                                                                      
-
                                                                                                                                      Constraints
                                                                                                                                      Mount options cannot be configured for Kata containers.
                                                                                                                                      
+
                                                                                                                                      Notes and Constraints
                                                                                                                                      Mount options cannot be configured for Kata containers.
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      OBS Mount Options
                                                                                                                                      When mounting an OBS volume, the Everest add-on presets the options described in Table 1 and Table 2 by default. The options in Table 1 are mandatory. 
                                                                                                                                      
 
@@ -108,7 +108,7 @@
 
 
                                                                                                                                      
-
                                                                                                                                      Table 2 Key parameters
                                                                                                                                      Parameter
                                                                                                                                      
 
                                                                                                                                      Yes
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Instance type. The value can be obsfs or s3fs.
                                                                                                                                      
-
                                                                                                                                      • obsfs: Parallel file system, which is mounted using obsfs (recommended).
                                                                                                                                      • s3fs: Object bucket, which is mounted using s3fs.
                                                                                                                                      
+
                                                                                                                                      • obsfs: a parallel file system
                                                                                                                                      • s3fs: object bucket
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      csi.storage.k8s.io/node-publish-secret-name
                                                                                                                                      
@@ -163,6 +167,16 @@ spec:
 
                                                                                                                                      Namespace of a custom secret.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      everest.io/csi.volume-name-prefix
                                                                                                                                      
+
                                                                                                                                      No
                                                                                                                                      
+
                                                                                                                                      (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                      
+
                                                                                                                                      This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                      
+
                                                                                                                                      Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                      
+
                                                                                                                                      For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                      
+
                                                                                                                                      
 
                                                                                                                                      storage
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Yes
                                                                                                                                      
@@ -175,7 +189,7 @@ spec:
                                                                                                                                       		
 
                                                                                                                                      Yes
                                                                                                                                      
 
                                                                                                                                      Storage class name. The storage class name of OBS volumes is csi-obs.
                                                                                                                                      
+
                                                                                                                                      StorageClass name, which is csi-obs for an OBS volume.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
 
 
 
 
                                                                                                                                      Update the access key of object storage on the CCE console.
                                                                                                                                      
 
                                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Update Access Key.
                                                                                                                                      2. Upload a key file in .csv format. For details, see Obtaining an Access Key. Click OK.
                                                                                                                                         NOTE: 
                                                                                                                                        After a global access key is updated, all pods mounted with the object storage that uses this access key can be accessed only after being restarted.
                                                                                                                                        
+
                                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Update Access Key.
                                                                                                                                      2. Upload a key file in .csv format. For details, see Obtaining an Access Key. Click OK.
                                                                                                                                         NOTE: 
                                                                                                                                        After a global access key is updated, all pods mounted with the object storage that uses this access key can be accessed only after being restarted.
                                                                                                                                        
 
                                                                                                                                        
 
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Viewing events
                                                                                                                                      
 
                                                                                                                                      You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                      
+
                                                                                                                                      View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                      
 
                                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                                      2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                      
+
                                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                      2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Viewing a YAML file
                                                                                                                                      
 
                                                                                                                                      You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                      
+
                                                                                                                                      View, copy, or download the YAML file of a PVC or PV.
                                                                                                                                      
 
                                                                                                                                      1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                                      2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                      
+
                                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                      2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
 
                                                                                                                                      umask
                                                                                                                                      
 
                                                                                                                                      A three-digit octal number
                                                                                                                                      
+
                                                                                                                                      0
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Mask of the configuration file permission.
                                                                                                                                      
 
                                                                                                                                      For example, if the umask value is 022, the directory permission (the maximum permission is 777) is 755 (777 - 022 = 755, rwxr-xr-x).
                                                                                                                                      
@@ -119,33 +119,33 @@
 
 
 
                                                                                                                                      Configuring Mount Options in a PV
                                                                                                                                      You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                                      
-
                                                                                                                                      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                      2. Configure mount options in a PV. Example:
                                                                                                                                        apiVersion: v1
+
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Configure mount options in a PV. Example:
                                                                                                                                          apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
-  name: pv-obs       # PV name.
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The underlying volume is retained when the PV is deleted.
+  name: pv-obs       # PV name
 spec:
   accessModes:
   - ReadWriteMany    # Access mode. The value must be ReadWriteMany for OBS.
   capacity:
-    storage: 1Gi     # OBS volume capacity.
+    storage: 1Gi     # OBS volume capacity
   csi:
-    driver: obs.csi.everest.io        # Dependent storage driver for the mounting.
-    fsType: obsfs                     # Instance type.
-    volumeHandle: <your_volume_id>    # Name of the OBS volume.
+    driver: obs.csi.everest.io        # Dependent storage driver for the mounting
+    fsType: obsfs                     # Instance type
+    volumeHandle: <your_volume_id>    # Name of the OBS volume
     volumeAttributes:
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
       everest.io/obs-volume-type: STANDARD
-      everest.io/region: <your_region>                        # Region where the OBS volume is.
+      everest.io/region: <your_region>                        # Region where the OBS volume is
 
-    nodePublishSecretRef:            # Custom secret of the OBS volume.
-      name: <your_secret_name>       # Custom secret name.
-      namespace: <your_namespace>    # Namespace of the custom secret.
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-obs               # Storage class name.
-  mountOptions:                            # Mount options.
+    nodePublishSecretRef:            # Custom secret of the OBS volume
+      name: <your_secret_name>       # Custom secret name
+      namespace: <your_namespace>    # Namespace of the custom secret
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy
+  storageClassName: csi-obs               # Storage class name
+  mountOptions:                            # Mount options
   - umask=027
                                                                                                                                          
 
                                                                                                                                        3. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                        4. Check whether the mount options take effect.
                                                                                                                                          In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can log in to the node where the pod to which the OBS volume is mounted resides and view the progress details.
                                                                                                                                          
 
                                                                                                                                          Run the following command:
                                                                                                                                          • Object bucket: ps -ef | grep s3fs
                                                                                                                                            root     22142     1  0 Jun03 ?        00:00:00 /usr/bin/s3fs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o nonempty -o big_writes -o sigv2 -o allow_other -o no_check_certificate -o ssl_verify_hostname=0 -o umask=027 -o max_write=131072 -o multipart_size=20
                                                                                                                                            
@@ -155,7 +155,7 @@ spec:
 
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                      Configuring Mount Options in a StorageClass
                                                                                                                                      You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                                      
-
                                                                                                                                      1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                      2. Create a customized StorageClass. Example:
                                                                                                                                        kind: StorageClass
+
                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                        2. Create a customized StorageClass. Example:
                                                                                                                                          kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: csi-obs-mount-option
@@ -166,8 +166,8 @@ parameters:
   everest.io/obs-volume-type: STANDARD
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
-mountOptions:                            # Mount options.
-- umask=0027
                                                                                                                                          
+mountOptions:                            # Mount options
+- umask=027
                                                                                                                                        
 
                                                                                                                                      3. After the StorageClass is configured, you can use it to create a PVC. By default, the dynamically created PVs inherit the mount options configured in the StorageClass. For details, see Using an OBS Bucket Through a Dynamic PV.
                                                                                                                                      4. Check whether the mount options take effect.
                                                                                                                                        In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can log in to the node where the pod to which the OBS volume is mounted resides and view the progress details.
                                                                                                                                        
 
                                                                                                                                        Run the following command:
                                                                                                                                        • Object bucket: ps -ef | grep s3fs
                                                                                                                                          root     22142     1  0 Jun03 ?        00:00:00 /usr/bin/s3fs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o nonempty -o big_writes -o sigv2 -o allow_other -o no_check_certificate -o ssl_verify_hostname=0 -o umask=027 -o max_write=131072 -o multipart_size=20
                                                                                                                                          
 
                                                                                                                                        • Parallel file system: ps -ef | grep obsfs
                                                                                                                                          root      1355     1  0 Jun03 ?        00:03:16 /usr/bin/obsfs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o allow_other -o nonempty -o big_writes -o use_ino -o no_check_certificate -o ssl_verify_hostname=0 -o max_background=100 -o umask=027 -o max_write=131072
                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0633.html b/docs/cce/umn/cce_10_0633.html
index b0fcb2b0..5c280d7f 100644
--- a/docs/cce/umn/cce_10_0633.html
+++ b/docs/cce/umn/cce_10_0633.html
@@ -4,17 +4,17 @@
 
                                                                                                                                          Introduction
                                                                                                                                          CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. A PV that uses a local persistent volume as the medium is considered local PV.
                                                                                                                                          
 
                                                                                                                                          Compared with the HostPath volume, the local PV can be used in a persistent and portable manner. In addition, the PV of the local PV has the node affinity configuration. The pod mounted to the local PV is automatically scheduled based on the affinity configuration. You do not need to manually schedule the pod to a specific node.
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Mounting Modes
                                                                                                                                          Local PVs can be mounted only in the following modes:
                                                                                                                                          
-
                                                                                                                                          • Using a Local PV Through a Dynamic PV: dynamic creation mode, where you specify a StorageClass during PVC creation and an OBS volume and a PV will be automatically created.
                                                                                                                                          • Dynamically Mounting a Local PV to a StatefulSet: Only StatefulSets support this mode. Each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                                                          
+
                                                                                                                                          Mount Modes
                                                                                                                                          Local PVs can be mounted only in the following modes:
                                                                                                                                          
+
                                                                                                                                          • Using a Local PV Through a Dynamic PV: dynamic creation mode, in which you specify a StorageClass when creating a PVC. Then, an OBS volume and PV will be created automatically.
                                                                                                                                          • Dynamically Mounting a Local PV to a StatefulSet: available only for StatefulSets. In this mode, each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                                                          
 
                                                                                                                                           
                                                                                                                                          Local PVs cannot be used through static PVs. That is, local PVs cannot be manually created and then mounted to workloads through PVCs.
                                                                                                                                          
 
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Constraints
                                                                                                                                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                          • Deleting, removing, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. For details, see Removing a Node, Deleting a Node, Resetting a Node, and Scaling a Node. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                          • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                          • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                                          
+
                                                                                                                                          Notes and Constraints
                                                                                                                                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                          • Deleting, removing, resetting, or scaling a node will cause the loss of the PVC/PV data of the local PV associated with the node. The lost data cannot be restored, and the affected PVC/PV cannot be used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                          • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                          • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                                          
 
                                                                                                                                          
 
                                                                                                                                          
 
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Parent topic: Local Persistent Volumes
                                                                                                                                          
+
                                                                                                                                          Parent topic: Local PVs
                                                                                                                                          
 
                                                                                                                                          
 
                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0634.html b/docs/cce/umn/cce_10_0634.html
index 51360e09..49cc7112 100644
--- a/docs/cce/umn/cce_10_0634.html
+++ b/docs/cce/umn/cce_10_0634.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                          Using a Local PV Through a Dynamic PV
                                                                                                                                          
-
                                                                                                                                          Prerequisites
                                                                                                                                          
+
                                                                                                                                          Prerequisites
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Constraints
                                                                                                                                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                          • Deleting, removing, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. For details, see Removing a Node, Deleting a Node, Resetting a Node, and Scaling a Node. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                          • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                          • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                                          
+
                                                                                                                                          Notes and Constraints
                                                                                                                                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                          • Deleting, removing, resetting, or scaling a node will cause the loss of the PVC/PV data of the local PV associated with the node. The lost data cannot be restored, and the affected PVC/PV cannot be used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                          • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                          • Local PVs are in non-shared mode and cannot be mounted to multiple workloads or tasks concurrently. Additionally, local PVs cannot be mounted to multiple pods of a workload concurrently.
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Automatically Creating a Local PV on the Console
                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                          2. Dynamically create a PVC and PV.
                                                                                                                                            1. Choose Storage in the navigation pane and click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                              Automatically Creating a Local PV on the Console
                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                              2. Dynamically create a PVC and PV.
                                                                                                                                                1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
 
                                                                                                                                                  
-
+
+
+
+
+
+
-
-
-
-
                                                                                                                                                  Parameter
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  Description
                                                                                                                                                  
@@ -19,7 +19,7 @@
 
                                                                                                                                                  
 
                                                                                                                                                  PVC Name
                                                                                                                                                  
 
                                                                                                                                                  Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                  
+
                                                                                                                                                  Enter the PVC name, which must be unique in a namespace.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  
 
                                                                                                                                                  Creation Method
                                                                                                                                                  
@@ -32,9 +32,21 @@
 
                                                                                                                                                  The storage class of local PVs is csi-local-topology.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  (Optional) Storage Volume Name Prefix
                                                                                                                                                  
+
                                                                                                                                                  Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                  
+
                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                  
+
                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                  
+
                                                                                                                                                  Capacity (GiB)
                                                                                                                                                  
+
                                                                                                                                                  Capacity of the requested storage volume.
                                                                                                                                                  
+
                                                                                                                                                  
 
                                                                                                                                                  Access Mode
                                                                                                                                                  
 
                                                                                                                                                  Local PVs support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                  
+
                                                                                                                                                  Local PVs support only ReadWriteOnce, indicating that a PV can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  
 
                                                                                                                                                  Storage Pool
                                                                                                                                                  
@@ -42,11 +54,6 @@
 
                                                                                                                                                  View the imported storage pool. For details about how to import a new data volume to the storage pool, see Importing a PV to a Storage Pool.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  Capacity (GiB)
                                                                                                                                                  
-
                                                                                                                                                  Capacity of the requested storage volume.
                                                                                                                                                  
-
                                                                                                                                                  
 
 
                                                                                                                                                  
 
                                                                                                                                                  
@@ -54,35 +61,35 @@
 
                                                                                                                                                   
                                                                                                                                                  The volume binding mode of the local storage class (named csi-local-topology) is late binding (that is, the value of volumeBindingMode is WaitForFirstConsumer). In this mode, PV creation and binding are delayed. The corresponding PV is created and bound only when the PVC is used during workload creation.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                
-
                                                                                                                                              3. Create an application.
                                                                                                                                                1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
-
                                                                                                                                                  Table 1 Mounting a storage volume
                                                                                                                                                  Parameter
                                                                                                                                                  
+
                                                                                                                                                3. Create an application.
                                                                                                                                                  1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                                                  2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                    Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                    
-
-
-
-
-
-
-
-
-
@@ -95,39 +102,51 @@
 
                                                                                                                                                    
-
                                                                                                                                                    (kubectl) Automatically Creating a Local PV
                                                                                                                                                    1. Use kubectl to access the cluster.
                                                                                                                                                    2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                                      1. Create the pvc-local.yaml file.
                                                                                                                                                        apiVersion: v1
+
                                                                                                                                                        Automatically Creating a Local PV Through kubectl
                                                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                                                        2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                                          1. Create the pvc-local.yaml file.
                                                                                                                                                            apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-local
   namespace: default
+  annotations:
+    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
 spec:
   accessModes:
     - ReadWriteOnce             # The value must be ReadWriteOnce for local PVs.
   resources:
     requests:
-      storage: 10Gi             # Size of the local PV.
+      storage: 10Gi             # Local PV capacity
   storageClassName: csi-local-topology    # StorageClass is local PV.
                                                                                                                                                            
 
-
                                                                                                                                                    Table 1 Mounting a storage volume
                                                                                                                                                    Parameter
                                                                                                                                                    
 
                                                                                                                                                    Description
                                                                                                                                                    
+
                                                                                                                                                    Description
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    PVC
                                                                                                                                                    
+
                                                                                                                                                    PVC
                                                                                                                                                    
 
                                                                                                                                                    Select an existing local PV.
                                                                                                                                                    
-
                                                                                                                                                    A local PV cannot be repeatedly mounted to multiple workloads.
                                                                                                                                                    
+
                                                                                                                                                    Select an existing local PV.
                                                                                                                                                    
+
                                                                                                                                                    A local PV can be mounted to only one workload.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Mount Path
                                                                                                                                                    
+
                                                                                                                                                    Mount Path
                                                                                                                                                    
 
                                                                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                                                                    
-
                                                                                                                                                    This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                     NOTICE: 
                                                                                                                                                    If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                    
+
                                                                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                                                                    
+
                                                                                                                                                    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                     NOTICE: 
                                                                                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Subpath
                                                                                                                                                    
+
                                                                                                                                                    Subpath
                                                                                                                                                    
 
                                                                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                    
+
                                                                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Permission
                                                                                                                                                    
+
                                                                                                                                                    Permission
                                                                                                                                                    
 
                                                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                    • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                    
+
                                                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
                                                                                                                                                     
 
 
                                                                                                                                                    
@@ -73,7 +80,7 @@
 
-
@@ -84,7 +91,7 @@
 
                                                                                                                                                  3. Dynamically mount and use storage volumes. For details about other parameters, see Creating a StatefulSet. After the configuration, click Create Workload.
                                                                                                                                                    After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                    
 
                                                                                                                                                    4. 
-
                                                                                                                                                    Dynamically Mounting a Local PV Using kubectl
                                                                                                                                                    1. Use kubectl to access the cluster.
                                                                                                                                                    2. Create a file named statefulset-local.yaml. In this example, the local PV is mounted to the /data path.
                                                                                                                                                      apiVersion: apps/v1
+
                                                                                                                                                      Dynamically Mounting a Local PV Through kubectl
                                                                                                                                                      1. Use kubectl to access the cluster.
                                                                                                                                                      2. Create a file named statefulset-local.yaml. In this example, the local PV is mounted to the /data path.
                                                                                                                                                        apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: statefulset-local
@@ -103,10 +110,10 @@ spec:
           image: nginx:latest
           volumeMounts:
             - name: pvc-local          # The value must be the same as that in the volumeClaimTemplates field.
-              mountPath: /data         # Location where the storage volume is mounted.
+              mountPath: /data         # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
-  serviceName: statefulset-local       # Headless Service name.
+  serviceName: statefulset-local       # Headless Service name
   replicas: 2
   volumeClaimTemplates:
     - apiVersion: v1
@@ -114,18 +121,20 @@ spec:
       metadata:
         name: pvc-local
         namespace: default
+        annotations:
+          everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
       spec:
         accessModes:
           - ReadWriteOnce               # The value must be ReadWriteOnce for local PVs.
         resources:
           requests:
-            storage: 10Gi               # Storage volume capacity.
+            storage: 10Gi               # Storage volume capacity
         storageClassName: csi-local-topology      # StorageClass is local PV.
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: statefulset-local   # Headless Service name.
+  name: statefulset-local   # Headless Service name
   namespace: default
   labels:
     app: statefulset-local
@@ -141,24 +150,34 @@ spec:
       protocol: TCP
   type: ClusterIP
                                                                                                                                                        
 
-
                                                                                                                                                    Table 2 Key parameters
                                                                                                                                                    Parameter
                                                                                                                                                    
+
                                                                                                                                                    
-
-
-
+
+
+
+
-
-
-
@@ -135,7 +154,7 @@ spec:
 
                                                                                                                                                  4. Run the following command to create a PVC:
                                                                                                                                                    kubectl apply -f pvc-local.yaml
                                                                                                                                                    
 
                                                                                                                                                    5. 
-
                                                                                                                                                  5. Create an application.
                                                                                                                                                    1. Create a file named web-demo.yaml. In this example, the local PV is mounted to the /data path.
                                                                                                                                                      apiVersion: apps/v1
+
                                                                                                                                                    2. Create an application.
                                                                                                                                                      1. Create a file named web-local.yaml. In this example, the local PV is mounted to the /data path.
                                                                                                                                                        apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: web-local
@@ -145,7 +164,7 @@ spec:
   selector:
     matchLabels:
       app: web-local
-  serviceName: web-local   # Headless Service name.
+  serviceName: web-local   # Headless Service name
   template:
     metadata:
       labels:
@@ -155,19 +174,19 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-disk    #Volume name, which must be the same as the volume name in the volumes field.
-          mountPath: /data  #Location where the storage volume is mounted.
+        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: pvc-disk    #Volume name, which can be customized.
+        - name: pvc-disk    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-local    #Name of the created PVC.
+            claimName: pvc-local    # Name of the created PVC
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: web-local   # Headless Service name.
+  name: web-local   # Headless Service name
   namespace: default
   labels:
     app: web-local
@@ -193,12 +212,12 @@ spec:
 
                                                                                                                                                      2. Run the following command to check whether the local PV has been mounted to the /data path:
                                                                                                                                                        kubectl exec web-local-0 -- df | grep data
                                                                                                                                                        
 
                                                                                                                                                        Expected output:
                                                                                                                                                        
 
                                                                                                                                                        /dev/mapper/vg--everest--localvolume--persistent-pvc-local          10255636     36888  10202364   0% /data
                                                                                                                                                        
-
                                                                                                                                                      3. Run the following command to view the files in the /data path:
                                                                                                                                                        kubectl exec web-local-0 -- ls /data
                                                                                                                                                        
+
                                                                                                                                                      4. Run the following command to check the files in the /data path:
                                                                                                                                                        kubectl exec web-local-0 -- ls /data
                                                                                                                                                        
 
                                                                                                                                                        Expected output:
                                                                                                                                                        
 
                                                                                                                                                        lost+found
                                                                                                                                                        
 
                                                                                                                                                      
 
                                                                                                                                                    3. Run the following command to create a file named static in the /data path:
                                                                                                                                                      kubectl exec web-local-0 --  touch /data/static
                                                                                                                                                      
-
                                                                                                                                                    4. Run the following command to view the files in the /data path:
                                                                                                                                                      kubectl exec web-local-0 -- ls /data
                                                                                                                                                      
+
                                                                                                                                                    5. Run the following command to check the files in the /data path:
                                                                                                                                                      kubectl exec web-local-0 -- ls /data
                                                                                                                                                      
 
                                                                                                                                                      Expected output:
                                                                                                                                                      
 
                                                                                                                                                      lost+found
 static
                                                                                                                                                      
@@ -209,7 +228,7 @@ spec:
 
                                                                                                                                                      Expected output:
                                                                                                                                                      
 
                                                                                                                                                      lost+found
 static
                                                                                                                                                      
-
                                                                                                                                                      If the static file still exists, the data in the local PV can be stored persistently.
                                                                                                                                                      
+
                                                                                                                                                      The static file is retained, indicating that the data in the local PV can be stored persistently.
                                                                                                                                                      
 
                                                                                                                                                    
 
 
                                                                                                                                                    Related Operations
                                                                                                                                                    You can also perform the operations listed in Table 3.
@@ -223,16 +242,16 @@ spec:
 
 
                                                                                                                                                    6. 
-
-
-
-
@@ -243,7 +262,7 @@ spec:
 
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Parent topic: Local Persistent Volumes
                                                                                                                                                    
+
                                                                                                                                                    Parent topic: Local PVs
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0635.html b/docs/cce/umn/cce_10_0635.html
index 9b3ff2cf..6cedb86c 100644
--- a/docs/cce/umn/cce_10_0635.html
+++ b/docs/cce/umn/cce_10_0635.html
@@ -1,11 +1,11 @@
 
                                                                                                                                                    Dynamically Mounting a Local PV to a StatefulSet
                                                                                                                                                    
-
                                                                                                                                                    Application Scenarios
                                                                                                                                                    Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on the storage class to dynamically provision PVs. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                                                    
+
                                                                                                                                                    Application Scenarios
                                                                                                                                                    Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on dynamic creation of PVs through StorageClass. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Prerequisites
                                                                                                                                                    
+
                                                                                                                                                    Prerequisites
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Dynamically Mounting a Local PV on the Console
                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                    2. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate.
                                                                                                                                                    4. Click Create PVC. In the dialog box displayed, configure the volume claim template parameters.
                                                                                                                                                      Click Create.
+
                                                                                                                                                      Dynamically Mounting a Local PV on the Console
                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                      2. Choose Workloads in the navigation pane. In the right pane, click the StatefulSets tab.
                                                                                                                                                      3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate.
                                                                                                                                                      4. Click Create PVC. In the dialog box displayed, configure the volume claim template parameters.
                                                                                                                                                        Click Create.
 
                                                                                                                                                    Table 2 Key parameters
                                                                                                                                                    Parameter
                                                                                                                                                    
 
                                                                                                                                                    Mandatory
                                                                                                                                                    
+
                                                                                                                                                    Mandatory
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Description
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    storage
                                                                                                                                                    
+
                                                                                                                                                    everest.io/csi.volume-name-prefix
                                                                                                                                                    
 
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                    
+
                                                                                                                                                    This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                    
+
                                                                                                                                                    Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                                    
+
                                                                                                                                                    For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                    
+
                                                                                                                                                    storage
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Requested capacity in the PVC, in Gi.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    storageClassName
                                                                                                                                                    
+
                                                                                                                                                    storageClassName
                                                                                                                                                    
 
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
 
                                                                                                                                                    Storage class name. The storage class name of local PV is csi-local-topology.
                                                                                                                                                    
+
                                                                                                                                                    StorageClass name, which is csi-local-topology for a local PV.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
                                                                                                                                                     
 
                                                                                                                                                    Viewing events
                                                                                                                                                    
 
                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                    
+
                                                                                                                                                    View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                    
 
                                                                                                                                                    1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                    
+
                                                                                                                                                    1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    Viewing a YAML file
                                                                                                                                                    
 
                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                    
+
                                                                                                                                                    View, copy, or download the YAML file of a PVC or PV.
                                                                                                                                                    
 
                                                                                                                                                    1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                    
+
                                                                                                                                                    1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
                                                                                                                                                     
 
 
 
                                                                                                                                                    
+
+
+
+
+
+
-
-
-
-
                                                                                                                                                    Parameter
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Description
                                                                                                                                                    
@@ -32,9 +32,21 @@
 
                                                                                                                                                    The storage class of local PVs is csi-local-topology.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    (Optional) Storage Volume Name Prefix
                                                                                                                                                    
+
                                                                                                                                                    Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                    
+
                                                                                                                                                    This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                    
+
                                                                                                                                                    For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                    
+
                                                                                                                                                    Capacity (GiB)
                                                                                                                                                    
+
                                                                                                                                                    Capacity of the requested storage volume.
                                                                                                                                                    
+
                                                                                                                                                    
 
                                                                                                                                                    Access Mode
                                                                                                                                                    
 
                                                                                                                                                    Local PVs support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                    
+
                                                                                                                                                    Local PVs support only ReadWriteOnce, indicating that a PV can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    Storage Pool
                                                                                                                                                    
@@ -42,11 +54,6 @@
 
                                                                                                                                                    View the imported storage pool. For details about how to import a new data volume to the storage pool, see Importing a PV to a Storage Pool.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Capacity (GiB)
                                                                                                                                                    
-
                                                                                                                                                    Capacity of the requested storage volume.
                                                                                                                                                    
-
                                                                                                                                                    
 
 
                                                                                                                                                    
 
                                                                                                                                                    
@@ -61,7 +68,7 @@
 
                                                                                                                                                    Mount Path
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                                                                    
-
                                                                                                                                                    This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                     NOTICE: 
                                                                                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                    
+
                                                                                                                                                    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                     NOTICE: 
                                                                                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    Permission
                                                                                                                                                    
 
                                                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                    • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                    
+
                                                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
                                                                                                                                                     
 
                                                                                                                                                    Table 2 Key parameters
                                                                                                                                                    Parameter
                                                                                                                                                    
+
                                                                                                                                                    
-
-
-
+
+
+
+
-
-
@@ -177,12 +196,12 @@ statefulset-local-1          1/1     Running   0             28s
                                                                                                                                                  6. Run the following command to check whether the local PV has been mounted to the /data path:
                                                                                                                                                    kubectl exec statefulset-local-0 -- df | grep data
                                                                                                                                                    
 
                                                                                                                                                    Expected output:
                                                                                                                                                    
 
                                                                                                                                                    /dev/mapper/vg--everest--localvolume--persistent-pvc-local              10255636     36888  10202364   0% /data
                                                                                                                                                    
-
                                                                                                                                                  7. Run the following command to view the files in the /data path:
                                                                                                                                                    kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                    
+
                                                                                                                                                  8. Run the following command to check the files in the /data path:
                                                                                                                                                    kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                    
 
                                                                                                                                                    Expected output:
                                                                                                                                                    
 
                                                                                                                                                    lost+found
                                                                                                                                                    
 
                                                                                                                                                  9. Run the following command to create a file named static in the /data path:
                                                                                                                                                    kubectl exec statefulset-local-0 --  touch /data/static
                                                                                                                                                    
-
                                                                                                                                                  10. Run the following command to view the files in the /data path:
                                                                                                                                                    kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                    
+
                                                                                                                                                  11. Run the following command to check the files in the /data path:
                                                                                                                                                    kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                    
 
                                                                                                                                                    Expected output:
                                                                                                                                                    
 
                                                                                                                                                    lost+found
 static
                                                                                                                                                    
@@ -193,7 +212,7 @@ statefulset-local-1          1/1     Running   0             28s
 
                                                                                                                                                    Expected output:
                                                                                                                                                    
 
                                                                                                                                                    lost+found
 static
                                                                                                                                                    
-
                                                                                                                                                    If the static file still exists, the data in the local PV can be stored persistently.
                                                                                                                                                    
+
                                                                                                                                                    The static file is retained, indicating that the data in the local PV can be stored persistently.
                                                                                                                                                    
 
                                                                                                                                                    12. Related Operations
                                                                                                                                                    You can also perform the operations listed in Table 3.
@@ -207,16 +226,16 @@ statefulset-local-1          1/1     Running   0             28s
 
 
                                                                                                                                                    
-
-
-
-
@@ -227,7 +246,7 @@ statefulset-local-1          1/1     Running   0             28s
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Parent topic: Local Persistent Volumes
                                                                                                                                                    
+
                                                                                                                                                    Parent topic: Local PVs
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0637.html b/docs/cce/umn/cce_10_0637.html
index 2ad0a75b..8862ea94 100644
--- a/docs/cce/umn/cce_10_0637.html
+++ b/docs/cce/umn/cce_10_0637.html
@@ -6,10 +6,10 @@
 
                                                                                                                                                    Common EVs in Kubernetes:
                                                                                                                                                    • emptyDir: empty at pod startup, with storage coming locally from the kubelet base directory (usually the root disk) or memory. emptyDir is allocated from the EV of the node. If data from other sources (such as log files or image tiering data) occupies the ephemeral storage, the storage capacity may be insufficient.
                                                                                                                                                    • ConfigMap: Kubernetes data of the ConfigMap type is mounted to pods as data volumes.
                                                                                                                                                    • Secret: Kubernetes data of the Secret type is mounted to pods as data volumes.
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    emptyDir Types
                                                                                                                                                    CCE provides the following emptyDir types:
                                                                                                                                                    • Using a Temporary Path: Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                                                    • Using a Local EV: Local data disks in a node form a storage pool (VolumeGroup) through LVM. LVs are created as the storage medium of emptyDir and mounted to containers. LVs deliver better performance than the default storage medium of emptyDir.
                                                                                                                                                    
+
                                                                                                                                                    emptyDir Types
                                                                                                                                                    CCE provides the following emptyDir types:
                                                                                                                                                    • Using a Temporary Path: Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                                                    • Using a Local EV: Local data disks in a node form a storage pool (VolumeGroup) through LVM. LVs are created as the storage medium of emptyDir and mounted to pods. LVs deliver better performance than the default storage medium of emptyDir.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Constraints
                                                                                                                                                    • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                    • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                    
+
                                                                                                                                                    Notes and Constraints
                                                                                                                                                    • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                    • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0638.html b/docs/cce/umn/cce_10_0638.html
index 8e6582f3..33e99179 100644
--- a/docs/cce/umn/cce_10_0638.html
+++ b/docs/cce/umn/cce_10_0638.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                    Using a Temporary Path
                                                                                                                                                    
 
                                                                                                                                                    A temporary path is of the Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                                                    
-
                                                                                                                                                    Using the Console to Use a Temporary Path
                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                    2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                    3. Click Create Workload in the upper right corner of the page. In the Container Settings area, click the Data Storage tab and click Add Volume > EmptyDir.
                                                                                                                                                    4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                                      
+
                                                                                                                                                      Using a Temporary Path on the Console
                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                      2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                                                      3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select EmptyDir.
                                                                                                                                                      4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                                        
 
                                                                                                                                                    Table 2 Key parameters
                                                                                                                                                    Parameter
                                                                                                                                                    
 
                                                                                                                                                    Mandatory
                                                                                                                                                    
+
                                                                                                                                                    Mandatory
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Description
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    storage
                                                                                                                                                    
+
                                                                                                                                                    everest.io/csi.volume-name-prefix
                                                                                                                                                    
 
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                    
+
                                                                                                                                                    This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                    
+
                                                                                                                                                    Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                                    
+
                                                                                                                                                    For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                    
+
                                                                                                                                                    storage
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Requested capacity in the PVC, in Gi.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    storageClassName
                                                                                                                                                    
+
                                                                                                                                                    storageClassName
                                                                                                                                                    
 
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    The storage class of local PVs is csi-local-topology.
                                                                                                                                                    
                                                                                                                                                     		
 
 
 
 
                                                                                                                                                    Viewing events
                                                                                                                                                    
 
                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                    
+
                                                                                                                                                    View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                    
 
                                                                                                                                                    1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                    
+
                                                                                                                                                    1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    Viewing a YAML file
                                                                                                                                                    
 
                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                    
+
                                                                                                                                                    View, copy, or download the YAML file of a PVC or PV.
                                                                                                                                                    
 
                                                                                                                                                    1. Choose Storage in the navigation pane and click the PVCs or PVs tab.
                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                    
+
                                                                                                                                                    1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
                                                                                                                                                     
 
 
 
                                                                                                                                                    
-
-
@@ -40,7 +40,7 @@
 
                                                                                                                                                  12. After the configuration, click Create Workload.
                                                                                                                                                    13. 
-
                                                                                                                                                    Using kubectl to Use a Temporary Path
                                                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                    2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                                      vi nginx-emptydir.yaml
                                                                                                                                                      
+
                                                                                                                                                      Using a Temporary Path Through kubectl
                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                      2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                                        vi nginx-emptydir.yaml
                                                                                                                                                        
 
                                                                                                                                                        Content of the YAML file:
                                                                                                                                                        
 
                                                                                                                                                        apiVersion: apps/v1
 kind: Deployment
@@ -61,15 +61,15 @@ spec:
         - name: container-1
           image: nginx:latest
           volumeMounts:
-            - name: vol-emptydir     # Volume name, which must be the same as the volume name in the volumes field.
-              mountPath: /tmp        # Path to which an EV is mounted.
+            - name: vol-emptydir     # Volume name, which must be the same as the volume name in the volumes field
+              mountPath: /tmp        # Location where the emptyDir is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: vol-emptydir         # Volume name, which can be customized.
+        - name: vol-emptydir         # Volume name, which can be customized
           emptyDir:
             medium: Memory          # EV disk medium: If this parameter is set to Memory, the memory is enabled. If this parameter is left blank, the native default storage medium is used.
-            sizeLimit: 1Gi          # Volume capacity.
                                                                                                                                                        
+            sizeLimit: 1Gi          # Volume capacity
 
                                                                                                                                                      3. Create a workload.
                                                                                                                                                        kubectl apply -f nginx-emptydir.yaml
                                                                                                                                                        
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0642.html b/docs/cce/umn/cce_10_0642.html
index 59856f3c..4ed71343 100644
--- a/docs/cce/umn/cce_10_0642.html
+++ b/docs/cce/umn/cce_10_0642.html
@@ -2,15 +2,15 @@
 
 
                                                                                                                                                      Importing a PV to a Storage Pool
                                                                                                                                                      
 
                                                                                                                                                      CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. Before creating a local PV, import the data disk of the node to the storage pool.
                                                                                                                                                      
-
                                                                                                                                                      Constraints
                                                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                      
+
                                                                                                                                                      Notes and Constraints
                                                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                      
 
                                                                                                                                                      • The first data disk (used by container runtime and the kubelet component) on a node cannot be imported as a storage pool.
                                                                                                                                                      • Storage pools in striped mode do not support scale-out. After scale-out, fragmented space may be generated and the storage pool cannot be used.
                                                                                                                                                      • Storage pools cannot be scaled in or deleted.
                                                                                                                                                      • If disks in a storage pool on a node are deleted, the storage pool will malfunction.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Importing a Storage Pool
                                                                                                                                                      Imported during node creation
                                                                                                                                                      
 
                                                                                                                                                      When creating a node, you can add a data disk to the node in Storage Settings and import the data disk to the storage pool as a PV. For details, see Creating a Node.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Imported manually
                                                                                                                                                      
-
                                                                                                                                                      If no PV is imported during node creation, or the capacity of the current storage volume is insufficient, you can manually import a storage pool.
                                                                                                                                                      
-
                                                                                                                                                      1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                      2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                      3. Choose Storage in the navigation pane and click the Storage Pool tab.
                                                                                                                                                      4. View the node to which the disk has been added and select Import as PV. You can select a write mode during the import.
                                                                                                                                                         
                                                                                                                                                        If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                        
+
                                                                                                                                                        If no PV is imported during node creation, or the capacity of the current PV is insufficient, you can manually import a PV.
                                                                                                                                                        
+
                                                                                                                                                        1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                        2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                        3. Choose Storage in the navigation pane. In the right pane, click the Storage Pool tab.
                                                                                                                                                        4. View the node to which the disk has been added and select Import as PV. You can select a write mode during the import.
                                                                                                                                                           
                                                                                                                                                          If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                          • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                          
 
                                                                                                                                                        
@@ -18,7 +18,7 @@
 
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
-
                                                                                                                                                        Parent topic: Local Persistent Volumes
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: Local PVs
                                                                                                                                                        
 
                                                                                                                                                        
 
                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0649.html b/docs/cce/umn/cce_10_0649.html
new file mode 100644
index 00000000..7b8d9447
--- /dev/null
+++ b/docs/cce/umn/cce_10_0649.html
@@ -0,0 +1,26 @@
+
+
+
                                                                                                                                                        Priorities for Scaling Node Pools
                                                                                                                                                        
+
                                                                                                                                                        Prerequisites
                                                                                                                                                        To use node flavor priorities, the Autoscaler version must be 1.19.35, 1.21.28, 1.23.30, 1.25.20, or later. To balance load among AZs, the version must be 1.23.122, 1.25.117, 1.27.85, 1.28.52, or later.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Elastic Capacity Expansion Policies
                                                                                                                                                        Node pools are scaled according to their priorities and flavor priorities.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        1. Predictive flavor filtering:
                                                                                                                                                          • The predictive algorithm chooses proper flavors that meet the scheduling needs of pending pods from all node pools.
                                                                                                                                                          • To schedule pods, various factors are considered, including whether the node resources meet the requested resources of the pods, and if the nodeSelector, nodeAffinity, and taints satisfy the conditions for pod scheduling.
                                                                                                                                                          • Additionally, if certain node pool flavors experience scale-out failures, such as insufficient resources, and enter a 5-minute cooldown period, the scale-out algorithm will automatically exclude them from consideration during that time.
                                                                                                                                                          
+
                                                                                                                                                        2. Node pool sorting by priority
                                                                                                                                                          Node pools are assigned priorities and sorted accordingly. The node pool with the highest priority is preferentially selected.
                                                                                                                                                          
+
                                                                                                                                                        3. Flavor selection by priority
                                                                                                                                                          When multiple node pools have the same highest priority, the flavor with the highest priority is selected according to the following rules:
                                                                                                                                                          
+
                                                                                                                                                          • The flavor with the highest priority in each node pool is selected.
                                                                                                                                                          • If multiple flavors have the same priority, choose the one that requires the least volume of resources to meet the pod scheduling requirements.
                                                                                                                                                          • If multiple flavors require the minimum volume of resources, choose one based on a balanced distribution among AZs.
                                                                                                                                                          
+
                                                                                                                                                        4. Troubleshooting if resources are insufficient or a creation failed
                                                                                                                                                          If the preferred flavor is unavailable due to insufficient resources or quota in the AZ, CCE will try to use the next priority flavor in the node pool, and the original instance will enter a 5-minute cooldown period.
                                                                                                                                                          
+
                                                                                                                                                          If none of the flavors in a node pool can be used to create instances, CCE will try to use the next priority node pool to create instances.
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Manual Capacity Expansion Policies
                                                                                                                                                        When manually scaling out a node pool, you can select a specified flavor. If the resources of the selected flavor are insufficient or the quota is insufficient, the scale-out will fail.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Configuring Priorities
                                                                                                                                                        For details about how to configure the priorities of node pool flavors, see Configuring an Auto Scaling Policy for a Cluster.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Parent topic: Scaling a Node
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0651.html b/docs/cce/umn/cce_10_0651.html
new file mode 100644
index 00000000..5fc021e8
--- /dev/null
+++ b/docs/cce/umn/cce_10_0651.html
@@ -0,0 +1,262 @@
+
+
+
                                                                                                                                                        Configuring a Static EIP for a Pod
                                                                                                                                                        
+
                                                                                                                                                        Application Scenarios
                                                                                                                                                        In Cloud Native Network 2.0, static public IP addresses (EIPs) can be assigned to StatefulSets or pods created directly.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Constraints
                                                                                                                                                        • You can configure a static EIP for a pod only in CCE Turbo clusters of the following versions:
                                                                                                                                                          • v1.19: v1.19.16-r20 or later
                                                                                                                                                          • v1.21: v1.21.10-r0 or later
                                                                                                                                                          • v1.23: v1.23.8-r0 or later
                                                                                                                                                          • v1.25: v1.25.3-r0 or later
                                                                                                                                                          • v1.25 or later
                                                                                                                                                          
+
                                                                                                                                                        • The static EIP function must be enabled together with the function of automatically allocating an EIP for a pod. For details, see Configuring an EIP for a Pod.
                                                                                                                                                        • Only StatefulSet pods or pods created directly can be bound with static EIPs. Deployments, DaemonSets, and other types of workloads cannot be bound with static EIPs.
                                                                                                                                                        • After a static EIP is allocated, the EIP attributes cannot be modified through the pod within the EIP lifecycle (before the EIP expires or it is still being used by the pod).
                                                                                                                                                        • Do not configure a static EIP for services that do not have specific requirements on pod EIPs. Otherwise, the pod rebuilding takes a longer time.
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        Configuring a Static EIP for a Pod
                                                                                                                                                        When creating a pod to be bound with a static IP address, configure the EIP annotation. Then, an EIP will be automatically allocated and bound to the pod.
                                                                                                                                                        
+
                                                                                                                                                        The following uses a StatefulSet named nginx as an example. For details about annotations, see Table 1.
                                                                                                                                                        
+
                                                                                                                                                        • For an automatically allocated EIP with a dedicated bandwidth when you create a StatefulSet, you do not need to specify the bandwidth ID. The following shows an example:
                                                                                                                                                          apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: nginx
+spec:
+  serviceName: nginx
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/static-eip: 'true'   # Static EIP bound to the pod
+        yangtse.io/static-eip-expire-no-cascading: 'false'   # Deleting the EIP with the associated workload
+        yangtse.io/static-eip-expire-duration: 5m   # Interval for reclaiming expired EIPs
+        yangtse.io/pod-with-eip: 'true'   # An EIP will be automatically allocated when the pod is created.
+        yangtse.io/eip-bandwidth-size: '5'    # EIP bandwidth
+        yangtse.io/eip-network-type: 5_bgp    # EIP type
+        yangtse.io/eip-charge-mode: bandwidth    # EIP billing mode
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                          
+
                                                                                                                                                        
+
                                                                                                                                                        • For an automatically allocated EIP with a shared bandwidth when you create a StatefulSet, you are required to specify the bandwidth ID. The following shows an example:
                                                                                                                                                          apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: nginx
+spec:
+  serviceName: nginx
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/static-eip: 'true'   # Static EIP bound to the pod
+        yangtse.io/pod-with-eip: 'true'   # An EIP will be automatically allocated when the pod is created.
+        yangtse.io/eip-network-type: 5_bgp    # EIP type
+        yangtse.io/eip-bandwidth-id: <eip_bandwidth_id>    # Shared bandwidth ID of the EIP
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                          
+
                                                                                                                                                        
+
+
                                                                                                                                                    Table 1 Mounting an EV
                                                                                                                                                    Parameter
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Description
                                                                                                                                                    
@@ -20,19 +20,19 @@
 
                                                                                                                                                    Mount Path
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    Enter a mount path, for example, /tmp.
                                                                                                                                                    
-
                                                                                                                                                    This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                     NOTICE: 
                                                                                                                                                    If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                    
+
                                                                                                                                                    This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                     NOTICE: 
                                                                                                                                                    If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    		
 
                                                                                                                                                    
 
                                                                                                                                                    Subpath
                                                                                                                                                    
 
                                                                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                    
+
                                                                                                                                                    Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
                                                                                                                                                    Permission
                                                                                                                                                    
 
                                                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                    • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                    
+
                                                                                                                                                    • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                    • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                    
                                                                                                                                                     		
 
                                                                                                                                                    
 
 
 
                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                    Table 1 Annotations of the pod's static EIP
                                                                                                                                                    Annotation
                                                                                                                                                    
+
                                                                                                                                                    Mandatory
                                                                                                                                                    
+
                                                                                                                                                    Default Value
                                                                                                                                                    
+
                                                                                                                                                    Description
                                                                                                                                                    
+
                                                                                                                                                    Value Range
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/static-eip
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    false
                                                                                                                                                    
+
                                                                                                                                                    Specifies whether to enable the static EIP of a pod. This function is supported only for StatefulSet pods or pods without ownerReferences. This function is disabled by default.
                                                                                                                                                    
+
                                                                                                                                                    false or true
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/static-eip-expire-duration
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    5m
                                                                                                                                                    
+
                                                                                                                                                    Specifies the interval for reclaiming the expired static EIP after the pod with a static EIP is deleted.
                                                                                                                                                    
+
                                                                                                                                                    The time format is Go time type, for example, 1h30m and 5m. For details, see Go time type.
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/static-eip-expire-no-cascading
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    false
                                                                                                                                                    
+
                                                                                                                                                    Specifies whether to disable cascading reclamation of StatefulSet workloads.
                                                                                                                                                    
+
                                                                                                                                                    The default value is false, indicating that the corresponding static EIP will be deleted with the StatefulSet workload. If you want to retain the static EIP for a new StatefulSet with the same name during the interval for reclaiming the expired EIP, set the value to true.
                                                                                                                                                    
+
                                                                                                                                                    false or true
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
+
                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                    Table 2 Annotations of an EIP with a dedicated bandwidth
                                                                                                                                                    Annotation
                                                                                                                                                    
+
                                                                                                                                                    Mandatory
                                                                                                                                                    
+
                                                                                                                                                    Default Value
                                                                                                                                                    
+
                                                                                                                                                    Description
                                                                                                                                                    
+
                                                                                                                                                    Value Range
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/pod-with-eip
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    false
                                                                                                                                                    
+
                                                                                                                                                    Whether to allocate an EIP with a pod and bind the EIP to the pod
                                                                                                                                                    
+
                                                                                                                                                    false or true
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/eip-bandwidth-size
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    5
                                                                                                                                                    
+
                                                                                                                                                    Bandwidth, in Mbit/s
                                                                                                                                                    
+
                                                                                                                                                    The value range varies depending on the region and bandwidth billing mode. For details, see the EIP console.
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/eip-network-type
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    5_bgp
                                                                                                                                                    
+
                                                                                                                                                    EIP type
                                                                                                                                                    
+
                                                                                                                                                    The type varies depending on the region. For details, see on the EIP console.
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/eip-charge-mode
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    None
                                                                                                                                                    
+
                                                                                                                                                    Billed by traffic or bandwidth
                                                                                                                                                    
+
                                                                                                                                                    You are advised to configure this parameter. If this parameter is left blank, no billing mode is specified. In this case, the default value of the EIP API in the region is used.
                                                                                                                                                    
+
                                                                                                                                                    • bandwidth: billed by bandwidth
                                                                                                                                                    • traffic: billed by traffic
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/eip-bandwidth-name
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    Pod name
                                                                                                                                                    
+
                                                                                                                                                    Bandwidth name
                                                                                                                                                    
+
                                                                                                                                                    • Enter 1 to 64 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                                                                                                                                    • Minimum length: 1 character
                                                                                                                                                    • Maximum length: 64 characters
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
+
                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                    Table 3 Annotations of an EIP with a shared bandwidth
                                                                                                                                                    Annotation
                                                                                                                                                    
+
                                                                                                                                                    Mandatory
                                                                                                                                                    
+
                                                                                                                                                    Default Value
                                                                                                                                                    
+
                                                                                                                                                    Description
                                                                                                                                                    
+
                                                                                                                                                    Value Range
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/pod-with-eip
                                                                                                                                                    
+
                                                                                                                                                    Yes
                                                                                                                                                    
+
                                                                                                                                                    false
                                                                                                                                                    
+
                                                                                                                                                    Whether to allocate an EIP with a pod and bind the EIP to the pod
                                                                                                                                                    
+
                                                                                                                                                    false or true
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/eip-network-type
                                                                                                                                                    
+
                                                                                                                                                    No
                                                                                                                                                    
+
                                                                                                                                                    5_bgp
                                                                                                                                                    
+
                                                                                                                                                    EIP type
                                                                                                                                                    
+
                                                                                                                                                    • 5_bgp
                                                                                                                                                    
+
                                                                                                                                                    The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                    
+
                                                                                                                                                    yangtse.io/eip-bandwidth-id
                                                                                                                                                    
+
                                                                                                                                                    Mandatory when a shared bandwidth is used
                                                                                                                                                    
+
                                                                                                                                                    None
                                                                                                                                                    
+
                                                                                                                                                    ID of an existing bandwidth
                                                                                                                                                    
+
                                                                                                                                                    • If this parameter is not specified, the EIP with a dedicated bandwidth is used by default. For details about how to configure parameters for an EIP with a dedicated bandwidth, see Table 1.
                                                                                                                                                    • Only the yangtse.io/eip-network-type field can be specified concurrently, and this field is optional.
                                                                                                                                                    
+
                                                                                                                                                    None
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
+
                                                                                                                                                    Deleting a Static EIP
                                                                                                                                                    After a pod is deleted, if another pod with the same name is created before the static EIP expires, the EIP can still be used. The static EIP is deleted only if there is no new pod with the name the same as that of the deleted pod before the EIP expires, or the function of deleting the EIP with the associated StatefulSet is enabled and the StatefulSet is deleted.
                                                                                                                                                    
+
                                                                                                                                                    
+
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    Parent topic: Cloud Native Network 2.0 Settings
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0652.html b/docs/cce/umn/cce_10_0652.html
index 0386fc47..0076d913 100644
--- a/docs/cce/umn/cce_10_0652.html
+++ b/docs/cce/umn/cce_10_0652.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                    Configuring a Node Pool
                                                                                                                                                    
-
                                                                                                                                                    Constraints
                                                                                                                                                    The default node pool DefaultPool does not support the following management operations.
                                                                                                                                                    
+
                                                                                                                                                    Modifying Node Pool Configurations
                                                                                                                                                    
+
                                                                                                                                                    Notes and Constraints
                                                                                                                                                    The default node pool does not support the following management operations.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    Configuration Management
                                                                                                                                                    CCE allows you to highly customize Kubernetes parameter settings on core components in a cluster. For more information, see kubelet.
                                                                                                                                                    
 
                                                                                                                                                    This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                                                                                                                                                    
-
                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                    3. Click Manage in the Operation column of the target node pool
                                                                                                                                                    4. On the Manage Components page on the right, change the values of Kubernetes parameters.
                                                                                                                                                      
+
                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                      2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                      3. Click Manage in the Operation column of the target node pool
                                                                                                                                                      4. On the Manage Components page on the right, change the values of Kubernetes parameters.
                                                                                                                                                        
 
                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -252,28 +308,17 @@
 
                                                                                                                                                        kubelet can identify the following specific file system identifiers:
                                                                                                                                                        • nodefs: main file system of a node. It is used for local disk volumes, emptyDir volumes that are not supported by memory, and log storage. For example, nodefs contains /var/lib/kubelet/.
                                                                                                                                                        • imagefs: file system partition used by a container engine.
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
+
                                                                                                                                                        
@@ -691,6 +736,32 @@
 
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                        Table 1 kubelet
                                                                                                                                                        Item
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Parameter
                                                                                                                                                        
@@ -97,6 +97,17 @@
 
                                                                                                                                                        None
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Upper Limit for Burst Events
                                                                                                                                                        
+
                                                                                                                                                        event-burst
                                                                                                                                                        
+
                                                                                                                                                        Upper limit for burst event creation. The number of burst events can be temporarily increased to the specified value.
                                                                                                                                                        
+
                                                                                                                                                        Default: 10
                                                                                                                                                        
+
                                                                                                                                                        None
                                                                                                                                                        
+
                                                                                                                                                        
 
                                                                                                                                                        Allowed unsafe sysctls
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        allowed-unsafe-sysctls
                                                                                                                                                        
@@ -215,6 +226,56 @@
 
                                                                                                                                                        This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Maximum Number of Container Log Files
                                                                                                                                                        
+
                                                                                                                                                        container-log-max-files
                                                                                                                                                        
+
                                                                                                                                                        Maximum number of container log files. When the number of existing log files exceeds this value, the earliest log file will be deleted to release space for new log files.
                                                                                                                                                        
+
                                                                                                                                                        Default: 10
                                                                                                                                                        
+
                                                                                                                                                        Value range: 2 to 100
                                                                                                                                                        
+
                                                                                                                                                        This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        Maximum Container Log File Size
                                                                                                                                                        
+
                                                                                                                                                        container-log-max-size
                                                                                                                                                        
+
                                                                                                                                                        Maximum size of a single container log file. When the size of a log file reaches this value, the current log file will be closed and a new log file will be created to continue logging.
                                                                                                                                                        
+
                                                                                                                                                        Default: 50
                                                                                                                                                        
+
                                                                                                                                                        Value range: 1 to 4096
                                                                                                                                                        
+
                                                                                                                                                        This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        Upper Limit for Image Garbage Collection
                                                                                                                                                        
+
                                                                                                                                                        image-gc-high-threshold
                                                                                                                                                        
+
                                                                                                                                                        When the kubelet disk usage reaches this value, kubelet starts to collect image garbage.
                                                                                                                                                        
+
                                                                                                                                                        Default: 80
                                                                                                                                                        
+
                                                                                                                                                        Value range: 1 to 100
                                                                                                                                                        
+
                                                                                                                                                        To disable image garbage collection, set this parameter to 100.
                                                                                                                                                        
+
                                                                                                                                                        This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        Lower Limit for Image Garbage Collection
                                                                                                                                                        
+
                                                                                                                                                        image-gc-low-threshold
                                                                                                                                                        
+
                                                                                                                                                        When the disk usage reduces to this value, image garbage collection stops.
                                                                                                                                                        
+
                                                                                                                                                        Default: 70
                                                                                                                                                        
+
                                                                                                                                                        Value range: 1 to 100
                                                                                                                                                        
+
                                                                                                                                                        The value of this parameter cannot be greater than the upper limit for image garbage collection.
                                                                                                                                                        
+
                                                                                                                                                        This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        
 
                                                                                                                                                        Node memory reservation
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        system-reserved-mem
                                                                                                                                                        
@@ -234,11 +295,6 @@
 
                                                                                                                                                        
 
                                                                                                                                                        Hard eviction
                                                                                                                                                        
 
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        memory.available
                                                                                                                                                        
                                                                                                                                                         		
 
 
 
 
                                                                                                                                                        
 
                                                                                                                                                        nodefs.available
                                                                                                                                                        
@@ -485,7 +530,7 @@
 
                                                                                                                                                        nic-warm-target
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.
                                                                                                                                                        
-
                                                                                                                                                        When the sum of the nic-warm-target value and the current number of ENIs bound to the node is greater than the nic-maximum-target value, CCE will pre-bind on the number of ENIs specified by the difference between the nic-maximum-target value and the current number of ENIs bound to the node.
                                                                                                                                                        
+
                                                                                                                                                        When the sum of the nic-warm-target value and the number of ENIs bound to the node is greater than the nic-maximum-target value, CCE will pre-bind the number of ENIs specified by the difference between the nic-maximum-target value and the current number of ENIs bound to the node.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Default: 2
                                                                                                                                                        
 
                                                                                                                                                        The parameter value cannot be changed.
                                                                                                                                                        
                                                                                                                                                         		
 
                                                                                                                                                        Maximum Number of Concurrent Requests for Downloading an Image at a Time
                                                                                                                                                        
+
                                                                                                                                                        max-concurrent-downloads
                                                                                                                                                        
+
                                                                                                                                                        This parameter specifies the maximum number of concurrent requests for downloading an image at a time.
                                                                                                                                                        
+
                                                                                                                                                        Default: 3
                                                                                                                                                        
+
                                                                                                                                                        Value range: 1 to 20
                                                                                                                                                        
+
                                                                                                                                                        If this parameter is set to a large value, the network performance of other services on the node may be affected or the disk I/O and CPU usage may increase.
                                                                                                                                                        
+
                                                                                                                                                        This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        Maximum Container Log Line Size
                                                                                                                                                        
+
                                                                                                                                                        max-container-log-line-size
                                                                                                                                                        
+
                                                                                                                                                        Maximum log line size of a container, in the unit of bytes. The log lines exceeding the limit will be split into multiple lines.
                                                                                                                                                        
+
                                                                                                                                                        Default: 16384
                                                                                                                                                        
+
                                                                                                                                                        Value range: 1 to 2097152
                                                                                                                                                        
+
                                                                                                                                                        A larger value will lead to more containerd memory consumption.
                                                                                                                                                        
+
                                                                                                                                                        This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                        
+
                                                                                                                                                        
 
 
                                                                                                                                                        
 
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0653.html b/docs/cce/umn/cce_10_0653.html
index 54721f91..207d9d44 100644
--- a/docs/cce/umn/cce_10_0653.html
+++ b/docs/cce/umn/cce_10_0653.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                        Updating a Node Pool
                                                                                                                                                        
-
                                                                                                                                                        Constraints
                                                                                                                                                        • The modification of resource tags of a node pool takes effect only on new nodes. To synchronize the modification onto existing nodes, manually reset the existing nodes.
                                                                                                                                                        • Changes to Kubernetes labels/taints in a node pool will be automatically synchronized to existing nodes. You do not need to reset these nodes.
                                                                                                                                                        
+
                                                                                                                                                        Precautions
                                                                                                                                                        • Changes to the container engine, OS, or pre-/post-installation script in a node pool take effect only on new nodes. To synchronize the modification onto existing nodes, manually reset these nodes.
                                                                                                                                                        • Changes to resource tags and Kubernetes labels/taints in a node pool will be automatically synchronized to existing nodes. You do not need to reset these nodes.
                                                                                                                                                        
 
                                                                                                                                                        
-
                                                                                                                                                        Updating a Node Pool
                                                                                                                                                        1. Log in to the CCE console.
                                                                                                                                                        2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                        3. Click Update next to the name of the node pool you will edit. Configure the parameters in the displayed Update Node Pool page.
                                                                                                                                                          Basic Settings
+
                                                                                                                                                          Updating a Node Pool
                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                          2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                          3. Click Update next to the name of the node pool you will edit. Configure the parameters in the displayed Update Node Pool page.
                                                                                                                                                            Basic Settings
 
                                                                                                                                                            
-
                                                                                                                                                            Table 1 Basic settings
                                                                                                                                                            Parameter
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            Description
                                                                                                                                                            
@@ -15,9 +15,85 @@
 
                                                                                                                                                            Name of the node pool.
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            Expected Nodes
                                                                                                                                                            
+
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Configurations
+
                                                                                                                                                            
+
+
+
+
-
+
+
+
+
+
+
+
+
+
                                                                                                                                                            Table 2 Node configuration parameters
                                                                                                                                                            Parameter
                                                                                                                                                            
+
                                                                                                                                                            Description
                                                                                                                                                            
+
                                                                                                                                                            Specifications
                                                                                                                                                            
 
                                                                                                                                                            Change the number of nodes based on service requirements.
                                                                                                                                                            
+
                                                                                                                                                            Select node specifications that best fit your service needs.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            • If a node pool is configured with multiple node flavors, only the flavors (which can be located in different AZs) of the same node type are supported. For example, a node pool consisting of general computing-plus nodes supports only general computing-plus node flavors, but not the flavors of general computing nodes.
                                                                                                                                                            • A maximum of 10 node flavors can be added to a node pool (the flavors in different AZs are counted separately). When adding a node flavor, you can choose multiple AZs, but you need to specify them.
                                                                                                                                                            • Nodes in a newly created node pool are created using the default flavor. If the resources for the default flavor are insufficient, node creation will fail.
                                                                                                                                                            • After a node pool is created, the flavors of existing nodes cannot be deleted.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Container Engine
                                                                                                                                                            
+
                                                                                                                                                            The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            After the container engine is modified, the modification automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            OS
                                                                                                                                                            
+
                                                                                                                                                            Select an OS type. Different types of nodes support different OSs.
                                                                                                                                                            • Public image: Select a public image for the node.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            • Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.
                                                                                                                                                            • After the OS is modified, the modification automatically takes effect on newly added nodes. Manually reset existing nodes for the modification to take effect.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Storage Settings
+
                                                                                                                                                            
+
+
+
+
+
+
+
+
@@ -25,66 +101,103 @@
 
                                                                                                                                                            Advanced Settings
-
                                                                                                                                                            Table 3 Configuration parameters
                                                                                                                                                            Parameter
                                                                                                                                                            
+
                                                                                                                                                            Description
                                                                                                                                                            
+
                                                                                                                                                            System Disk
                                                                                                                                                            
+
                                                                                                                                                            System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            After the system disk configuration is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                                                                                                            • Not encrypted is selected by default.
                                                                                                                                                            • After setting System Disk Encryption to Enabled (key), choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the key text box.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            The modified system disk encryption automatically takes effect on new nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Data Disk
                                                                                                                                                            
+
                                                                                                                                                            At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                                                                                            
+
                                                                                                                                                            • First data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                                            • Other data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            After the data disk configuration is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Advanced Settings
                                                                                                                                                            
+
                                                                                                                                                            Expand the area and configure the following parameters:
                                                                                                                                                            
+
                                                                                                                                                            • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                                                                                               NOTE: 
                                                                                                                                                              After the data disk space allocation configuration is modified, the modification takes effect only for new nodes. The configuration cannot take effect for the existing nodes even if they are reset.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                            • Enabled: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. BMS nodes do not support data disk encryption that is available only in certain regions. For details, see the console.
                                                                                                                                                              • Not encrypted is selected by default.
                                                                                                                                                              • After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the key text box.
                                                                                                                                                              
+
                                                                                                                                                               NOTE: 
                                                                                                                                                              After the Data Disk Encryption is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                            
+
                                                                                                                                                            Adding data disks
                                                                                                                                                            
+
                                                                                                                                                            A maximum of 16 data disks can be attached to an ECS and 10 to a BMS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:
                                                                                                                                                            
+
                                                                                                                                                            • Default: By default, a raw disk is created without any processing.
                                                                                                                                                            • Mount Disk: The data disk is attached to a specified directory.
                                                                                                                                                            • Use as PV: applicable when there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                                                                                                                                                            • Use as ephemeral volume: applicable when there is a high performance requirement on emptyDir.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                            • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Local PVs and local EVs can be written in the following modes:
                                                                                                                                                            • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                            • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Local Disk Description
                                                                                                                                                            
+
                                                                                                                                                            If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                                                                                                            
+
                                                                                                                                                            Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
                                                                                                                                                             
 
 
                                                                                                                                                            
@@ -81,7 +81,7 @@
 
@@ -122,6 +122,8 @@
 
-
-
@@ -526,7 +571,7 @@ spec:
 
-
-
@@ -748,7 +793,7 @@ spec:
 kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
 nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                                          4. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                                            The Nginx is accessible.
                                                                                                                                                            
-
                                                                                                                                                            Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                            
+
                                                                                                                                                            Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                            
 
                                                                                                                                                            5. 
diff --git a/docs/cce/umn/cce_10_0683.html b/docs/cce/umn/cce_10_0683.html
index 224cb7df..e240961c 100644
--- a/docs/cce/umn/cce_10_0683.html
+++ b/docs/cce/umn/cce_10_0683.html
@@ -1,10 +1,10 @@
 
 
-
                                                                                                                                                            Configuring an HTTP or HTTPS Service
                                                                                                                                                            
-
                                                                                                                                                            Constraints
                                                                                                                                                            • Only clusters of v1.19.16 or later support HTTP or HTTPS.
-
                                                                                                                                                            Table 2 Advanced settings
                                                                                                                                                            Parameter
                                                                                                                                                            
+
                                                                                                                                                            
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+
+
                                                                                                                                                            Table 4 Advanced settings
                                                                                                                                                            Parameter
                                                                                                                                                            
 
                                                                                                                                                            Description
                                                                                                                                                            
+
                                                                                                                                                            Description
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
 
                                                                                                                                                            Resource Tag
                                                                                                                                                            
+
                                                                                                                                                            Resource Tag
                                                                                                                                                            
 
                                                                                                                                                            You can add resource tags to classify resources.
                                                                                                                                                            
+
                                                                                                                                                            You can add resource tags to classify resources.
                                                                                                                                                            
 
                                                                                                                                                            You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                                            
 
                                                                                                                                                            CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            Modified resource tags automatically take effect on new nodes.
                                                                                                                                                            
 
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            Kubernetes Label
                                                                                                                                                            
+
                                                                                                                                                            Kubernetes Label
                                                                                                                                                            
 
                                                                                                                                                            A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add. A maximum of 20 labels can be added.
                                                                                                                                                            
+
                                                                                                                                                            A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.
                                                                                                                                                            
 
                                                                                                                                                            Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                                            
-
                                                                                                                                                             NOTE: 
                                                                                                                                                            Modified Kubernetes labels automatically take effect on new nodes.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            Modified Kubernetes labels automatically take effect on new nodes as well as existing nodes if Kubernetes labels is selected in Synchronization for Existing Nodes.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            		
 
                                                                                                                                                            Taint
                                                                                                                                                            
+
                                                                                                                                                            Taint
                                                                                                                                                            
 
                                                                                                                                                            This field is left blank by default. You can add taints to configure node anti-affinity. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                                            • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                                            • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                                                                            • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                                            
+
                                                                                                                                                            This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                                            • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                                            • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                                                                                                                                            • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            For details, see Managing Node Taints.
                                                                                                                                                            
-
                                                                                                                                                             NOTE: 
                                                                                                                                                            Modified taints automatically take effect on new nodes
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            Modified taints automatically take effect on new nodes as well as existing nodes if Taints is selected in Synchronization for Existing Nodes.
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            		
 
                                                                                                                                                            Edit key pair
                                                                                                                                                            
+
                                                                                                                                                            Synchronization for Existing Nodes
                                                                                                                                                            
 
                                                                                                                                                            Only node pools that use key pairs for login support key pair editing. You can select another key pair.
                                                                                                                                                            
+
                                                                                                                                                            After the options are selected, changes to resource tags and Kubernetes labels/taints in a node pool will be synchronized to existing nodes in the node pool.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            When you update a node pool, pay attention to the following if you change the state of Resource tags synchronized:
                                                                                                                                                            
+
                                                                                                                                                            • After the option is selected:
                                                                                                                                                              • CCE will synchronize the resource tags configured in the node pool to existing nodes. If a resource tag with the same key of a resource tag in the node pool already exists on an ECS, the value of the tag on the ECS will be changed to that of the resource tag in the node pool.
                                                                                                                                                              • Typically, it takes less than 10 minutes to synchronize resource tags onto existing nodes, depending on the number of nodes in the node pool.
                                                                                                                                                              • Issue a resource tag synchronization request only after the previous synchronization is complete. Otherwise, the resource tags may be inconsistent between existing nodes.
                                                                                                                                                              
+
                                                                                                                                                            
+
                                                                                                                                                            When you update a node pool, pay attention to the following if you change the state of Kubernetes labels or Taints:
                                                                                                                                                            
+
                                                                                                                                                            • When these options are deselected, the Kubernetes labels/taints of the existing and new nodes in the node pool may be inconsistent. If service scheduling relies on node labels or taints, the scheduling may fail or the node pool may fail to scale.
                                                                                                                                                            • When these options are selected:
                                                                                                                                                              • If you have modified or added labels or taints in the node pool, the modifications will be automatically synchronized to existing nodes typically in 10 minutes after Kubernetes labels or Taints is selected.
                                                                                                                                                              • If you have deleted a label or taint in the node pool, you must manually delete the label or taint on the node list page after Kubernetes labels or Taints is selected.
                                                                                                                                                              • If you have manually changed the key or effect of a taint on an existing node, a new taint will be added to the existing node after Kubernetes labels or Taints is selected. In the new taint, its key is different from the manually changed key but its value and effect are the same as those manually changed ones, or its effect is different from the manually changed effect but its key and value are the same as those manually changed ones. This is because a Kubernetes taint natively uses a key and effect as a key-value pair. The taints with different keys or effects are considered as two taints.
                                                                                                                                                              
+
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            New Node Scheduling
                                                                                                                                                            
+
                                                                                                                                                            Default scheduling policy for the nodes newly added to a node pool. If you select Unschedulable, newly created nodes in the node pool will be labeled as unschedulable. In this way, you can perform some operations on the nodes before pods are scheduled to these nodes.
                                                                                                                                                            
+
                                                                                                                                                            Scheduled Scheduling: After scheduled scheduling is enabled, new nodes will be automatically scheduled after the custom time expires.
                                                                                                                                                            
+
                                                                                                                                                            • Disabled: By default, scheduled scheduling is not enabled for new nodes. To manually enable this function, go to the node list. For details, see Configuring a Node Scheduling Policy in One-Click Mode.
                                                                                                                                                            • Custom: the default timeout for unschedulable nodes. The value ranges from 0 to 99 in the unit of minutes.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            • If auto scaling of node pools is also required, ensure the scheduled scheduling is less than 15 minutes. If a node added through Autoscaler cannot be scheduled for more than 15 minutes, Autoscaler determines that the scale-out failed and triggers another scale-out. Additionally, if the node cannot be scheduled for more than 20 minutes, the node will be scaled in by Autoscaler.
                                                                                                                                                            • After this function is enabled, nodes will be tainted with node.cloudprovider.kubernetes.io/uninitialized during a node pool creation or update.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Edit key pair
                                                                                                                                                            
+
                                                                                                                                                            Only node pools that use key pairs for login support key pair editing. You can select another key pair.
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            The edited key pair automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                            
 
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            Pre-installation Command
                                                                                                                                                            
+
                                                                                                                                                            Pre-installation Command
                                                                                                                                                            
 
                                                                                                                                                            Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. 
                                                                                                                                                            
+
                                                                                                                                                            Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                            
 
                                                                                                                                                            The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            The modified pre-installation command automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                            
 
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            Post-installation Command
                                                                                                                                                            
+
                                                                                                                                                            Post-installation Command
                                                                                                                                                            
 
                                                                                                                                                            Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. 
                                                                                                                                                            
+
                                                                                                                                                            Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                            
 
                                                                                                                                                            The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            The modified post-installation command automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                            
 
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            Agency
                                                                                                                                                            
+
                                                                                                                                                            An agency is created by the account administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                                                                                            
+
                                                                                                                                                            If no agency is available, click Create Agency on the right to create one.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            After an agency is modified, the modification will only apply to new nodes and not to existing ones, even if they are reset.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            User-defined node name prefix and suffix
                                                                                                                                                            
+
                                                                                                                                                            Custom name prefix and suffix of a node in a node pool. After the configuration, the nodes in the node pool will be named with the configured prefix and suffix. For example, if the prefix is prefix- and the suffix is -suffix, the nodes in the node pool will be named in the format of "prefix-Node pool name with five-digit random characters-suffix".
                                                                                                                                                            
+
                                                                                                                                                            • A prefix and suffix can be customized only when a node pool is created, and they cannot be modified after the node pool is created.
                                                                                                                                                            • A prefix can end with a special character, and a suffix can start with a special character.
                                                                                                                                                            • A node name consists of a maximum of 56 characters in the format of "Prefix-Node pool name with five-digit random characters-Suffix".
                                                                                                                                                            • A node name does not support the combination of a period (.) and special characters (such as .., .-, or -.).
                                                                                                                                                            • This function is available only in clusters of v1.28.1, v1.27.3, v1.25.6, v1.23.11, v1.21.12, or later.
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            After the custom name prefix and suffix are modified, the modification will only apply to new nodes and not to existing ones, even if they are reset.
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
                                                                                                                                                             
 
                                                                                                                                                            
 
                                                                                                                                                            
 
-
                                                                                                                                                          5. After the configuration, click OK.
                                                                                                                                                            After the node pool parameters are updated, go to the Nodes page to check whether the node to which the node pool belongs is updated. You can reset the node to synchronize the configuration updates for the node pool.
                                                                                                                                                            
+
                                                                                                                                                          6. After the configuration, click OK.
                                                                                                                                                            After node pool parameters are modified, you can find the update on the Nodes page. Reset the nodes in the target node pool to synchronize the configuration update.
                                                                                                                                                            
 
                                                                                                                                                            7. 
 
 
diff --git a/docs/cce/umn/cce_10_0654.html b/docs/cce/umn/cce_10_0654.html
index 30605fa3..ada775a8 100644
--- a/docs/cce/umn/cce_10_0654.html
+++ b/docs/cce/umn/cce_10_0654.html
@@ -2,12 +2,12 @@
 
 
                                                                                                                                                            Synchronizing Node Pools
                                                                                                                                                            
 
                                                                                                                                                            After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configurations for these nodes.
                                                                                                                                                            
-
                                                                                                                                                             
                                                                                                                                                            • Do not delete or reset nodes during batch synchronization. Otherwise, the synchronization of node pool configuration may fail.
                                                                                                                                                            • This operation involves resetting nodes. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                                                            • During configuration synchronization for existing nodes, the nodes will be reset, and the system disks and data disks will be cleared. Back up important data before the synchronization.
                                                                                                                                                            • Only some node pool parameters can be synchronized by resetting nodes. The constraints are as follows:
                                                                                                                                                              • The modification of resource tags of a node pool takes effect only on new nodes. To synchronize the modification onto existing nodes, manually reset the existing nodes.
                                                                                                                                                              • Changes to Kubernetes labels/taints in a node pool will be automatically synchronized to existing nodes. You do not need to reset these nodes.
                                                                                                                                                              
+
                                                                                                                                                               
                                                                                                                                                              • Do not delete or reset nodes during batch synchronization. Otherwise, the synchronization of node pool configuration may fail.
                                                                                                                                                              • This operation involves resetting nodes. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                                                              • During configuration synchronization for existing nodes, the nodes will be reset, and the system disks and data disks will be cleared. Back up important data before the synchronization.
                                                                                                                                                              • Only some node pool parameters can be synchronized by resetting nodes. The constraints are as follows:
                                                                                                                                                                • Changes to the container engine, OS, or pre-/post-installation script in a node pool take effect only on new nodes. To synchronize the modification onto existing nodes, manually reset these nodes.
                                                                                                                                                                • Changes to resource tags and Kubernetes labels/taints in a node pool will be automatically synchronized to existing nodes. You do not need to reset these nodes.
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Synchronizing a Single Node
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Nodes tab on the right.
                                                                                                                                                              3. Find upgrade in the Node Pool column of the existing nodes in the node pool.
                                                                                                                                                              4. Click update. In the dialog box that is displayed, confirm whether to reset the node immediately.
                                                                                                                                                              
+
                                                                                                                                                              Synchronizing a Single Node
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Nodes tab.
                                                                                                                                                              3. Find upgrade in the Node Pool column of the existing nodes in the node pool.
                                                                                                                                                              4. Click update. In the dialog box that is displayed, confirm whether to reset the node immediately.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Batch Synchronization
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                              3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                              4. In the Batch synchronization window, configure parameters.
                                                                                                                                                                • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                                                                
+
                                                                                                                                                                Batch Synchronization
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                                4. In the Batch synchronization window, configure parameters.
                                                                                                                                                                  • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                  • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                  • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                  • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                                                                  
 
                                                                                                                                                                5. Click OK.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0655.html b/docs/cce/umn/cce_10_0655.html
index 13b917d5..fa1dbc12 100644
--- a/docs/cce/umn/cce_10_0655.html
+++ b/docs/cce/umn/cce_10_0655.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                              Copying a Node Pool
                                                                                                                                                              
 
                                                                                                                                                              You can copy the configuration of an existing node pool on the CCE console to create new node pools.
                                                                                                                                                              
-
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                              3. Locate the target node pool and choose More > Copy in the Operation column.
                                                                                                                                                              4. In the Copy Resource Pool window, the configurations of the node pool to be copied are displayed. Modify the configurations as needed. For details, see Creating a Node Pool. After confirming the configuration, click Next: Confirm.
                                                                                                                                                              5. On the Confirm page, confirm the node pool configurations and click Submit. Then, a new node pool is created based on the modified configurations.
                                                                                                                                                              
+
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                              3. Choose More > Copy in the Operation column of the target node pool.
                                                                                                                                                              4. In the Copy Resource Pool window, the configurations of the node pool to be copied are displayed. Modify the configurations as needed. For details, see Creating a Node Pool. After confirming the configuration, click Next: Confirm.
                                                                                                                                                              5. On the Confirm page, confirm the node pool configurations and click Submit. Then, a new node pool is created based on the modified configurations.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0657.html b/docs/cce/umn/cce_10_0657.html
index e98917b2..7f3750c0 100644
--- a/docs/cce/umn/cce_10_0657.html
+++ b/docs/cce/umn/cce_10_0657.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                              Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.
                                                                                                                                                              
 
                                                                                                                                                              Precautions
                                                                                                                                                              • Deleting a node pool will delete all nodes in the node pool. Back up data in a timely manner to prevent data loss.
                                                                                                                                                              • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours. If pods in the node pool have a specific node selector and none of the other nodes in the cluster satisfies the node selector, the pods will become unschedulable.
                                                                                                                                                              • When deleting a node pool, the system sets all nodes in the current node pool to the unschedulable state.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Procedure
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                              3. Choose More > Delete in the Operation column of the target node pool.
                                                                                                                                                              4. Read the precautions in the Delete Node Pool dialog box.
                                                                                                                                                              5. In the text box, enter DELETE and click Yes to confirm that you want to continue the deletion.
                                                                                                                                                              
+
                                                                                                                                                              Procedure
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                              3. Choose More > Delete in the Operation column of the target node pool.
                                                                                                                                                              4. Read the precautions in the Delete Node Pool dialog box.
                                                                                                                                                              5. In the text box, enter DELETE and click Yes to confirm that you want to continue the deletion.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0658.html b/docs/cce/umn/cce_10_0658.html
new file mode 100644
index 00000000..101540d5
--- /dev/null
+++ b/docs/cce/umn/cce_10_0658.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                              Scaling a Node Pool
                                                                                                                                                              
+
                                                                                                                                                              You can specify a specification in a node pool for scaling.
                                                                                                                                                              
+
                                                                                                                                                               
                                                                                                                                                              The default node pool does not support scaling. Use Creating a Node to add a node.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                              3. Choose Scaling next to the target node pool.
                                                                                                                                                              4. In the displayed window, configure scaling parameters.
                                                                                                                                                                • Number of Scaling Targets: The number of target nodes cannot exceed the management scale of the current cluster.
                                                                                                                                                                • Node Configuration: Use the selected flavor to add nodes. If the flavor resources are insufficient, the scale-out will fail.
                                                                                                                                                                   
                                                                                                                                                                  • If there are fewer nodes running in the node pool than the desired number of nodes, some nodes will be added. If there are more nodes than the desired number of nodes, some nodes will be deleted.
                                                                                                                                                                  • During scale-in, if there are not enough nodes of the specified flavor to be deleted, nodes of other flavors will be removed.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                              5. Click OK.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Parent topic: Node Pools
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
diff --git a/docs/cce/umn/cce_10_0659.html b/docs/cce/umn/cce_10_0659.html
index 96a3178c..7fc1b10e 100644
--- a/docs/cce/umn/cce_10_0659.html
+++ b/docs/cce/umn/cce_10_0659.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                              Node Fault Detection Policy
                                                                                                                                                              
+
                                                                                                                                                              Configuring Node Fault Detection Policies
                                                                                                                                                              
 
                                                                                                                                                              The node fault detection function depends on the NPD add-on. The add-on instances run on nodes and monitor nodes. This section describes how to enable node fault detection.
                                                                                                                                                              
 
                                                                                                                                                              Prerequisites
                                                                                                                                                              The CCE Node Problem Detector add-on has been installed in the cluster.
                                                                                                                                                              
 
                                                                                                                                                              
@@ -69,7 +69,7 @@
 
                                                                                                                                                              Typical scenario: Disk I/O suspension causes process suspension.
                                                                                                                                                              
 
 
                                                                                                                                                            Warning event
                                                                                                                                                            
-
                                                                                                                                                            Listening object: /dev/kmsg
                                                                                                                                                            
+
                                                                                                                                                            Listening object: /dev/kmsg
                                                                                                                                                            
 
                                                                                                                                                            Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
 
 
                                                                                                                                                            Warning event
                                                                                                                                                            
-
                                                                                                                                                            Listening object: /dev/kmsg
                                                                                                                                                            
+
                                                                                                                                                            Listening object: /dev/kmsg
                                                                                                                                                            
 
                                                                                                                                                            Matching rule: Remounting filesystem read-only
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
 
                                                                                                                                                            • Default threshold: 10 restarts within 10 minutes
                                                                                                                                                              If Kubelet restarts for 10 times within 10 minutes, it indicates that the system restarts frequently and a fault alarm is generated.
                                                                                                                                                              
 
                                                                                                                                                            • Listening object: logs in the /run/log/journal directory
                                                                                                                                                            
+
                                                                                                                                                             NOTE: 
                                                                                                                                                            The Ubuntu and HCE 2.0 OSs do not support the preceding check items due to incompatible log formats.
                                                                                                                                                            
+
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
 
                                                                                                                                                            Frequent restarts of Docker
                                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0660.html b/docs/cce/umn/cce_10_0660.html
index 20c570e0..1386ada2 100644
--- a/docs/cce/umn/cce_10_0660.html
+++ b/docs/cce/umn/cce_10_0660.html
@@ -1,22 +1,22 @@
 
 
 
                                                                                                                                                            Upgrading an OS
                                                                                                                                                            
-
                                                                                                                                                            When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.
                                                                                                                                                            
-
                                                                                                                                                             
                                                                                                                                                            This section describes how to upgrade an OS by resetting the target node. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                            Constraints
                                                                                                                                                            • Nodes running private images cannot be upgraded.
                                                                                                                                                            • Compatibility issues may occur when the node OS of an early version is upgraded. In this case, manually reset the node for the OS upgrade.
                                                                                                                                                            
+
                                                                                                                                                            After CCE releases a new OS image, if existing nodes cannot be automatically upgraded, you can manually upgrade them in batches.
                                                                                                                                                            
+
                                                                                                                                                            Precautions
                                                                                                                                                            • This section describes how to upgrade an OS by resetting the target node. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                                                            • The system disk and data disks of the node will be cleared. Back up important data before resetting the node.
                                                                                                                                                            • Resetting a node will clear your configured Kubernetes labels and taints. As a result, resources (such as local storage and load of specified scheduling nodes) associated with the node may be unavailable. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                            • After the OS is upgraded, the node automatically starts.
                                                                                                                                                            • To ensure node stability, CCE will reserve some CPU and memory resources to run necessary system components.
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Procedure for Default Node Pools
                                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                                            2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                            3. Click Upgrade next to the default node pool.
                                                                                                                                                            4. In the displayed Operating System Upgrade window, configure parameters.
                                                                                                                                                              • Target Operating System: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                              • Upgrade Policy: Node Reset is supported.
                                                                                                                                                              • Max. Nodes for Batch Upgrade: maximum number of nodes that will be unavailable during node upgrade. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                              • View Node: Select the nodes to be upgraded.
                                                                                                                                                              • Login Mode:
                                                                                                                                                                • Key Pair
                                                                                                                                                                  Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                                                  
+
                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                  • Nodes running private images cannot be upgraded.
                                                                                                                                                                  • Compatibility issues may occur when the node OS of an early version is upgraded. In this case, manually reset the node for the OS upgrade.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Procedure for Default Node Pools
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                  3. Click Upgrade next to the default node pool.
                                                                                                                                                                  4. In the displayed Operating System Upgrade window, configure parameters.
                                                                                                                                                                    • Target Operating System: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                    • Upgrade Policy: Node Reset is supported.
                                                                                                                                                                    • Max. Nodes for Batch Upgrade: maximum number of nodes that will be unavailable during node upgrade. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                    • View Node: Select the nodes to be upgraded.
                                                                                                                                                                    • Login Mode:
                                                                                                                                                                      • Key Pair
                                                                                                                                                                        Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                                                        
 
                                                                                                                                                                        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                        
 
                                                                                                                                                                      
-
                                                                                                                                                                    • Pre-installation script:
                                                                                                                                                                      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. 
                                                                                                                                                                      
+
                                                                                                                                                                    • Pre-installation script:
                                                                                                                                                                      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                      
 
                                                                                                                                                                      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                                                      
-
                                                                                                                                                                    • Post-installation script:
                                                                                                                                                                      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. 
                                                                                                                                                                      
-
                                                                                                                                                                      The script will be executed after Kubernetes software is installed and will not affect the installation.
                                                                                                                                                                      
+
                                                                                                                                                                    • Post-installation script:
                                                                                                                                                                      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                      
+
                                                                                                                                                                      The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                  5. Click OK.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Procedure for Non-default Node Pools
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                  3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                                  4. In the Batch synchronization window, configure parameters.
                                                                                                                                                                    • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                    • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                    • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                    • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure for Non-default Node Pools
                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                    3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                                    4. In the Batch synchronization window, configure parameters.
                                                                                                                                                                      • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                      • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                      • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                      • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                                                                      
 
                                                                                                                                                                    5. Click OK.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0675.html b/docs/cce/umn/cce_10_0675.html
index 4ec00479..9ba062f3 100644
--- a/docs/cce/umn/cce_10_0675.html
+++ b/docs/cce/umn/cce_10_0675.html
@@ -1,25 +1,21 @@
 
 
 
-  
                                                                                                                                                                  Container Network Settings
                                                                                                                                                                  
+  
                                                                                                                                                                  Pod Network Settings
                                                                                                                                                                  
 
   
                                                                                                                                                                  
 
                                                                                                                                                                  
 
 
 
diff --git a/docs/cce/umn/cce_10_0677.html b/docs/cce/umn/cce_10_0677.html
index 78f297a1..14506a8a 100644
--- a/docs/cce/umn/cce_10_0677.html
+++ b/docs/cce/umn/cce_10_0677.html
@@ -1,16 +1,18 @@
 
 
-
                                                                                                                                                                  Container Tunnel Network Settings
                                                                                                                                                                  
+
                                                                                                                                                                  Tunnel Network Settings
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
 
diff --git a/docs/cce/umn/cce_10_0678.html b/docs/cce/umn/cce_10_0678.html
index 825e48aa..fb47bcfa 100644
--- a/docs/cce/umn/cce_10_0678.html
+++ b/docs/cce/umn/cce_10_0678.html
@@ -5,18 +5,28 @@
 
                                                                                                                                                            
 
 
diff --git a/docs/cce/umn/cce_10_0679.html b/docs/cce/umn/cce_10_0679.html
deleted file mode 100644
index aee584ec..00000000
--- a/docs/cce/umn/cce_10_0679.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-
-  
                                                                                                                                                            Cluster Network Settings
                                                                                                                                                            
-
-  
                                                                                                                                                            
-
                                                                                                                                                            
-
-
-
diff --git a/docs/cce/umn/cce_10_0680.html b/docs/cce/umn/cce_10_0680.html
index ca39233e..2baa1cd3 100644
--- a/docs/cce/umn/cce_10_0680.html
+++ b/docs/cce/umn/cce_10_0680.html
@@ -1,20 +1,18 @@
 
 
 
                                                                                                                                                            Adding a Container CIDR Block for a Cluster
                                                                                                                                                            
-
                                                                                                                                                            Scenario
                                                                                                                                                            If the container CIDR block (container subnet in a CCE Turbo cluster) set during CCE cluster creation is insufficient, you can add a container CIDR block for the cluster.
                                                                                                                                                            
+
                                                                                                                                                            Scenario
                                                                                                                                                            If the container CIDR block configured during CCE cluster creation cannot meet service expansion requirements, you can add a container CIDR block for the cluster.
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Constraints
                                                                                                                                                            • This function applies to CCE standard clusters and CCE Turbo clusters of v1.19 or later, but not to clusters using container tunnel networking.
                                                                                                                                                            • The container CIDR block or container subnet cannot be deleted after being added. Exercise caution when performing this operation.
                                                                                                                                                            
+
                                                                                                                                                            Notes and Constraints
                                                                                                                                                            • This function is available only for clusters of v1.19 or later using a VPC network.
                                                                                                                                                            • An added container CIDR block cannot be deleted.
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Adding a Container CIDR Block for a CCE Standard Cluster
                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                            2. On the Overview page, locate the Networking Configuration area and click Add Container CIDR Block.
                                                                                                                                                            3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                                                               
                                                                                                                                                              New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                                                              
+
                                                                                                                                                              Adding a Container CIDR Block for a CCE Standard Cluster
                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                              2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                                                              3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                                                                 
                                                                                                                                                                New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                              4. Click OK.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Adding a Container Subnet for a CCE Turbo Cluster
                                                                                                                                                              1. Log in to the CCE console and access the CCE Turbo cluster console.
                                                                                                                                                              2. On the Overview page, locate the Networking Configuration area and click Add Pod Subnet.
                                                                                                                                                              3. Select a container subnet in the same VPC. You can add multiple container subnets at a time. If no other container subnet is available, go to the VPC console to create one.
                                                                                                                                                              4. Click OK.
                                                                                                                                                              
-
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Parent topic: Cluster Network Settings
                                                                                                                                                              
+
                                                                                                                                                              Parent topic: VPC Network Settings
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0681.html b/docs/cce/umn/cce_10_0681.html
index fed3cb1b..3342e388 100644
--- a/docs/cce/umn/cce_10_0681.html
+++ b/docs/cce/umn/cce_10_0681.html
@@ -1,18 +1,18 @@
 
 
 
                                                                                                                                                              Creating a LoadBalancer Service
                                                                                                                                                              
-
                                                                                                                                                              Application Scenarios
                                                                                                                                                              LoadBalancer Services can access workloads from the public network through ELB, which is more reliable than EIP-based access. The LoadBalancer access address is in the format of IP address of public network load balancer:Access port, for example, 10.117.117.117:80.
                                                                                                                                                              
+
                                                                                                                                                              Scenario
                                                                                                                                                              LoadBalancer Services can access workloads from the public network through a load balancer, which is more reliable than EIP-based access. The LoadBalancer access address is in the format of IP address of public network load balancer:Access port, for example, 10.117.117.117:80.
                                                                                                                                                              
 
                                                                                                                                                              In this access mode, requests are transmitted through an ELB load balancer to a node and then forwarded to the destination pod through the Service.
                                                                                                                                                              
-
                                                                                                                                                              Figure 1 LoadBalancer
                                                                                                                                                              
+
                                                                                                                                                              Figure 1 LoadBalancer
                                                                                                                                                              
 
                                                                                                                                                              When CCE Turbo clusters and dedicated load balancers are used, passthrough networking is supported to reduce service latency and ensure zero performance loss.
                                                                                                                                                              
 
                                                                                                                                                              External access requests are directly forwarded from a load balancer to pods. Internal access requests can be forwarded to a pod through a Service.
                                                                                                                                                              
-
                                                                                                                                                              Figure 2 Passthrough networking
                                                                                                                                                              
+
                                                                                                                                                              Figure 2 Passthrough networking
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                
-
                                                                                                                                                              • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. You are advised not to modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                                                                                                              • If the service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                                                                              • In a CCE Turbo cluster that utilizes a Cloud Native 2.0 network model, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                                                                                                                                              • Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                                                                                                                                                              • Dedicated load balancers must be of the network type (TCP/UDP) supporting private networks (with a private IP). If the Service needs to support HTTP, the dedicated load balancers must be of the network (TCP/UDP) or application load balancing (HTTP/HTTPS) type.
                                                                                                                                                              • In a CCE cluster, if the cluster-level affinity is configured for a LoadBalancer Service, requests are distributed to the node ports of each node using SNAT when entering the cluster. The number of node ports cannot exceed the number of available node ports on the node. If the service affinity is at the node level (Local), there is no such constraint. In a CCE Turbo cluster, this constraint applies to shared load balancers, but not dedicated ones. Use dedicated load balancers in CCE Turbo clusters.
                                                                                                                                                              • When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                                                                                                                                                              • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                                                                                                              
+
                                                                                                                                                              Notes and Constraints
                                                                                                                                                              • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                
+
                                                                                                                                                              • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                                                                                                              • If service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                                                                              • In a CCE Turbo cluster that utilizes a Cloud Native 2.0 network model, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                                                                                                                                              • Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                                                                                                                                                              • A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address). If the Service needs to support HTTP, the dedicated load balancers must be of the network (TCP/UDP) or application load balancing (HTTP/HTTPS) type.
                                                                                                                                                              • When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                                                                                                                                                              • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Creating a LoadBalancer Service
                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                              2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                              3. Configure parameters.
                                                                                                                                                                • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                • Service Type: Select LoadBalancer.
                                                                                                                                                                • Namespace: Namespace to which the workload belongs.
                                                                                                                                                                • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                  • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                  • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                  
-
                                                                                                                                                                • Selector: Add a label and click Confirm. A Service selects a pod based on the added label. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address.. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                                                                                                                                                • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                  A load balancer can be dedicated or shared. 
                                                                                                                                                                  
+
                                                                                                                                                                  Creating a LoadBalancer Service
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                  3. Configure parameters.
                                                                                                                                                                    • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                    • Namespace: namespace that the workload belongs to.
                                                                                                                                                                    • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                      • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                      • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                      
+
                                                                                                                                                                    • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                    • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address.  This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                                                                                                                                                    • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                      A load balancer can be dedicated or shared. A dedicated load balancer supports Network (TCP/UD), Application (HTTP/HTTPS), or Network (TCP/UD) & Application (HTTP/HTTPS).
                                                                                                                                                                      
 
                                                                                                                                                                      You can select Use existing or Auto create to obtain a load balancer. For details about the configuration of different creation modes, see Table 1.
 
                                                                                                                                                                      
@@ -27,21 +27,21 @@
 
-
                                                                                                                                                                      Table 1 Load balancer configurations
                                                                                                                                                                      How to Create
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Auto create
                                                                                                                                                                      
 
                                                                                                                                                                      • Instance Name: Enter a load balancer name.
                                                                                                                                                                      • Public Access: If enabled, an EIP with 5 Mbit/s bandwidth will be created.
                                                                                                                                                                      • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                                                                                      • Specifications (available only to dedicated load balancers)
                                                                                                                                                                        • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                                                                                        
-
                                                                                                                                                                      
+
                                                                                                                                                                      • Instance Name: Enter a load balancer name.
                                                                                                                                                                      • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                                                                                      • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                                                                                                      • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                                                                                                      • Network/Application-oriented Specifications (available only to dedicated load balancers)
                                                                                                                                                                        • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                                                                                                        • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                                                                                        
+
                                                                                                                                                                      • EIP: If you select Auto create, you can configure the billing mode and size of the public network bandwidth.
                                                                                                                                                                      • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      You can click  in the Set ELB area and configure load balancer parameters in the Set ELB dialog box.
                                                                                                                                                                      
+
                                                                                                                                                                      You can click  in the Set ELB area and configure load balancer parameters in the Set ELB dialog box.
                                                                                                                                                                      
 
                                                                                                                                                                      • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                                                                         
                                                                                                                                                                        • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                                                                        • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                                                                        • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                      • Type: This function is disabled by default. You can select Source IP address. Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                         
                                                                                                                                                                        When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                      
-
                                                                                                                                                                    • Health Check: Configure health check for the load balancer.
                                                                                                                                                                      • Global health check: applies only to ports using the same protocol. You are advised to select Custom health check.
                                                                                                                                                                      • Custom health check: applies to ports using different protocols. For details about the YAML definition for custom health check, see Configuring Health Check on Multiple Service Ports.
                                                                                                                                                                      
+
                                                                                                                                                                    • Health Check: Configure health check for the load balancer.
 
 
                                                                                                                                                                      
@@ -51,7 +51,7 @@
 
-
@@ -79,14 +79,59 @@
 
                                                                                                                                                                      Table 2 Health check parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Protocol
                                                                                                                                                                      
 
                                                                                                                                                                      When the protocol of Port is set to TCP, the TCP and HTTP are supported. When the protocol of Port is set to UDP, the UDP is supported.
                                                                                                                                                                      
+
                                                                                                                                                                      When the protocol of Port is set to TCP, the TCP and HTTP protocols are supported. When the protocol of Port is set to UDP, the UDP protocol is supported.
                                                                                                                                                                      
 
                                                                                                                                                                      • Check Path (supported only by HTTP for health check): specifies the health check URL. The check path must start with a slash (/) and contain 1 to 80 characters.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                    • Ports
                                                                                                                                                                      • Protocol: protocol used by the Service. 
                                                                                                                                                                      • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                      • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                                                                                                                                                                      • Health Check: If Health Check is set to Custom health check, you can configure health check for ports using different protocols. For details, see Table 2.
                                                                                                                                                                      
+
                                                                                                                                                                    • Ports
                                                                                                                                                                      • Protocol: protocol used by the Service. 
                                                                                                                                                                      • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                      • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                      • Frontend Protocol: the frontend protocol of the load balancer listener for establishing a traffic distribution connection with the client. When a dedicated load balancer is selected, HTTP/HTTPS can be configured only when Application (HTTP/HTTPS) is selected.
                                                                                                                                                                      • Health Check: If Health Check is set to Custom health check, you can configure health check for ports using different protocols. For details, see Table 2.
                                                                                                                                                                      
 
                                                                                                                                                                       
                                                                                                                                                                      When a LoadBalancer Service is created, a random node port number (NodePort) is automatically generated.
                                                                                                                                                                      
 
                                                                                                                                                                      
+
                                                                                                                                                                    • Listener
                                                                                                                                                                      • SSL Authentication: Select this option if HTTPS/TLS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                        • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                        • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                      • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                      • Server Certificate: If HTTPS/TLS is enabled on the listener port, you must select a server certificate. 
                                                                                                                                                                      • SNI: If HTTPS/TLS is enabled on the listener port, you must determine whether to add an SNI certificate. Before adding an SNI certificate, ensure the certificate contains a domain name. 
                                                                                                                                                                        If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                        
+
                                                                                                                                                                      • Security Policy: If HTTPS/TLS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                      • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. If TLS is enabled on the listener port, TCP or TLS can be used to access the backend server. The default value is TCP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                      • Access Control
                                                                                                                                                                        • Allow all IP addresses: No access control is configured.
                                                                                                                                                                        • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                        • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                      • Advanced Options
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Configuration
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Restrictions
                                                                                                                                                                        
+
                                                                                                                                                                        Idle Timeout (s)
                                                                                                                                                                        
+
                                                                                                                                                                        Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                        
+
                                                                                                                                                                        This configuration is not supported if the port of a shared load balancer uses UDP.
                                                                                                                                                                        
+
                                                                                                                                                                        Request Timeout (s)
                                                                                                                                                                        
+
                                                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                        
+
                                                                                                                                                                        • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                        • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                        
+
                                                                                                                                                                        Response Timeout (s)
                                                                                                                                                                        
+
                                                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                        
+
                                                                                                                                                                        HTTP2
                                                                                                                                                                        
+
                                                                                                                                                                        Whether to use HTTP/2 for a client to communicate with a load balancer. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is available only after HTTPS is enabled on ports.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
 
                                                                                                                                                                    • Annotation: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see Using Annotations to Balance Load.
                                                                                                                                                                    
 
                                                                                                                                                                  4. Click OK.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Using kubectl to Create a Service (Using an Existing Load Balancer)
                                                                                                                                                                  You can set the Service when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Create the files named nginx-deployment.yaml and nginx-elb-svc.yaml and edit them.
                                                                                                                                                                    The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                                    
+
                                                                                                                                                                    Using kubectl to Create a Service (Using an Existing Load Balancer)
                                                                                                                                                                    You can configure Service access using kubectl when creating a workload. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                                                                                                                                                                      The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                                      
 
                                                                                                                                                                      vi nginx-deployment.yaml
                                                                                                                                                                      
 
                                                                                                                                                                      apiVersion: apps/v1
 kind: Deployment
@@ -109,20 +154,19 @@ spec:
       - name: default-secret
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      vi nginx-elb-svc.yaml
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      Before enabling sticky session, ensure that the following conditions are met:
                                                                                                                                                                      
-
                                                                                                                                                                      • The workload protocol is TCP.
                                                                                                                                                                      • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      apiVersion: v1 
 kind: Service 
 metadata: 
   name: nginx
   annotations:
-    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>                         # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.class: union                   # Load balancer type
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
     kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
-    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
       "delay":"5",
@@ -159,7 +203,7 @@ spec:
 
                                                                                                                                                            		
 
                                                                                                                                                            String
                                                                                                                                                            
 
                                                                                                                                                            ID of an enhanced load balancer.
                                                                                                                                                            
+
                                                                                                                                                            ID of a load balancer.
                                                                                                                                                            
 
                                                                                                                                                            Mandatory when an existing load balancer is to be associated.
                                                                                                                                                            
 
                                                                                                                                                            How to obtain:
                                                                                                                                                            
 
                                                                                                                                                            On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                                            
@@ -200,7 +244,7 @@ spec:
                                                                                                                                                             		
 
                                                                                                                                                            String
                                                                                                                                                            
 
                                                                                                                                                            Source IP address-based sticky session is supported. That is, access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                            
+
                                                                                                                                                            Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                            
 
                                                                                                                                                            • Disabling sticky session: Do not configure this parameter.
                                                                                                                                                            • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP hash), sticky session cannot be enabled.
                                                                                                                                                            
 
                                                                                                                                                            
@@ -343,11 +387,11 @@ spec:
 kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
 nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
 
                                                                                                                                                          7. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                                            The Nginx is accessible.
                                                                                                                                                            
-
                                                                                                                                                            Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                            
+
                                                                                                                                                            Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                            
 
                                                                                                                                                            8. 
 
-
                                                                                                                                                            Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                                                                                                                                                            You can set the Service when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                            
-
                                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                            2. Create the files named nginx-deployment.yaml and nginx-elb-svc.yaml and edit them.
                                                                                                                                                              The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                              
+
                                                                                                                                                              Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                                                                                                                                                              You can configure Service access using kubectl when creating a workload. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                              
+
                                                                                                                                                              1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                              2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                                                                                                                                                                The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                                
 
                                                                                                                                                                vi nginx-deployment.yaml
                                                                                                                                                                apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -370,8 +414,7 @@ spec:
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                vi nginx-elb-svc.yaml
                                                                                                                                                                
-
                                                                                                                                                                 
                                                                                                                                                                Before enabling sticky session, ensure that the following conditions are met:
                                                                                                                                                                
-
                                                                                                                                                                • The workload protocol is TCP.
                                                                                                                                                                • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                                                
+
                                                                                                                                                                 
                                                                                                                                                                To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Example of a Service using a public network shared load balancer:
                                                                                                                                                                apiVersion: v1 
 kind: Service 
@@ -392,13 +435,14 @@ metadata:
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
     kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
-    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
       "delay":"5",
       "timeout":"10",
       "max_retries":"3"
     }'
+    kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
   labels: 
     app: nginx 
   name: nginx 
@@ -441,13 +485,14 @@ metadata:
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
     kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
     kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
-    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable ELB health check.
     kubernetes.io/elb.health-check-option: '{
       "protocol":"TCP",
       "delay":"5",
       "timeout":"10",
       "max_retries":"3"
     }'
+    kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
 spec:
   selector:
     app: nginx
@@ -515,7 +560,7 @@ spec:
 
                                                                                                                                                            		
 
                                                                                                                                                            Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                                            
 
                                                                                                                                                            Options:
                                                                                                                                                            
-
                                                                                                                                                            • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                            • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                            • SOURCE_IP: source IP hash algorithm
                                                                                                                                                            
+
                                                                                                                                                            • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                            • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                            • SOURCE_IP: source IP hash algorithm
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                                                            
 
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            String
                                                                                                                                                            
 
                                                                                                                                                            Source IP address-based sticky session is supported. That is, access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                            
+
                                                                                                                                                            Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                            
 
                                                                                                                                                            • Disabling sticky session: Do not configure this parameter.
                                                                                                                                                            • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                                            
 
                                                                                                                                                             NOTE: 
                                                                                                                                                            When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP hash), sticky session cannot be enabled.
                                                                                                                                                            
 
                                                                                                                                                            
@@ -615,7 +660,7 @@ spec:
                                                                                                                                                             		
 
                                                                                                                                                            Bandwidth mode.
                                                                                                                                                            
 
                                                                                                                                                            • traffic: billed by traffic
                                                                                                                                                            
-
                                                                                                                                                            Default: traffic
                                                                                                                                                            
+
                                                                                                                                                            Default: traffic
                                                                                                                                                            
                                                                                                                                                             		
 
                                                                                                                                                            
 
                                                                                                                                                            bandwidth_size
                                                                                                                                                            
@@ -624,7 +669,7 @@ spec:
                                                                                                                                                             		
 
                                                                                                                                                            Integer
                                                                                                                                                            
 
                                                                                                                                                            Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                            
+
                                                                                                                                                            Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                            
 
                                                                                                                                                            The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                                            • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                                            • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                                            • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                                            
 
                                                                                                                                                            
                                                                                                                                                             		
 
 
 
                                                                                                                                                            Table 1 Scenarios where a load balancer supports HTTP or HTTPS
                                                                                                                                                            ELB Type
                                                                                                                                                            
+
                                                                                                                                                            Configuring HTTP/HTTPS for a LoadBalancer Service
                                                                                                                                                            
+
                                                                                                                                                            Notes and Constraints
                                                                                                                                                            • Only clusters of v1.19.16 or later support HTTP or HTTPS.
+
                                                                                                                                                              
-
@@ -12,9 +12,9 @@
 
-
-
@@ -28,9 +28,9 @@
 
-
-
@@ -49,6 +49,15 @@
 
                                                                                                                                                            • Do not connect an ingress and a Service that uses HTTP or HTTPS to the same listener of the same load balancer. Otherwise, a port conflict occurs.
                                                                                                                                                              • 
+
                                                                                                                                                              Using the CCE Console
                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                              2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                              3. Configure Service parameters. In this example, only mandatory parameters required for using HTTP/HTTPS are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                • Service Type: Select LoadBalancer.
                                                                                                                                                                • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                  • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                  • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                  
+
                                                                                                                                                                • Ports
                                                                                                                                                                  • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                  • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                  • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                  • Frontend Protocol: specifies whether to enable HTTP/HTTPS on the listener port. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                  
+
                                                                                                                                                                • Listener
                                                                                                                                                                  • SSL Authentication: Select this option if HTTPS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                    • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                    • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                    
+
                                                                                                                                                                  • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                  • Server Certificate: If HTTPS is enabled on the listener port, you must select a server certificate. 
                                                                                                                                                                  • SNI: If HTTPS is enabled on the listener port, you must determine whether to add an SNI certificate. Before adding an SNI certificate, ensure the certificate contains a domain name. 
                                                                                                                                                                  • Security Policy: If HTTPS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  If multiple HTTPS Services are released, all listeners will use the same certificate configuration.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                              4. Click OK.
                                                                                                                                                              
+
                                                                                                                                                              Using kubectl
                                                                                                                                                              If a Service is HTTP/HTTPS-compliant, add the following annotations:
                                                                                                                                                              
 
                                                                                                                                                              • kubernetes.io/elb.protocol-port: "https:443,http:80"
                                                                                                                                                                The value of protocol-port must be the same as the port in the spec.ports field of the Service. The format is Protocol:Port. The port matches the one in the service.spec.ports field and is released as the corresponding protocol.
                                                                                                                                                                
 
                                                                                                                                                              • kubernetes.io/elb.cert-id: "17e3b4f4bc40471c86741dc3aa211379"
                                                                                                                                                                cert-id indicates the certificate ID in ELB certificate management. When https is configured for protocol-port, the certificate of the ELB listener will be set to the server certificate. When multiple HTTPS Services are released, they will use the same certificate.
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0684.html b/docs/cce/umn/cce_10_0684.html
index b2912b01..44c2f314 100644
--- a/docs/cce/umn/cce_10_0684.html
+++ b/docs/cce/umn/cce_10_0684.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                                Configuring Health Check on Multiple Service Ports
                                                                                                                                                                
+
                                                                                                                                                                Configuring Health Check on Multiple Ports of a LoadBalancer Service
                                                                                                                                                                
 
                                                                                                                                                                The annotation field related to the health check of the LoadBalancer Service is upgraded from Kubernetes.io/elb.health-check-option to Kubernetes.io/elb.health-check-options. Each Service port can be configured separately, and you can configure only some ports. If the port protocol does not need to be configured separately, the original annotation field is still available and does not need to be modified.
                                                                                                                                                                
-
                                                                                                                                                                Constraints
                                                                                                                                                                • This feature is available in the following versions:
                                                                                                                                                                  • v1.19: v1.19.16-r5 or later
                                                                                                                                                                  • v1.21: v1.21.8-r0 or later
                                                                                                                                                                  • v1.23: v1.23.6-r0 or later
                                                                                                                                                                  • v1.25: v1.25.2-r0 or later
                                                                                                                                                                  • Versions later than v1.25
                                                                                                                                                                  
-
                                                                                                                                                                • kubernetes.io/elb.health-check-option and kubernetes.io/elb.health-check-options cannot be configured at the same time.
                                                                                                                                                                • The target_service_port field is mandatory and must be unique.
                                                                                                                                                                • For a TCP port, the health check protocol can only be TCP or HTTP. For a UDP port, the health check protocol must be UDP.
                                                                                                                                                                
+
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • This feature is available in the following versions:
                                                                                                                                                                  • v1.19: v1.19.16-r5 or later
                                                                                                                                                                  • v1.21: v1.21.8-r0 or later
                                                                                                                                                                  • v1.23: v1.23.6-r0 or later
                                                                                                                                                                  • v1.25: v1.25.2-r0 or later
                                                                                                                                                                  • Versions later than v1.25
                                                                                                                                                                  
+
                                                                                                                                                                • Either kubernetes.io/elb.health-check-option or kubernetes.io/elb.health-check-options can be configured.
                                                                                                                                                                • The target_service_port field is mandatory and must be unique.
                                                                                                                                                                • For a TCP port, the health check protocol can only be TCP or HTTP. For a UDP port, the health check protocol must be UDP.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Procedure
                                                                                                                                                                The following is an example of using the kubernetes.io/elb.health-check-options annotation:
                                                                                                                                                                apiVersion: v1
 kind: Service
@@ -15,7 +15,7 @@ metadata:
     version: v1
   annotations:
     kubernetes.io/elb.class: union         # Load balancer type
-    kubernetes.io/elb.id: <your_elb_id>    # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.id: <your_elb_id>    # Load balancer ID. Replace it with the actual value.
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN  # Load balancer algorithm
     kubernetes.io/elb.health-check-flag: 'on'    # Enable ELB health check.
     kubernetes.io/elb.health-check-options: '[
diff --git a/docs/cce/umn/cce_10_0685.html b/docs/cce/umn/cce_10_0685.html
index d68c3f8a..3e583f04 100644
--- a/docs/cce/umn/cce_10_0685.html
+++ b/docs/cce/umn/cce_10_0685.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                Setting the Pod Ready Status Through the ELB Health Check
                                                                                                                                                                
 
                                                                                                                                                                The ready status of the pod is associated with the ELB health check. After the health check is successful, the pod is ready. This association works with the strategy.rollingUpdate.maxSurge and strategy.rollingUpdate.maxUnavailable parameters of the pod to implement graceful rolling upgrade.
                                                                                                                                                                
-
                                                                                                                                                                Constraints
                                                                                                                                                                
 
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0687.html b/docs/cce/umn/cce_10_0687.html
index 6f511e99..d55ac6ed 100644
--- a/docs/cce/umn/cce_10_0687.html
+++ b/docs/cce/umn/cce_10_0687.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                You can use a TLS secret certificate configured in the cluster and the ELB certificate.
                                                                                                                                                                
 
                                                                                                                                                                 
                                                                                                                                                                If HTTPS is enabled for the same port of the same load balancer of multiple ingresses, you must select the same certificate.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Using a TLS Secret Certificate
                                                                                                                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                                                  Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                                                  
+
                                                                                                                                                                  Using a TLS Secret Certificate
                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                                                    Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                                                    
 
                                                                                                                                                                    vi ingress-test-secret.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    The YAML file is configured as follows:
                                                                                                                                                                    apiVersion: v1
 data:
@@ -81,7 +81,7 @@ metadata:
       '{
           "type": "public",
           "bandwidth_name": "cce-bandwidth-******",
-          "bandwidth_chargemode": "traffic",
+          "bandwidth_chargemode": "traffic",
           "bandwidth_size": 5,
           "bandwidth_sharetype": "PER",
           "eip_type": "5_bgp",
diff --git a/docs/cce/umn/cce_10_0688.html b/docs/cce/umn/cce_10_0688.html
index 65aaeb82..3175d489 100644
--- a/docs/cce/umn/cce_10_0688.html
+++ b/docs/cce/umn/cce_10_0688.html
@@ -61,7 +61,7 @@ metadata:
       '{
           "type": "public",
           "bandwidth_name": "cce-bandwidth-******",
-          "bandwidth_chargemode": "traffic",
+          "bandwidth_chargemode": "traffic",
           "bandwidth_size": 5,
           "bandwidth_sharetype": "PER",
           "eip_type": "5_bgp",
diff --git a/docs/cce/umn/cce_10_0689.html b/docs/cce/umn/cce_10_0689.html
index 72dd75eb..2069789a 100644
--- a/docs/cce/umn/cce_10_0689.html
+++ b/docs/cce/umn/cce_10_0689.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                    LoadBalancer Ingresses to Multiple Services
                                                                                                                                                                    
+
                                                                                                                                                                    Routing a LoadBalancer Ingress to Multiple Services
                                                                                                                                                                    
 
                                                                                                                                                                    Ingresses can route to multiple backend Services based on different matching policies. The spec field in the YAML file is set as below. You can access www.example.com/foo, www.example.com/bar, and foo.example.com/ to route to three different backend Services.
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                                                                                                                    
 
                                                                                                                                                                    For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                                                                    
@@ -19,7 +19,7 @@ spec:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
       - path: '/bar'
         backend:
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
           servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
@@ -28,7 +28,7 @@ spec:
       paths:
       - path: '/'
         backend:
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
           servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0691.html b/docs/cce/umn/cce_10_0691.html
index 924967b1..4f3203ea 100644
--- a/docs/cce/umn/cce_10_0691.html
+++ b/docs/cce/umn/cce_10_0691.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                                    Interconnecting LoadBalancer Ingresses with HTTPS Backend Services
                                                                                                                                                                    
+
                                                                                                                                                                    Configuring HTTPS Backend Services for a LoadBalancer Ingress
                                                                                                                                                                    
 
                                                                                                                                                                    Ingresses can interconnect with backend services of different protocols. By default, the backend proxy channel of an ingress is HTTP-compliant. To create an HTTPS channel, add the following configuration to the annotations field:
                                                                                                                                                                    
 
                                                                                                                                                                    kubernetes.io/elb.pool-protocol: https
                                                                                                                                                                    
-
                                                                                                                                                                    Constraints
                                                                                                                                                                    • This function is available only in clusters of v1.23.8, v1.25.3, or later.
                                                                                                                                                                    • Ingresses can interconnect with HTTPS backend services only when dedicated load balancers are used.
                                                                                                                                                                    • When an ingress interconnects with an HTTPS backend service, the ingress protocol must be HTTPS.
                                                                                                                                                                    
+
                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                    • This function is available only in clusters of v1.23.8, v1.25.3, or later.
                                                                                                                                                                    • Ingresses can interconnect with HTTPS backend services only when dedicated load balancers are used.
                                                                                                                                                                    • When an ingress interconnects with an HTTPS backend service, the ingress protocol must be HTTPS.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Configuration Example
                                                                                                                                                                    An ingress configuration example is as follows:
                                                                                                                                                                    
 
                                                                                                                                                                    apiVersion: networking.k8s.io/v1
diff --git a/docs/cce/umn/cce_10_0694.html b/docs/cce/umn/cce_10_0694.html
index f85b6c53..29bd566c 100644
--- a/docs/cce/umn/cce_10_0694.html
+++ b/docs/cce/umn/cce_10_0694.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                                    Configuring HTTP/2 for a LoadBalancer Ingress
                                                                                                                                                                    
-
                                                                                                                                                                    Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.X by default. If your application is capable of receiving HTTP2 requests, you can add the following field to the ingress annotation to enable the use of HTTP/2:
                                                                                                                                                                    
+
                                                                                                                                                                    Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.x by default. If your application is capable of receiving HTTP/2 requests, you can add the following field to the ingress annotation to enable the use of HTTP/2:
                                                                                                                                                                    
 
                                                                                                                                                                    kubernetes.io/elb.http2-enable: 'true'
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    • An HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                                                    • This function is available in clusters of version v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, or v1.28.3-r0.
                                                                                                                                                                    • If the advanced configuration for enabling HTTP/2 or the target annotation is deleted, the ELB configuration will not be modified.
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    • An HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                                                    • This function is available in clusters of version v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, or v1.28.3-r0.
                                                                                                                                                                    • After HTTP/2 is configured, if you delete the advanced configuration for enabling HTTP/2 on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    The following shows an example YAML file where an existing load balancer is associated:
                                                                                                                                                                    apiVersion: networking.k8s.io/v1
 kind: Ingress 
@@ -52,7 +52,7 @@ spec:
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0695.html b/docs/cce/umn/cce_10_0695.html
index c0569c6b..a2774334 100644
--- a/docs/cce/umn/cce_10_0695.html
+++ b/docs/cce/umn/cce_10_0695.html
@@ -1,8 +1,8 @@
 
                                                                                                                                                              Configuring a LoadBalancer Ingress Using Annotations
                                                                                                                                                              
-
                                                                                                                                                              By adding annotations to a YAML file, you can implement more advanced ingress functions. This section describes the annotations that can be used when you create a LoadBalancer ingress.
                                                                                                                                                              
-
+
                                                                                                                                                              You can add annotations to a YAML file for more advanced ingress functions. This section describes the annotations that can be used when you create a LoadBalancer ingress.
                                                                                                                                                              
+
 
                                                                                                                                                              Interconnection with ELB
                                                                                                                                                              
 
                                                                                                                                                              Table 1 Scenarios where a load balancer supports HTTP or HTTPS
                                                                                                                                                              ELB Type
                                                                                                                                                              
 
                                                                                                                                                              Application scenario
                                                                                                                                                              
+
                                                                                                                                                              Application scenario
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Whether to Support HTTP or HTTPS
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Shared load balancer
                                                                                                                                                              
+
                                                                                                                                                              Shared load balancer
                                                                                                                                                              
 
                                                                                                                                                              Interconnecting with an existing load balancer
                                                                                                                                                              
+
                                                                                                                                                              Interconnecting with an existing load balancer
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Yes
                                                                                                                                                              
 
                                                                                                                                                              None
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Dedicated load balancer
                                                                                                                                                              
+
                                                                                                                                                              Dedicated load balancer
                                                                                                                                                              
 
                                                                                                                                                              Interconnecting with an existing load balancer
                                                                                                                                                              
+
                                                                                                                                                              Interconnecting with an existing load balancer
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Yes (A YAML file is required.)
                                                                                                                                                              
                                                                                                                                                               		
 
 
 
                                                                                                                                                              Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                              
 
                                                                                                                                                              Options:
                                                                                                                                                              
 
                                                                                                                                                              • true: enabled
                                                                                                                                                              • false: disabled (default value)
                                                                                                                                                              
-
                                                                                                                                                              Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid when the listener protocol is HTTP, and defaults to false.
                                                                                                                                                              
+
                                                                                                                                                              Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
 
                                                                                                                                                              
@@ -71,7 +71,7 @@
 
-
                                                                                                                                                              Table 1 Annotations for interconnecting with ELB
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.autocreate
                                                                                                                                                              
 
                                                                                                                                                              Table 7 Object
                                                                                                                                                              
+
                                                                                                                                                              Table 10 Object
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Mandatory when load balancers are automatically created.
                                                                                                                                                              
 
                                                                                                                                                              Example
                                                                                                                                                              
@@ -101,21 +101,21 @@
 
 
 
                                                                                                                                                              Using HTTP/2
                                                                                                                                                              
-
                                                                                                                                                              Table 2 Annotations of using HTTP/2
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
                                                                                                                                                              Table 2 Annotations of using HTTP/2
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.http2-enable
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.http2-enable
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                              
+
                                                                                                                                                              Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                              
 
                                                                                                                                                              Options:
                                                                                                                                                              
 
                                                                                                                                                              • true: enabled
                                                                                                                                                              • false: disabled (default value)
                                                                                                                                                              
 
                                                                                                                                                              Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                                              
@@ -129,21 +129,21 @@
 
                                                                                                                                                              For details, see Configuring HTTP/2 for a LoadBalancer Ingress.
                                                                                                                                                              
 
 
                                                                                                                                                              Configuring ELB Certificates
                                                                                                                                                              
-
                                                                                                                                                              Table 3 ELB certificate annotations
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
                                                                                                                                                              Table 3 ELB certificate annotations
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                              
+
                                                                                                                                                              ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                              
 
                                                                                                                                                              To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later
                                                                                                                                                              
@@ -155,21 +155,21 @@
 
                                                                                                                                                              For details, see Using the ELB Certificate.
                                                                                                                                                              
 
 
                                                                                                                                                              Interconnecting with HTTPS Backend Services
                                                                                                                                                              
-
                                                                                                                                                              Table 4 Annotations for interconnecting with HTTPS backend services
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
@@ -177,37 +177,37 @@
 
                                                                                                                                                              Table 4 Annotations for interconnecting with HTTPS backend services
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.pool-protocol
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.pool-protocol
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                                              
+
                                                                                                                                                              To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              v1.23.8, v1.25.3, or later
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              For details, see Interconnecting LoadBalancer Ingresses with HTTPS Backend Services.
                                                                                                                                                              
+
                                                                                                                                                              For details, see Configuring HTTPS Backend Services for a LoadBalancer Ingress.
                                                                                                                                                              
 
 
                                                                                                                                                              Configuring Timeout for an Ingress
                                                                                                                                                              
-
                                                                                                                                                              Table 5 Annotations of configuring ingress redirection rules
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -239,28 +239,101 @@
 
                                                                                                                                                              For details, see Configuring Timeout for a LoadBalancer Ingress.
                                                                                                                                                              
-
                                                                                                                                                              Configuring a Custom Listening Port
                                                                                                                                                              A custom listening port can be configured for an ingress. In this way, both ports 80 and 443 can be exposed.
                                                                                                                                                              
-
-
                                                                                                                                                              Table 5 Annotations of configuring ingress redirection rules
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
 
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
+
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.keepalive_timeout
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.keepalive_timeout
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                              
+
                                                                                                                                                              Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                              
 
                                                                                                                                                              Value:
                                                                                                                                                              
 
                                                                                                                                                              • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                              • For HTTP or HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                                              
 
                                                                                                                                                              For UDP listeners, this parameter does not take effect.
                                                                                                                                                              
 
                                                                                                                                                              Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                              
+
                                                                                                                                                              Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                              
 
                                                                                                                                                              Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              kubernetes.io/elb.client_timeout
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.client_timeout
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                              
+
                                                                                                                                                              Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                              
 
                                                                                                                                                              • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                              • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                              
 
                                                                                                                                                              The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for HTTP and HTTPS listeners.
                                                                                                                                                              
@@ -215,22 +215,22 @@
 
                                                                                                                                                              Maximum value: 300
                                                                                                                                                              
 
                                                                                                                                                              Default value: 60
                                                                                                                                                              
 
                                                                                                                                                              Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                              
+
                                                                                                                                                              Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                              
 
                                                                                                                                                              Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              kubernetes.io/elb.member_timeout
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.member_timeout
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                              
+
                                                                                                                                                              Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                              
 
                                                                                                                                                              The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for HTTP and HTTPS listeners.
                                                                                                                                                              
 
                                                                                                                                                              Minimum value: 1
                                                                                                                                                              
 
                                                                                                                                                              Maximum value: 300
                                                                                                                                                              
 
                                                                                                                                                              Default value: 60
                                                                                                                                                              
 
                                                                                                                                                              Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                              
+
                                                                                                                                                              Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                              
 
                                                                                                                                                              Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
 
                                                                                                                                                              Table 6 Annotations for a custom listening port
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              Adding Resource Tags
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
-
+
+
+
+
                                                                                                                                                              Table 6 Annotations
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
 
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
+
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.listen-ports
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.tags
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Create multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                              
+
                                                                                                                                                              Add resource tags to a load balancer. This parameter can be configured only when a load balancer is automatically created.
                                                                                                                                                              
+
                                                                                                                                                              A tag is in the format of "key=value". Use commas (,) to separate multiple tags.
                                                                                                                                                              
+
                                                                                                                                                              v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              For details, see Creating an Ingress - Automatically Creating a Load Balancer.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Blocklist/Trustlist
                                                                                                                                                              
+
                                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                              Table 7 Annotations for ELB access control
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.acl-id
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                              • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                              • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                How to obtain:
                                                                                                                                                                
+
                                                                                                                                                                Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                                
+
                                                                                                                                                              
+
                                                                                                                                                              v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.acl-status
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              Access control status. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                              
+
                                                                                                                                                              • on: Access control is enabled.
                                                                                                                                                              • off: Access control is disabled.
                                                                                                                                                              
+
                                                                                                                                                              v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.acl-type
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              IP address list type. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                              
+
                                                                                                                                                              • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                                              • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                                              
+
                                                                                                                                                              v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              For details, see Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Configuring a Custom Listening Port
                                                                                                                                                              A custom listening port can be configured for an ingress. In this way, both ports 80 and 443 can be exposed.
                                                                                                                                                              
+
+
                                                                                                                                                              
+
+
+
+
+
+
+
+
-
@@ -280,7 +353,7 @@ metadata:
 spec:
   ingressClassName: cce
   rules:
-  - host: xxx.com
+  - host: example.com
     http:
       paths:
       - backend:
@@ -293,154 +366,183 @@ spec:
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-
                                                                                                                                                              Parameters for Automatically Creating a Load Balancer
                                                                                                                                                              
-
                                                                                                                                                              Table 8 Annotations for a custom listening port
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.listen-ports
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              Create multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                              
 
                                                                                                                                                              The following is an example for JSON characters:
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
                                                                                                                                                              
 
                                                                                                                                                              • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                                              • Only newly created ingresses are allowed. Additionally, after multiple listening ports are configured, annotations cannot be modified or deleted.
                                                                                                                                                              • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                                              • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports.
                                                                                                                                                              • Advanced forwarding policies are not supported.
                                                                                                                                                              
 
                                                                                                                                                              v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later
                                                                                                                                                              
+
                                                                                                                                                              v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              
-
-
-
@@ -90,7 +90,7 @@
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Parent topic: Configuring a Container
                                                                                                                                                              
+
                                                                                                                                                              Parent topic: Configuring a Workload
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0729.html b/docs/cce/umn/cce_10_0729.html
index b7162ede..a92bf957 100644
--- a/docs/cce/umn/cce_10_0729.html
+++ b/docs/cce/umn/cce_10_0729.html
@@ -1,15 +1,15 @@
 
 
-
                                                                                                                                                              Configuring Timeout for a Service
                                                                                                                                                              
+
                                                                                                                                                              Configuring Timeout for a LoadBalancer Service
                                                                                                                                                              LoadBalancer Services allow you to configure timeout, which is the maximum duration for keeping a connection if no request is received from the client. If no request is received during this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              • The following table lists the scenarios where timeout can be configured for a Service.
+
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • The following table lists the scenarios where timeout can be configured for a Service.
 
                                                                                                                                                              Table 7 elb.autocreate data structure
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              Configuring a Custom Header Forwarding Policy
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
-
-
+
+
+
                                                                                                                                                              Table 9 Annotations for configuring a custom header forwarding policy
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Mandatory
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              name
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                              
+
                                                                                                                                                              Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
                                                                                                                                                              
+
                                                                                                                                                              • key/value indicates the key-value pair of the custom header. A maximum of eight values can be configured.
                                                                                                                                                                Enter 1 to 40 characters for a key. Only letters, digits, hyphens (-), and underscores (_) are allowed.
                                                                                                                                                                
+
                                                                                                                                                                Enter 1 to 128 characters for a value. Asterisks (*) and question marks (?) are allowed, but spaces and double quotation marks are not allowed. An asterisk can match zero or more characters, and a question mark can match one character.
                                                                                                                                                                
+
                                                                                                                                                              • Either a custom header or grayscale release can be configured.
                                                                                                                                                              • Enter 1 to 51 characters for ${svc_name}.
                                                                                                                                                              
 
                                                                                                                                                              Name of the automatically created load balancer.
                                                                                                                                                              
+
                                                                                                                                                              v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              For details, see Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Parameters for Automatically Creating a Load Balancer
                                                                                                                                                              
+
                                                                                                                                                              
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0702.html b/docs/cce/umn/cce_10_0702.html
index 98817d9d..97480936 100644
--- a/docs/cce/umn/cce_10_0702.html
+++ b/docs/cce/umn/cce_10_0702.html
@@ -1,7 +1,7 @@
 
                                                                                                                                                              Overview
                                                                                                                                                              
-
                                                                                                                                                              CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describes the main functions of CPU resource scheduling, GPU/NPU heterogeneous resource scheduling, and Volcano scheduling.
                                                                                                                                                              
+
                                                                                                                                                              CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describes the main functions of CPU resource scheduling, GPU heterogeneous resource scheduling, and Volcano scheduling.
                                                                                                                                                              
 
                                                                                                                                                              CPU Scheduling
                                                                                                                                                              CCE provides CPU policies to allocate complete physical CPU cores to applications, improving application performance and reducing application scheduling latency.
                                                                                                                                                              
 
 
                                                                                                                                                              Table 10 elb.autocreate data structure
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              Mandatory
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              name
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              Name of the automatically created load balancer.
                                                                                                                                                              
 
                                                                                                                                                              The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                              
 
                                                                                                                                                              Default: cce-lb+service.UID
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              type
                                                                                                                                                              
+
                                                                                                                                                              type
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Network type of the load balancer.
                                                                                                                                                              
+
                                                                                                                                                              Network type of the load balancer.
                                                                                                                                                              
 
                                                                                                                                                              • public: public network load balancer
                                                                                                                                                              • inner: private network load balancer
                                                                                                                                                              
 
                                                                                                                                                              Default: inner
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              bandwidth_name
                                                                                                                                                              
+
                                                                                                                                                              bandwidth_name
                                                                                                                                                              
 
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
+
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                              
+
                                                                                                                                                              Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                              
 
                                                                                                                                                              The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              bandwidth_chargemode
                                                                                                                                                              
+
                                                                                                                                                              bandwidth_chargemode
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Bandwidth mode.
                                                                                                                                                              
+
                                                                                                                                                              Bandwidth mode.
                                                                                                                                                              
 
                                                                                                                                                              • traffic: billed by traffic
                                                                                                                                                              
-
                                                                                                                                                              Default: traffic
                                                                                                                                                              
+
                                                                                                                                                              Default: traffic
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              bandwidth_size
                                                                                                                                                              
+
                                                                                                                                                              bandwidth_size
                                                                                                                                                              
 
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
+
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
 
                                                                                                                                                              Integer
                                                                                                                                                              
+
                                                                                                                                                              Integer
                                                                                                                                                              
 
                                                                                                                                                              Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                              
+
                                                                                                                                                              Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                              
 
                                                                                                                                                              The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                                              • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                                              • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                                              • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                                              
 
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              bandwidth_sharetype
                                                                                                                                                              
+
                                                                                                                                                              bandwidth_sharetype
                                                                                                                                                              
 
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
+
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Bandwidth sharing mode.
                                                                                                                                                              
+
                                                                                                                                                              Bandwidth sharing mode.
                                                                                                                                                              
 
                                                                                                                                                              • PER: dedicated bandwidth
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              eip_type
                                                                                                                                                              
+
                                                                                                                                                              eip_type
                                                                                                                                                              
 
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
+
                                                                                                                                                              Yes for public network load balancers
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              EIP type.
                                                                                                                                                              
+
                                                                                                                                                              EIP type.
                                                                                                                                                              
 
                                                                                                                                                              • 5_bgp: dynamic BGP
                                                                                                                                                              
 
                                                                                                                                                              The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              vip_subnet_cidr_id
                                                                                                                                                              
+
                                                                                                                                                              vip_subnet_cidr_id
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                                              
+
                                                                                                                                                              Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                                              
 
                                                                                                                                                              If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                                                                              
 
                                                                                                                                                              This field can be specified only for clusters of v1.21 or later.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              vip_address
                                                                                                                                                              
+
                                                                                                                                                              vip_address
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                                              
+
                                                                                                                                                              Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                                              
 
                                                                                                                                                              The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              available_zone
                                                                                                                                                              
+
                                                                                                                                                              available_zone
                                                                                                                                                              
 
                                                                                                                                                              Yes
                                                                                                                                                              
+
                                                                                                                                                              Yes
                                                                                                                                                              
 
                                                                                                                                                              Array of strings
                                                                                                                                                              
+
                                                                                                                                                              Array of strings
                                                                                                                                                              
 
                                                                                                                                                              AZ where the load balancer is located.
                                                                                                                                                              
+
                                                                                                                                                              AZ where the load balancer is located.
                                                                                                                                                              
 
                                                                                                                                                              You can obtain all supported AZs by getting the AZ list.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for dedicated load balancers.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              l4_flavor_name
                                                                                                                                                              
+
                                                                                                                                                              l4_flavor_name
                                                                                                                                                              
 
                                                                                                                                                              Yes
                                                                                                                                                              
+
                                                                                                                                                              Yes
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Flavor name of the layer-4 load balancer.
                                                                                                                                                              
+
                                                                                                                                                              Flavor name of the layer-4 load balancer.
                                                                                                                                                              
 
                                                                                                                                                              You can obtain all supported types by getting the flavor list.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for dedicated load balancers.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              l7_flavor_name
                                                                                                                                                              
+
                                                                                                                                                              l7_flavor_name
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Flavor name of the layer-7 load balancer.
                                                                                                                                                              
+
                                                                                                                                                              Flavor name of the layer-7 load balancer.
                                                                                                                                                              
 
                                                                                                                                                              You can obtain all supported types by getting the flavor list.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              elb_virsubnet_ids
                                                                                                                                                              
+
                                                                                                                                                              elb_virsubnet_ids
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              Array of strings
                                                                                                                                                              
+
                                                                                                                                                              Array of strings
                                                                                                                                                              
 
                                                                                                                                                              Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                              
+
                                                                                                                                                              Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for dedicated load balancers.
                                                                                                                                                              
 
                                                                                                                                                              Example:
                                                                                                                                                              
 
                                                                                                                                                              "elb_virsubnet_ids": [
@@ -448,13 +550,13 @@ spec:
  ]
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              ipv6_vip_virsubnet_id
                                                                                                                                                              
+
                                                                                                                                                              ipv6_vip_virsubnet_id
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                                              
+
                                                                                                                                                              Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                                              
 
                                                                                                                                                              This parameter is available only for dedicated load balancers.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0704.html b/docs/cce/umn/cce_10_0704.html
index 2e3fca7a..2a56be4a 100644
--- a/docs/cce/umn/cce_10_0704.html
+++ b/docs/cce/umn/cce_10_0704.html
@@ -14,9 +14,11 @@
 
                                                                                                                                                            • Maximum Number of Pods That Can Be Created on a Node
                                                                                                                                                              
 
                                                                                                                                                              • 
+
                                                                                                                                                            • Differences Between CCE Node mountPath Configurations and Community Native Configurations
                                                                                                                                                              
+
                                                                                                                                                            • Migrating Nodes from Docker to containerd
                                                                                                                                                              
 
                                                                                                                                                              • 
-
                                                                                                                                                            • Node Fault Detection Policy
                                                                                                                                                              
+
                                                                                                                                                            • Configuring Node Fault Detection Policies
                                                                                                                                                              
 
                                                                                                                                                              • 
 
diff --git a/docs/cce/umn/cce_10_0705.html b/docs/cce/umn/cce_10_0705.html
index 82657f16..400a9752 100644
--- a/docs/cce/umn/cce_10_0705.html
+++ b/docs/cce/umn/cce_10_0705.html
@@ -10,9 +10,9 @@
 
diff --git a/docs/cce/umn/cce_10_0721.html b/docs/cce/umn/cce_10_0721.html
index a831f62f..828854c6 100644
--- a/docs/cce/umn/cce_10_0721.html
+++ b/docs/cce/umn/cce_10_0721.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                              Overview
                                                                                                                                                              Volcano is a Kubernetes-based batch processing platform that supports machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides general-purpose, high-performance computing capabilities, such as job scheduling, heterogeneous chip management, and job running management.
                                                                                                                                                              
 
                                                                                                                                                              Volcano Scheduler
                                                                                                                                                              Volcano Scheduler is a pod scheduling component, which consists of a series of actions and plugins. Actions should be executed in every step. Plugins provide the action algorithm details in different scenarios. Volcano Scheduler features high scalability. You can specify actions and plugins as needed.
                                                                                                                                                              
-
                                                                                                                                                              Figure 1 Volcano Scheduler workflow
                                                                                                                                                              
+
                                                                                                                                                              Figure 1 Volcano Scheduler workflow
                                                                                                                                                              
 
                                                                                                                                                              The working process of Volcano Scheduler is as follows:
                                                                                                                                                              
 
                                                                                                                                                              1. Identify and cache the job submitted by the client.
                                                                                                                                                              2. Start a periodical session. A scheduling cycle begins.
                                                                                                                                                              3. Send jobs that are not scheduled the to-be-scheduled queue of the session.
                                                                                                                                                              4. Traverse all jobs to be scheduled and perform actions such as enqueue, allocate, preempt, reclaim, and backfill in the configured sequence to find the most appropriate node for each job. Bind the job to the node. The specific algorithm logic executed in action depends on the implementation of each function in the registered plugin.
                                                                                                                                                              5. Close the session.
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0722.html b/docs/cce/umn/cce_10_0722.html
index d72a512e..a7c5ed92 100644
--- a/docs/cce/umn/cce_10_0722.html
+++ b/docs/cce/umn/cce_10_0722.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                              Scheduling Workloads
                                                                                                                                                              
 
                                                                                                                                                              Volcano is a Kubernetes-based batch processing platform with high-performance general computing capabilities like task scheduling engine, heterogeneous chip management, and task running management. It provides end users with computing frameworks from multiple domains such as AI, big data, gene, and rendering. It also offers job scheduling, job management, and queue management for computing applications.
                                                                                                                                                              
 
                                                                                                                                                              Kubernetes typically uses its default scheduler to schedule workloads. To use Volcano, specify Volcano for your workloads. For details about the Kubernetes scheduler, see Specify schedulers for pods.
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              When a large number of workloads are scheduled, Volcano prints a large number of logs. In this case, you can use Volcano with LTS. Otherwise, the disk space of the node where Volcano resides may be used up. For details, see Collecting Container Logs.
                                                                                                                                                              
+
                                                                                                                                                              Notes and Constraints
                                                                                                                                                              When a large number of workloads are scheduled, Volcano prints a large number of logs. In this case, you can use Volcano with LTS. Otherwise, the disk space of the node where Volcano resides may be used up. For details, see Collecting Container Logs.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Using Volcano
                                                                                                                                                              When using Volcano to schedule workloads, you only need to configure schedulerName in the spec field of the pod and set the parameter to volcano. The following is an example:
                                                                                                                                                              apiVersion: apps/v1
 kind: Deployment
@@ -45,7 +45,7 @@ spec:
 
 
                                                                                                                                                              Function
                                                                                                                                                              
@@ -92,7 +92,7 @@
 
                                                                                                                                                              NUMA affinity scheduling
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Volcano targets to lift the limitation to make scheduler NUMA topology aware so that:
                                                                                                                                                              
-
                                                                                                                                                              • Pods are not scheduled to the nodes that NUMA topology does not match.
                                                                                                                                                              • Pods are scheduled to the best node for NUMA topology.
                                                                                                                                                              
+
                                                                                                                                                              • Pods are not scheduled to the nodes that NUMA topology does not match.
                                                                                                                                                              • Pods are scheduled to the most suitable node for NUMA topology.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              NUMA Affinity Scheduling
                                                                                                                                                              
                                                                                                                                                               		
 
 
 
 
 
                                                                                                                                                              
-
diff --git a/docs/cce/umn/cce_10_0725.html b/docs/cce/umn/cce_10_0725.html
index 576ddf6f..d53af767 100644
--- a/docs/cce/umn/cce_10_0725.html
+++ b/docs/cce/umn/cce_10_0725.html
@@ -2,14 +2,14 @@
 
 
                                                                                                                                                              Importing an EV to a Storage Pool
                                                                                                                                                              CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. Before creating a local EV, import the data disk of the node to the storage pool.
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                              
+
                                                                                                                                                              Notes and Constraints
                                                                                                                                                              • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                              
 
                                                                                                                                                              • The first data disk (used by container runtime and the kubelet component) on a node cannot be imported as a storage pool.
                                                                                                                                                              • Storage pools in striped mode do not support scale-out. After scale-out, fragmented space may be generated and the storage pool cannot be used.
                                                                                                                                                              • Storage pools cannot be scaled in or deleted.
                                                                                                                                                              • If disks in a storage pool on a node are deleted, the storage pool will malfunction.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Importing a Storage Pool
                                                                                                                                                              Imported during node creation
                                                                                                                                                              
 
                                                                                                                                                              When creating a node, you can add a data disk to the node in Storage Settings and import the data disk to the storage pool as an EV. For details, see Creating a Node.
                                                                                                                                                              
 
                                                                                                                                                              Imported manually
                                                                                                                                                              
-
                                                                                                                                                              If no EV is imported during node creation, or the capacity of the current storage volume is insufficient, you can manually import a storage pool.
                                                                                                                                                              
-
                                                                                                                                                              1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                              2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                              3. Choose Storage in the navigation pane and click the Storage Pool tab.
                                                                                                                                                              4. View the node to which the disk has been added and select Import as EV. You can select a write mode during the import.
                                                                                                                                                                 
                                                                                                                                                                If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                                
+
                                                                                                                                                                If no EV is imported during node creation, or the capacity of the current storage volume is insufficient, you can manually import an EV.
                                                                                                                                                                
+
                                                                                                                                                                1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                                2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                3. Choose Storage in the navigation pane. In the right pane, click the Storage Pool tab.
                                                                                                                                                                4. View the node to which the disk has been added and select Import as EV. You can select a write mode during the import.
                                                                                                                                                                   
                                                                                                                                                                  If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                  • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                  
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0726.html b/docs/cce/umn/cce_10_0726.html
index fc22ed37..590a95b7 100644
--- a/docs/cce/umn/cce_10_0726.html
+++ b/docs/cce/umn/cce_10_0726.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                                                                Using a Local EV
                                                                                                                                                                
 
                                                                                                                                                                Local Ephemeral Volumes (EVs) are stored in EV storage pools. Local EVs deliver better performance than the default storage medium of native emptyDir and support scale-out.
                                                                                                                                                                
-
                                                                                                                                                                Prerequisites
                                                                                                                                                                
+
                                                                                                                                                                Prerequisites
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Constraints
                                                                                                                                                                • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                                • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                
+
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                                • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Using the Console to Mount a Local EV
                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                3. Click Create Workload in the upper right corner of the page. In the Container Settings area, click the Data Storage tab and click Add Volume > Local Ephemeral Volume (emptyDir).
                                                                                                                                                                4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                                                  
+
                                                                                                                                                                  Using the Console to Mount a Local EV
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                                                                                                                                  3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select Local Ephemeral Volume (emptyDir).
                                                                                                                                                                  4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                                                    
 
                                                                                                                                                              Table 1 Pod annotations supported by Volcano
                                                                                                                                                              Pod Annotations
                                                                                                                                                              
 
                                                                                                                                                              Remarks
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              
-
-
@@ -41,7 +41,7 @@
 
                                                                                                                                                            • After the configuration, click Create Workload.
                                                                                                                                                              • 
-
                                                                                                                                                              Using kubectl to Mount a Local EV
                                                                                                                                                              1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                              2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                                                vi nginx-emptydir.yaml
                                                                                                                                                                
+
                                                                                                                                                                Mounting a Local EV Through kubectl
                                                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                                                  vi nginx-emptydir.yaml
                                                                                                                                                                  
 
                                                                                                                                                                  Content of the YAML file:
                                                                                                                                                                  
 
                                                                                                                                                                  apiVersion: apps/v1
 kind: Deployment
@@ -63,14 +63,14 @@ spec:
           image: nginx:latest
           volumeMounts:
             - name: vol-emptydir         # Volume name, which must be the same as the volume name in the volumes field.
-              mountPath: /tmp            # Path to which an EV is mounted.
+              mountPath: /tmp            # Location where the emptyDir is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
-        - name: vol-emptydir             # Volume name, which can be customized.
+        - name: vol-emptydir             # Volume name, which can be customized
           emptyDir:
             medium: LocalVolume          # If the disk medium of emptyDir is set to LocalVolume, the local EV is used.
-            sizeLimit: 1Gi               # Volume capacity.
                                                                                                                                                                  
+            sizeLimit: 1Gi               # Volume capacity
 
                                                                                                                                                                3. Create a workload.
                                                                                                                                                                  kubectl apply -f nginx-emptydir.yaml
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0727.html b/docs/cce/umn/cce_10_0727.html
index 3e8bdbf2..4afc61c1 100644
--- a/docs/cce/umn/cce_10_0727.html
+++ b/docs/cce/umn/cce_10_0727.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                Updating an AS Configuration
                                                                                                                                                                
 
                                                                                                                                                                Auto Scaling (AS) enables elastic scaling of nodes in a node pool based on scaling policies. Without this function, you have to manually adjust the number of nodes in a node pool.
                                                                                                                                                                
-
                                                                                                                                                                Constraints
                                                                                                                                                                To enable AS, the CCE Cluster Autoscaler add-on must be installed in the target cluster.
                                                                                                                                                                
+
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                To enable AS, the CCE Cluster Autoscaler add-on must be installed in the target cluster.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Procedure
                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                                                                                                                                  • If the auto scaling add-on has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                                                                                                                                  • If the auto scaling add-on has been installed, directly configure auto scaling policies.
                                                                                                                                                                  
+
                                                                                                                                                                  Procedure
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                                                                                                                                    • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                                                                                                                                    • If Autoscaler has been installed, directly configure auto scaling policies.
                                                                                                                                                                    
 
                                                                                                                                                                  3. Configure auto scaling policies.
                                                                                                                                                                    AS Configuration
                                                                                                                                                                    
 
                                                                                                                                                                    • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. You can add multiple node scaling policies, a maximum of one CPU usage-based rule, and one memory usage-based rule. The total number of rules cannot exceed 10.
                                                                                                                                                                      The following table lists custom rules.
 
                                                                                                                                                              Table 1 Mounting a local EV
                                                                                                                                                              Parameter
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Description
                                                                                                                                                              
@@ -21,19 +21,19 @@
 
                                                                                                                                                              Mount Path
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                                                              
-
                                                                                                                                                              This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                               NOTICE: 
                                                                                                                                                              If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                              
+
                                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                               NOTICE: 
                                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              		
 
                                                                                                                                                              
 
                                                                                                                                                              Subpath
                                                                                                                                                              
 
                                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                              
+
                                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Permission
                                                                                                                                                              
 
                                                                                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                              • Read/Write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                              
+
                                                                                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                              • Read-write: You can modify the data volumes mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
 
 
                                                                                                                                                              
-
                                                                                                                                                              Table 1 Custom rules
                                                                                                                                                              Rule Type
                                                                                                                                                              
@@ -15,9 +15,9 @@
 
                                                                                                                                                              
 
                                                                                                                                                              Metric-based
                                                                                                                                                              
 
                                                                                                                                                              • Trigger: Select CPU allocation rate or Memory allocation rate and enter a value. The value must be greater than the scale-in percentage configured in the auto scaling add-on.
                                                                                                                                                                 NOTE: 
                                                                                                                                                                • Resource allocation (%) = Resources requested by pods in the node pool/Resources allocatable to pods in the node pool
                                                                                                                                                                • If multiple rules meet the conditions, the rules are executed in either of the following modes:
                                                                                                                                                                  If rules based on the CPU allocation rate and memory allocation rate are configured and two or more rules meet the scale-out conditions, the rule that will add the most nodes will be executed.
                                                                                                                                                                  
-
                                                                                                                                                                  If a rule based on the CPU allocation rate and a periodic rule are configured and they both meet the scale-out conditions, one of them will be executed randomly. The rule executed first (rule A) changes the node pool to the scaling state. As a result, the other rule (rule B) cannot be executed. After rule A is executed and the node pool status becomes normal, rule B will not be executed.
                                                                                                                                                                  
-
                                                                                                                                                                • If rules based on the CPU allocation rate and memory allocation rate are configured, the policy detection period varies with the processing logic of each loop of the Autoscaler add-on. A scale-out is triggered once the conditions are met, but it is constrained by other factors such as the cooldown period and node pool status.
                                                                                                                                                                • When the number of nodes in the cluster reaches the upper limit, or the CPU or memory usage reaches the upper limit of the autoscaler add-on, node scale-out will not be triggered.
                                                                                                                                                                
+
                                                                                                                                                              • Trigger: Select CPU allocation rate or Memory allocation rate and enter a value. The percentage must be greater than the value specified in the node resource requirements for a node scale-in when you configure a scaling policy (Configuring an Auto Scaling Policy for a Cluster).
                                                                                                                                                                 NOTE: 
                                                                                                                                                                • Resource allocation (%) = Resources requested by pods in the node pool/Resources allocatable to pods in the node pool
                                                                                                                                                                • If multiple rules meet the conditions, the rules are executed in either of the following modes:
                                                                                                                                                                  If rules based on the CPU allocation rate and memory allocation rate are configured and two or more rules meet the scale-out conditions, the rule that will add the most nodes will be executed.
                                                                                                                                                                  
+
                                                                                                                                                                  If a rule is configured based on the CPU allocation rate and a periodic rule and both the rules meet the scale-out conditions, the periodic rule executed early changes the node pool to the scaling state. As a result, the metric-based rule cannot be executed. After the periodic rule is executed and the node pool status becomes normal, the metric-based rule will not be executed. If the metric-based rule is executed early, the periodic rule will be executed after the metric-based rule is executed.
                                                                                                                                                                  
+
                                                                                                                                                                • If a rule is configured based on the CPU allocation rate and memory allocation rate, the policy detection period varies with the processing logic of each loop of the Autoscaler add-on. A scale-out is triggered once the conditions are met, but it is constrained by other factors such as the cooldown period and node pool status.
                                                                                                                                                                • If the number of nodes reaches the upper limit of the cluster scale, the upper limit of the nodes supported in a node pool, or the upper limit of the nodes of a specific flavor, a metric-based scale-out will not be triggered.
                                                                                                                                                                • If the number of nodes, CPUs, or memory resources reaches the upper limit for a node scale-out, a metric-based scale-out will not be triggered.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                              • Action: Configure an action to be performed when the triggering condition is met.
                                                                                                                                                                • Custom: Add a specified number of nodes to a node pool.
                                                                                                                                                                • Auto calculation: When the trigger condition is met, nodes are automatically added and the allocation rate is restored to a value lower than the threshold. The formula is as follows:
                                                                                                                                                                  Number of nodes to be added = [Resource request of pods in the node pool/(Available resources of a single node x Target allocation rate)] – Number of current nodes + 1
                                                                                                                                                                  
 
                                                                                                                                                                
@@ -33,9 +33,11 @@
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                            • Nodes: The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                                                                                            • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in.
                                                                                                                                                              • 
+
                                                                                                                                                            • Nodes: The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                                                                                            • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in.
                                                                                                                                                              • 
 
                                                                                                                                                              AS Object
                                                                                                                                                              
-
                                                                                                                                                              Specification selection: Configure whether to enable auto scaling for node flavors in a node pool.
                                                                                                                                                              
+
                                                                                                                                                              • Specifications: Configure whether to enable auto scaling for node flavors in a node pool.
                                                                                                                                                                 
                                                                                                                                                                If multiple flavors are configured for a node pool, you can specify the upper limit for the number of nodes and the priority for each flavor separately.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                              
 
                                                                                                                                                            • Click OK.
                                                                                                                                                              • 
 
 
diff --git a/docs/cce/umn/cce_10_0728.html b/docs/cce/umn/cce_10_0728.html
index 591a826e..7682985d 100644
--- a/docs/cce/umn/cce_10_0728.html
+++ b/docs/cce/umn/cce_10_0728.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                              Taints and Tolerations
                                                                                                                                                              
+
                                                                                                                                                              Configuring Tolerance Policies
                                                                                                                                                              
 
                                                                                                                                                              Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is configured for a pod, the scheduler will schedule the pod based on node taint policies to prevent the pod from being scheduled to an inappropriate node.
                                                                                                                                                              
 
                                                                                                                                                              The following table shows how taint policies and tolerations affect pod running.
                                                                                                                                                              
 
@@ -16,21 +16,21 @@
 
 
                                                                                                                                                              • Pods running on the node will be evicted immediately.
                                                                                                                                                              • Inactive pods will not scheduled to the node.
                                                                                                                                                              
 
                                                                                                                                                              • If the tolerance time window tolerationSeconds is not specified, pods can run on this node all the time.
                                                                                                                                                              • If the tolerance time window tolerationSeconds is specified, pods still run on the node with taints within the time window. After the time expires, the pods will be evicted.
                                                                                                                                                              
+
                                                                                                                                                              • If the tolerance time window tolerationSeconds is not specified, pods can always run on this node.
                                                                                                                                                              • If the tolerance time window tolerationSeconds is specified, pods still run on the node with taints within the time window. After the time expires, the pods will be evicted.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              PreferNoSchedule
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              • Pods running on the node will not be evicted.
                                                                                                                                                              • Inactive pods will not scheduled to the node to the best extend.
                                                                                                                                                              
 
                                                                                                                                                              Pods can run on this node all the time.
                                                                                                                                                              
+
                                                                                                                                                              Pods can always run on this node.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              NoSchedule
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              • Pods running on the node will not be evicted.
                                                                                                                                                              • Inactive pods will not scheduled to the node.
                                                                                                                                                              
 
                                                                                                                                                              Pods can run on this node all the time.
                                                                                                                                                              
+
                                                                                                                                                              Pods can always run on this node.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
 
 
                                                                                                                                                              
-
@@ -22,10 +22,73 @@
 
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                              Timeout Type
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Load Balancer Type
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Restrictions
                                                                                                                                                              
 
                                                                                                                                                              Cluster Version
                                                                                                                                                              
+
                                                                                                                                                              Supported Cluster Version
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              • v1.19: v1.19.16-r30 or later
                                                                                                                                                              • v1.21: v1.21.10-r10 or later
                                                                                                                                                              • v1.23: v1.23.8-r10 or later
                                                                                                                                                              • v1.25: v1.25.3-r10 or later
                                                                                                                                                              • Other clusters of later versions
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Idle timeout
                                                                                                                                                              
+
                                                                                                                                                              Shared
                                                                                                                                                              
+
                                                                                                                                                              UDP is not supported.
                                                                                                                                                              
+
                                                                                                                                                              • v1.23: v1.23.13-r0 or later
                                                                                                                                                              • v1.25: v1.25.8-r0 or later
                                                                                                                                                              • v1.27: v1.27.5-r0 or later
                                                                                                                                                              • v1.28: v1.28.3-r0 or later
                                                                                                                                                              • Other clusters of later versions
                                                                                                                                                              
+
                                                                                                                                                              Request timeout
                                                                                                                                                              
+
                                                                                                                                                              Dedicated and shared
                                                                                                                                                              
+
                                                                                                                                                              Only HTTP and HTTPS are supported.
                                                                                                                                                              
+
                                                                                                                                                              Response timeout
                                                                                                                                                              
+
                                                                                                                                                              Dedicated and shared
                                                                                                                                                              
+
                                                                                                                                                              Only HTTP and HTTPS are supported.
                                                                                                                                                              
+
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                            • If you delete the timeout configuration during a Service update, the timeout configuration on the existing listeners will be retained.
                                                                                                                                                              • 
+
                                                                                                                                                            • After timeout is configured, if you delete the timeout configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                              • 
+
                                                                                                                                                              
+
                                                                                                                                                              Using the CCE Console
                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                              2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                              3. Configure Service parameters. In this example, only mandatory parameters required for configuring timeout are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                • Service Type: Select LoadBalancer.
                                                                                                                                                                • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                  • A load balancer can be dedicated or shared.
                                                                                                                                                                  • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                  
+
                                                                                                                                                                • Ports
                                                                                                                                                                  • Protocol: protocol that the load balancer complies. Timeout cannot be configured for a UDP-compliant shared load balancer.
                                                                                                                                                                  • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                  • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                  • Frontend Protocol: Select a protocol for the listener. If HTTP/HTTPS is not enabled, only the idle timeout can be configured.
                                                                                                                                                                  
+
                                                                                                                                                                • Listener
                                                                                                                                                                  • Advanced Options: Select a proper option.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Configuration
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Restrictions
                                                                                                                                                                    
+
                                                                                                                                                                    Idle Timeout
                                                                                                                                                                    
+
                                                                                                                                                                    Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                    
+
                                                                                                                                                                    This configuration is not supported if the port of a shared load balancer uses UDP.
                                                                                                                                                                    
+
                                                                                                                                                                    Request Timeout
                                                                                                                                                                    
+
                                                                                                                                                                    Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                    
+
                                                                                                                                                                    • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                    • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                    
+
                                                                                                                                                                    This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                    
+
                                                                                                                                                                    Response Timeout
                                                                                                                                                                    
+
                                                                                                                                                                    Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                    
+
                                                                                                                                                                    This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                              4. Click OK.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Using kubectl
                                                                                                                                                              Use annotations to configure timeout. The following shows an example:
                                                                                                                                                              apiVersion: v1 
 kind: Service 
@@ -34,6 +97,8 @@ metadata:
     kubernetes.io/elb.id: <your_elb_id>    # In this example, an existing dedicated load balancer is used. Replace its ID with the ID of your dedicated load balancer.
     kubernetes.io/elb.class: performance  # Load balancer type
     kubernetes.io/elb.keepalive_timeout: '300'  # Timeout setting for client connections
+    kubernetes.io/elb.client_timeout: '60'      # Timeout for waiting for a request from a client
+    kubernetes.io/elb.member_timeout: '60'      # Timeout for waiting for a response from a backend server
   name: nginx 
 spec: 
   ports: 
@@ -46,25 +111,46 @@ spec:
   type: LoadBalancer
                                                                                                                                                              
 
                                                                                                                                                              
 
-
                                                                                                                                                              
@@ -77,7 +77,7 @@
 
                                                                                                                                                            • In the Container Settings area, choose Data Storage and configure cloud storage for persistent data storage.
                                                                                                                                                               
                                                                                                                                                              In this example, the MongoDB database is used and persistent data storage is also needed, so you need to configure cloud storage. Determine whether to use cloud storage based on your service requirements.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              The mounted path must be the same as the MongoDB storage path in the Docker startup script. For details, see the startup script. In this example, the path is /usr/local/mongodb/data.
                                                                                                                                                              
-
                                                                                                                                                            • In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                               
                                                                                                                                                              In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                              
+
                                                                                                                                                            • In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                               
                                                                                                                                                              In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              • Service Name: name of the application that can be accessed externally. In this example, this parameter is set to apptest.
                                                                                                                                                              • Service Type: In this example, select NodePort.
                                                                                                                                                              • Service Affinity
                                                                                                                                                                • Cluster-level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                • Node-level: Only the IP address and access port of the node where the workload is located can be used to access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                
 
                                                                                                                                                              • Port
                                                                                                                                                                • Protocol: Set it to TCP.
                                                                                                                                                                • Service Port: port for accessing the Service.
                                                                                                                                                                • Container Port: port that the application will listen on the container. In this example, this parameter is set to 8080.
                                                                                                                                                                • Node Port: Set it to Auto. The system automatically opens a real port on all nodes in the current cluster and then maps the port number to the container port.
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_00162.html b/docs/cce/umn/cce_bestpractice_00162.html
index 9ceaa560..1288242d 100644
--- a/docs/cce/umn/cce_bestpractice_00162.html
+++ b/docs/cce/umn/cce_bestpractice_00162.html
@@ -4,9 +4,9 @@
 
                                                                                                                                                                CCE uses proprietary, high-performance container networking add-ons to support the tunnel network, Cloud Native 2.0 network, and VPC network models.
                                                                                                                                                                
 
                                                                                                                                                                 
                                                                                                                                                                After a cluster is created, the network model cannot be changed. Exercise caution when selecting a network model.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                  Figure 1 Container tunnel network
                                                                                                                                                                  
-
                                                                                                                                                                • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                  Figure 2 VPC network
                                                                                                                                                                  
-
                                                                                                                                                                • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                  Figure 3 Cloud Native 2.0 network
                                                                                                                                                                  
+
                                                                                                                                                                  • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                    Figure 1 Container tunnel network
                                                                                                                                                                    
+
                                                                                                                                                                  • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                    Figure 2 VPC network
                                                                                                                                                                    
+
                                                                                                                                                                  • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                    Figure 3 Cloud Native 2.0 network
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  The following table lists the differences between the network models.
                                                                                                                                                                  
 
@@ -22,11 +22,11 @@
 
                                                                                                                                                              • 
-
-
-
-
@@ -56,31 +56,32 @@
 
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_bestpractice_00198.html b/docs/cce/umn/cce_bestpractice_00198.html
index 97fa20ab..45dfc5c6 100644
--- a/docs/cce/umn/cce_bestpractice_00198.html
+++ b/docs/cce/umn/cce_bestpractice_00198.html
@@ -24,9 +24,9 @@
 
-
-
                                                                                                                                                              Table 1 Key annotation parameters
                                                                                                                                                              Parameter
                                                                                                                                                              
+
                                                                                                                                                              
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0730.html b/docs/cce/umn/cce_10_0730.html
index 897a272b..c0911f27 100644
--- a/docs/cce/umn/cce_10_0730.html
+++ b/docs/cce/umn/cce_10_0730.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                              Configuring Timeout for a LoadBalancer Ingress
                                                                                                                                                              LoadBalancer ingresses support the following timeout settings:
                                                                                                                                                              
 
                                                                                                                                                              • Idle timeout setting for client connections: Maximum duration for keeping a connection when no client request is received. If no request is received during this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
                                                                                                                                                              • Timeout for waiting for a request from a client: If the client fails to send a request header to the load balancer during the timeout duration or the interval for sending body data exceeds a specified period, the load balancer will release the connection.
                                                                                                                                                              • Timeout setting for waiting for a response from a backend server: If the backend server fails to respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout to the client.
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              • The following table lists the scenarios where timeout can be configured for a Service.
+
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • The following table lists the scenarios where timeout can be configured for a Service.
 
                                                                                                                                                              Table 1 Key annotation parameters
                                                                                                                                                              Parameter
                                                                                                                                                              
 
                                                                                                                                                              Mandatory
                                                                                                                                                              
+
                                                                                                                                                              Mandatory
                                                                                                                                                              
 
                                                                                                                                                              Type
                                                                                                                                                              
+
                                                                                                                                                              Type
                                                                                                                                                              
 
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              kubernetes.io/elb.keepalive_timeout
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.keepalive_timeout
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
 
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                              
+
                                                                                                                                                              Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                              
 
                                                                                                                                                              Value:
                                                                                                                                                              
-
                                                                                                                                                              • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                              • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 10 to 4000 (in seconds). The default value is 60.
                                                                                                                                                              • For UDP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                              
+
                                                                                                                                                              • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                              • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                                              • For UDP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.client_timeout
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                              
+
                                                                                                                                                              • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                              • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                              
+
                                                                                                                                                              The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                              
+
                                                                                                                                                              kubernetes.io/elb.member_timeout
                                                                                                                                                              
+
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              String
                                                                                                                                                              
+
                                                                                                                                                              Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                              
+
                                                                                                                                                              The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              
-
@@ -100,7 +100,7 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_10_0734.html b/docs/cce/umn/cce_10_0734.html
new file mode 100644
index 00000000..e318bb5b
--- /dev/null
+++ b/docs/cce/umn/cce_10_0734.html
@@ -0,0 +1,316 @@
+
+
+
                                                                                                                                                              Configuring an EIP for a Pod
                                                                                                                                                              
+
                                                                                                                                                              Application Scenarios
                                                                                                                                                              In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind EIPs to pods.
                                                                                                                                                              
+
                                                                                                                                                              To associate an EIP with a pod, simply set the value of the yangtse.io/pod-with-eip annotation to true when creating the pod. Then, the EIP will be automatically allocated and bound to the pod.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Prerequisites
                                                                                                                                                              A CCE Turbo cluster is available and the cluster version meets the requirements listed in the following table.
                                                                                                                                                              
+
+
                                                                                                                                                              Timeout Type
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Load Balancer Type
                                                                                                                                                              
@@ -46,7 +46,7 @@ metadata:
     kubernetes.io/elb.class: performance
     kubernetes.io/elb.keepalive_timeout: '300'  # Timeout setting for client connections
     kubernetes.io/elb.client_timeout: '60'      # Timeout duration for waiting for a request from a client
-    kubernetes.io/elb.member_timeout: '60'      # Timeout duration for waiting for a response from a backend server
+    kubernetes.io/elb.member_timeout: '60'      # Timeout for waiting for a response from a backend server
 spec:
   rules:
     - host: ''
@@ -89,7 +89,7 @@ spec:
 
 
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Timeout for waiting for a request from a client. There are two situations:
                                                                                                                                                              
+
                                                                                                                                                              Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                              
 
                                                                                                                                                              • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                              • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                              
 
                                                                                                                                                              The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              String
                                                                                                                                                              
 
                                                                                                                                                              Timeout duration for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                              
+
                                                                                                                                                              Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                              
 
                                                                                                                                                              The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                              Scenario
                                                                                                                                                              
+
                                                                                                                                                              Cluster Version
                                                                                                                                                              
+
                                                                                                                                                              Allocating an EIP with a pod
                                                                                                                                                              
+
                                                                                                                                                              • v1.19: v1.19.16-r20 or later
                                                                                                                                                              • v1.21: v1.21.10-r0 or later
                                                                                                                                                              • v1.23: v1.23.8-r0 or later
                                                                                                                                                              • v1.25: v1.25.3-r0 or later
                                                                                                                                                              • Versions later than v1.25
                                                                                                                                                              
+
                                                                                                                                                              Using an existing EIP for a pod
                                                                                                                                                              
+
                                                                                                                                                              v1.23: v1.23.16-r0 or later
                                                                                                                                                              
+
                                                                                                                                                              v1.25: v1.25.11-r0 or later
                                                                                                                                                              
+
                                                                                                                                                              v1.27: v1.27.8-r0 or later
                                                                                                                                                              
+
                                                                                                                                                              v1.28: v1.28.6-r0 or later
                                                                                                                                                              
+
                                                                                                                                                              v1.29: v1.29.2-r0 or later
                                                                                                                                                              
+
                                                                                                                                                              Versions later than v1.29
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
+
                                                                                                                                                              Notes and Constraints
                                                                                                                                                              • To access a pod bound with an EIP from the Internet, add security group rules to allow the target request traffic.
                                                                                                                                                              • Only one EIP can be bound to a pod.
                                                                                                                                                              • Configure the EIP-related annotation when creating a pod. After the pod is created, the annotations related to the EIP cannot be modified.
                                                                                                                                                              • Do not perform operations on the EIP associated with a pod through the EIP console or API. Otherwise, the EIP may malfunction. The operations include changing the EIP name, deleting, unbinding, or binding the EIP, and changing the billing mode of the EIP.
                                                                                                                                                              • After an automatically allocated EIP is manually deleted, the network malfunctions. In this case, rebuild the pod.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Allocating an EIP with a Pod
                                                                                                                                                              If you set the pod-with-eip annotation to true when creating a pod, an EIP will be automatically allocated and bound to the pod.
                                                                                                                                                              
+
                                                                                                                                                               
                                                                                                                                                              • CCE will automatically add cluster ID, namespace, and pod name labels to an EIP that has been allocated automatically.
                                                                                                                                                              • If a pod is created with an automatically allocated EIP, deleting the pod will also delete the EIP.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              The following uses a Deployment named nginx as an example. For details about annotations, see Table 2.
                                                                                                                                                              
+
                                                                                                                                                              • For an automatically allocated EIP with a dedicated bandwidth when you create a Deployment, you do not need to specify the bandwidth ID. The following shows an example:
                                                                                                                                                                apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/pod-with-eip: "true"  # An EIP will be automatically allocated when the pod is created.
+        yangtse.io/eip-bandwidth-size: "5"  # EIP bandwidth
+        yangtse.io/eip-network-type: 5_bgp  # EIP type
+        yangtse.io/eip-charge-mode: bandwidth  # EIP billing mode
+        yangtse.io/eip-bandwidth-name: <eip_bandwidth_name>  # EIP bandwidth name
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                                
+
+
                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                Table 1 Annotations of an EIP with a dedicated bandwidth
                                                                                                                                                                Annotation
                                                                                                                                                                
+
                                                                                                                                                                Mandatory
                                                                                                                                                                
+
                                                                                                                                                                Default Value
                                                                                                                                                                
+
                                                                                                                                                                Description
                                                                                                                                                                
+
                                                                                                                                                                Value Range
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/pod-with-eip
                                                                                                                                                                
+
                                                                                                                                                                Yes
                                                                                                                                                                
+
                                                                                                                                                                false
                                                                                                                                                                
+
                                                                                                                                                                Whether to allocate an EIP with a pod and bind the EIP to the pod
                                                                                                                                                                
+
                                                                                                                                                                false or true
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/eip-bandwidth-size
                                                                                                                                                                
+
                                                                                                                                                                No
                                                                                                                                                                
+
                                                                                                                                                                5
                                                                                                                                                                
+
                                                                                                                                                                Bandwidth, in Mbit/s
                                                                                                                                                                
+
                                                                                                                                                                The value range varies depending on the region and bandwidth billing mode. For details, see the EIP console.
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/eip-network-type
                                                                                                                                                                
+
                                                                                                                                                                No
                                                                                                                                                                
+
                                                                                                                                                                5_bgp
                                                                                                                                                                
+
                                                                                                                                                                EIP type
                                                                                                                                                                
+
                                                                                                                                                                The type varies depending on the region. For details, see on the EIP console.
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/eip-charge-mode
                                                                                                                                                                
+
                                                                                                                                                                No
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
+
                                                                                                                                                                Billed by traffic or bandwidth
                                                                                                                                                                
+
                                                                                                                                                                You are advised to configure this parameter. If this parameter is left blank, no billing mode is specified. In this case, the default value of the EIP API in the region is used.
                                                                                                                                                                
+
                                                                                                                                                                • bandwidth: billed by bandwidth
                                                                                                                                                                • traffic: billed by traffic
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/eip-bandwidth-name
                                                                                                                                                                
+
                                                                                                                                                                No
                                                                                                                                                                
+
                                                                                                                                                                Pod name
                                                                                                                                                                
+
                                                                                                                                                                Bandwidth name
                                                                                                                                                                
+
                                                                                                                                                                • Enter 1 to 64 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                                                                                                                                                • Minimum length: 1 character
                                                                                                                                                                • Maximum length: 64 characters
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                              • For an automatically allocated EIP with a shared bandwidth when you create a Deployment, you are required to specify the bandwidth ID. The following shows an example:
                                                                                                                                                                apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/pod-with-eip: "true"  # An EIP will be automatically allocated when the pod is created.
+        yangtse.io/eip-network-type: 5_bgp  # EIP type
+        yangtse.io/eip-bandwidth-id: <eip_bandwidth_id>  # Shared bandwidth ID of the EIP
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                                
+
+
                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                Table 2 Annotations of an EIP with a shared bandwidth
                                                                                                                                                                Annotation
                                                                                                                                                                
+
                                                                                                                                                                Mandatory
                                                                                                                                                                
+
                                                                                                                                                                Default Value
                                                                                                                                                                
+
                                                                                                                                                                Description
                                                                                                                                                                
+
                                                                                                                                                                Value Range
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/pod-with-eip
                                                                                                                                                                
+
                                                                                                                                                                Yes
                                                                                                                                                                
+
                                                                                                                                                                false
                                                                                                                                                                
+
                                                                                                                                                                Whether to allocate an EIP with a pod and bind the EIP to the pod
                                                                                                                                                                
+
                                                                                                                                                                false or true
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/eip-network-type
                                                                                                                                                                
+
                                                                                                                                                                No
                                                                                                                                                                
+
                                                                                                                                                                5_bgp
                                                                                                                                                                
+
                                                                                                                                                                EIP type
                                                                                                                                                                
+
                                                                                                                                                                • 5_bgp
                                                                                                                                                                
+
                                                                                                                                                                The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                
+
                                                                                                                                                                yangtse.io/eip-bandwidth-id
                                                                                                                                                                
+
                                                                                                                                                                Mandatory when a shared bandwidth is used
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
+
                                                                                                                                                                ID of an existing bandwidth
                                                                                                                                                                
+
                                                                                                                                                                • If this parameter is not specified, the EIP with a dedicated bandwidth is used by default. For details about how to configure parameters for an EIP with a dedicated bandwidth, see Table 1.
                                                                                                                                                                • Only the yangtse.io/eip-network-type field can be specified concurrently, and this field is optional.
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Using an Existing EIP for a Pod
                                                                                                                                                              If you configure the yangtse.io/eip-id annotation when creating a pod, the EIP will be automatically bound to the pod.
                                                                                                                                                              
+
                                                                                                                                                               
                                                                                                                                                              • After an existing EIP is bound to a pod, CCE will automatically add the cluster ID, namespace, and pod name labels to the EIP.
                                                                                                                                                              • When a pod using an existing EIP is deleted, the EIP will be retained. CCE will automatically delete the labels for the cluster ID, namespace, and pod name that were added when the EIP was bound.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              The following example shows how to create a Deployment named nginx with a single pod with an EIP automatically bound.
                                                                                                                                                              
+
                                                                                                                                                              apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/eip-id: <eip_id> # ID of an existing EIP
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                              
+
+
                                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                              Table 3 Annotations for using an existing EIP
                                                                                                                                                              Annotation
                                                                                                                                                              
+
                                                                                                                                                              Mandatory
                                                                                                                                                              
+
                                                                                                                                                              Description
                                                                                                                                                              
+
                                                                                                                                                              yangtse.io/eip-id
                                                                                                                                                              
+
                                                                                                                                                              Yes
                                                                                                                                                              
+
                                                                                                                                                              EIP ID
                                                                                                                                                              
+
                                                                                                                                                              How to obtain:
                                                                                                                                                              
+
                                                                                                                                                              Log in to the EIP console, click the name of the target EIP in the EIP list, and copy the ID field.
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Checking Whether the EIP Bound to the Pod Is Available
                                                                                                                                                              After an EIP is allocated to a pod, the container networking controller binds the EIP to the pod and writes the allocation result back to the pod's yangtse.io/allocated-ipv4-eip annotation. The startup time of the pod's service containers may be earlier than the time when the EIP allocation result is written back.
                                                                                                                                                              
+
                                                                                                                                                              You can configure an init container for the pod, associate the yangtse.io/allocated-ipv4-eip annotation with the init container through a downwardAPI volume, and check whether the EIP has been allocated in the init container. You can configure the init container as follows:
                                                                                                                                                              
+
                                                                                                                                                              apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+  annotations:
+    yangtse.io/pod-with-eip: "true"  
+    yangtse.io/eip-bandwidth-size: "5" 
+    yangtse.io/eip-network-type: 5_bgp
+    yangtse.io/eip-charge-mode: bandwidth
+    yangtse.io/eip-bandwidth-name: "xxx"
+spec:
+  initContainers:
+  - name: init
+    image: busybox:latest
+    command: ['timeout', '60', 'sh', '-c', "until grep -E '[0-9]+' /etc/eipinfo/allocated-ipv4-eip; do echo waiting for allocated-ipv4-eip; sleep 2; done"]
+    volumeMounts:
+        - name: eipinfo
+          mountPath: /etc/eipinfo
+  volumes:
+    - name: eipinfo
+      downwardAPI:
+        items:
+          - path: "allocated-ipv4-eip"
+            fieldRef:
+              fieldPath: metadata.annotations['yangtse.io/allocated-ipv4-eip']
+...
                                                                                                                                                              
+
                                                                                                                                                              
+
+
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              Parent topic: Cloud Native Network 2.0 Settings
                                                                                                                                                              
+
                                                                                                                                                              
+
                                                                                                                                                              
+
diff --git a/docs/cce/umn/cce_10_0766.html b/docs/cce/umn/cce_10_0766.html
index eca3c0dc..41eccc3a 100644
--- a/docs/cce/umn/cce_10_0766.html
+++ b/docs/cce/umn/cce_10_0766.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                              CCE has resolved this issue by using Volcano Scheduler to evict pods that do not comply with the configured policy so that pods can be rescheduled. In this way, the cluster load is balanced and resource fragmentation is minimized.
                                                                                                                                                              
 
                                                                                                                                                              Features
                                                                                                                                                              Load-aware Descheduling
                                                                                                                                                              
 
                                                                                                                                                              During Kubernetes cluster management, over-utilized nodes are due to high CPU or memory usage, which affects the stable running of pods on these nodes and increases the probability of node faults. To dynamically balance the resource usage between nodes in a cluster, a cluster resource view is required based on node monitoring metrics. During cluster management, real-time monitoring can be used to detect issues such as high resource usage on a node, node faults, and excessive number of pods on a node so that the system can take measures promptly, for example, by migrating some pods from an over-utilized node to under-utilized nodes.
                                                                                                                                                              
-
                                                                                                                                                              Figure 1 Load-aware descheduling
                                                                                                                                                              
+
                                                                                                                                                              Figure 1 Load-aware descheduling
                                                                                                                                                              
 
                                                                                                                                                              When using this add-on, ensure the highThresholds value is greater than the lowThresholds value. Otherwise, the descheduler cannot work.
                                                                                                                                                              
 
                                                                                                                                                              • Appropriately utilized node: a node whose resource usage is greater than or equal to 30% and less than or equal to 80%. The resource usage of appropriately utilized nodes is within the expected range.
                                                                                                                                                              • Over-utilized node: a node whose resource usage is higher than 80%. Some pods will be evicted from over-utilized nodes to reduce its resource usage to be less than or equal to 80%. The descheduler will schedule the evicted pods to under-utilized nodes.
                                                                                                                                                              • Under-utilized node: a node whose resource usage is lower than 30%.
                                                                                                                                                              
 
                                                                                                                                                              HighNodeUtilization
                                                                                                                                                              
@@ -13,7 +13,7 @@
 
                                                                                                                                                              
 
                                                                                                                                                              Prerequisites
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              • Pods need to be rescheduled using a scheduler, and no scheduler can label pods or nodes. Therefore, an evicted pod might be rescheduled to the original node.
                                                                                                                                                              • Descheduling does not support anti-affinity between pods. An evicted pod is in anti-affinity relationship with other running pods. Therefore, the scheduler may still schedule the pod back to the node where the pod was evicted from.
                                                                                                                                                              • When configuring load-aware descheduling, you are required to enable load-aware scheduling on Volcano Scheduler. When configuring HighNodeUtilization, you are required to enable bin packing on Volcano Scheduler.
                                                                                                                                                              
+
                                                                                                                                                              Notes and Constraints
                                                                                                                                                              • Pods need to be rescheduled using a scheduler, and no scheduler can label pods or nodes. Therefore, an evicted pod might be rescheduled to the original node.
                                                                                                                                                              • Descheduling does not support anti-affinity between pods. An evicted pod is in anti-affinity relationship with other running pods. Therefore, the scheduler may still schedule the pod back to the node where the pod was evicted from.
                                                                                                                                                              • When configuring load-aware descheduling, you are required to enable load-aware scheduling on Volcano Scheduler. When configuring HighNodeUtilization, you are required to enable bin packing on Volcano Scheduler.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Configuring a Load-aware Descheduling Policy
                                                                                                                                                              When configuring a load-aware descheduling policy, do as follows to enable load-aware scheduling on Volcano Scheduler:
                                                                                                                                                              
 
                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable load-aware scheduling. 
                                                                                                                                                              2. In the navigation pane, choose Add-ons. Locate Volcano Scheduler on the right and click Install or Edit.
                                                                                                                                                              3. In the Parameters area, modify Advanced Settings to configure the load-aware descheduling policy. The following shows a configuration example for Volcano 1.11.21 or later:
                                                                                                                                                                {
@@ -399,13 +399,13 @@
 
                                                                                                                                                              4. Click OK.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Use Cases
                                                                                                                                                              HighNodeUtilization
                                                                                                                                                              
-
                                                                                                                                                              1. Check the nodes in a cluster. It is found that some nodes are under-utilized.
                                                                                                                                                                
-
                                                                                                                                                              2. Edit the Volcano parameters to enable the descheduler and set the CPU and memory usage thresholds to 25. When the CPU and memory usage of a node is less than 25%, pods on the node will be evicted.
                                                                                                                                                                
-
                                                                                                                                                              3. After the policy takes effect, pods on the node with IP address 192.168.44.152 will be migrated to the node with IP address 192.168.54.65 for minimized resource fragments.
                                                                                                                                                                
+
                                                                                                                                                                1. Check the nodes in a cluster. It is found that some nodes are under-utilized.
                                                                                                                                                                  
+
                                                                                                                                                                2. Edit the Volcano parameters to enable the descheduler and set the CPU and memory usage thresholds to 25. When the CPU and memory usage of a node is less than 25%, pods on the node will be evicted.
                                                                                                                                                                  
+
                                                                                                                                                                3. After the policy takes effect, pods on the node with IP address 192.168.44.152 will be migrated to the node with IP address 192.168.54.65 for minimized resource fragments.
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              Common Issues
                                                                                                                                                              If an input parameter is incorrect, for example, the entered value is beyond the accepted value range or in an incorrect format, an event will be generated. In this case, modify the parameter setting as prompted.
                                                                                                                                                              
-
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0767.html b/docs/cce/umn/cce_10_0767.html
index 88bcb521..2d05410c 100644
--- a/docs/cce/umn/cce_10_0767.html
+++ b/docs/cce/umn/cce_10_0767.html
@@ -12,9 +12,8 @@
 
                                                                                                                                                              
 
                                                                                                                                                              Prerequisites
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Configuring Soft Affinity Scheduling for Volcano Node Pools
                                                                                                                                                              1. Configure labels for affinity scheduling in the node pool.
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab.
                                                                                                                                                                3. Click Update of the target node pool. On the page that is displayed, configure labels in the Kubernetes Label area.
                                                                                                                                                                
-
                                                                                                                                                              2. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, click Install or Edit, and configure Volcano scheduler parameters in the Parameters area.
                                                                                                                                                                {
-    "ca_cert": "",
+
                                                                                                                                                                Configuring Soft Affinity Scheduling for Volcano Node Pools
                                                                                                                                                                1. Configure labels for affinity scheduling in the node pool.
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                  3. Click Update of the target node pool. On the page that is displayed, configure labels in the Kubernetes Label area.
                                                                                                                                                                  
+
                                                                                                                                                                2. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, click Install or Edit, and configure Volcano scheduler parameters in the Parameters area.
                                                                                                                                                                  ...
     "default_scheduler_conf": {
         "actions": "allocate, backfill, preempt",
         "tiers": [
@@ -84,9 +83,7 @@
             }
         ]
     },
-    "server_cert": "",
-    "server_key": ""
-}
                                                                                                                                                                  
+...
                                                                                                                                                                
 
                                                                                                                                                              3. Click OK.
                                                                                                                                                              
 
                                                                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0768.html b/docs/cce/umn/cce_10_0768.html
index 6a9dd0d5..b3a8b759 100644
--- a/docs/cce/umn/cce_10_0768.html
+++ b/docs/cce/umn/cce_10_0768.html
@@ -11,6 +11,10 @@
 
 
                                                                                                                                                            • Node Pool Affinity
                                                                                                                                                              
 
                                                                                                                                                              • 
+
                                                                                                                                                            • Load-aware Scheduling
                                                                                                                                                              
+
                                                                                                                                                              • 
+
                                                                                                                                                            • Configuration Cases for Resource Usage-based Scheduling
                                                                                                                                                              
+
                                                                                                                                                              • 
 
 
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0773.html b/docs/cce/umn/cce_10_0773.html
index 3cae9c49..4397df46 100644
--- a/docs/cce/umn/cce_10_0773.html
+++ b/docs/cce/umn/cce_10_0773.html
@@ -15,7 +15,7 @@
 
                                                                                                                                                              Binpack.weight x (CPU.score + Memory.score + GPU.score)/(CPU.weight + Memory.weight + GPU.weight) x 100
                                                                                                                                                              
 
                                                                                                                                                              A larger bin packing weight leads to a higher score. A larger resource weight leads to a greater influence in the node score. The parameters in the formula for scoring a node are as follows:
                                                                                                                                                              
 
                                                                                                                                                              • Binpack.weight: bin packing weight
                                                                                                                                                              • CPU.score: calculated CPU score; CPU.weight: customized CPU weight
                                                                                                                                                              • Memory.score: calculated memory score; Memory.weight: customized memory weight
                                                                                                                                                              • GPU.score: calculated GPU score; GPU.weight: customized GPU weight
                                                                                                                                                              
-
                                                                                                                                                              Figure 1 Bin packing example
                                                                                                                                                              
+
                                                                                                                                                              Figure 1 Bin packing example
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              As shown in the figure, there are two nodes in the cluster. When pods need to be scheduled, the bin packing policy scores the two nodes separately.
                                                                                                                                                              
 
                                                                                                                                                              1. The scoring for node 1 is as follows:
                                                                                                                                                                Each resource is scored using the following formula: CPU.weight x (Requested + Used)/Allocatable
                                                                                                                                                                
@@ -27,7 +27,7 @@
 
                                                                                                                                                              
 
                                                                                                                                                              The calculation results show that the score of node 2 is greater than that of node 1. According to the bin packing policy, new pods will be preferentially scheduled to node 2.
                                                                                                                                                              
 
                                                                                                                                                              Configuring Bin Packing
                                                                                                                                                              After Volcano is installed, bin packing takes effect by default. If the default configuration cannot meet your requirements, you can customize the weight of bin packing and the weight of each resource on the Scheduling page. To do so, perform the following operations:
                                                                                                                                                              
-
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane and click the Scheduling tab.
                                                                                                                                                              3. In the Resource utilization optimization scheduling area, modify the bin packing settings.
                                                                                                                                                                
+
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                3. In the Resource utilization optimization scheduling area, modify the bin packing settings.
                                                                                                                                                                  
 
                                                                                                                                                                  Table 1 Bin packing weight
                                                                                                                                                                  Item
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Description
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0775.html b/docs/cce/umn/cce_10_0775.html
index 9f34552a..ad710263 100644
--- a/docs/cce/umn/cce_10_0775.html
+++ b/docs/cce/umn/cce_10_0775.html
@@ -26,7 +26,7 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                              
-
                                                                                                                                                              Configuring Priority-based Scheduling Policies
                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane and click the Scheduling tab.
                                                                                                                                                              3. In the Business priority scheduling area, configure priority-based scheduling.
                                                                                                                                                                • Scheduling based on priority: The scheduler preferentially guarantees the running of high-priority pods, but will not evict low-priority pods that are running. Priority-based scheduling is enabled by default and cannot be disabled.
                                                                                                                                                                
+
                                                                                                                                                                Configuring Priority-based Scheduling Policies
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                3. In the Business priority scheduling area, configure priority-based scheduling.
                                                                                                                                                                  • Scheduling based on priority: The scheduler preferentially guarantees the running of high-priority pods, but will not evict low-priority pods that are running. Priority-based scheduling is enabled by default and cannot be disabled.
                                                                                                                                                                  
 
                                                                                                                                                                4. After the configuration, you can use PriorityClasses to schedule the pods of workloads or Volcano jobs based priorities.
                                                                                                                                                                  1. Create one or more PriorityClasses.
                                                                                                                                                                    apiVersion: scheduling.k8s.io/v1
 kind: PriorityClass
 metadata:
diff --git a/docs/cce/umn/cce_10_0777.html b/docs/cce/umn/cce_10_0777.html
index 4c4c5bce..9a68e655 100644
--- a/docs/cce/umn/cce_10_0777.html
+++ b/docs/cce/umn/cce_10_0777.html
@@ -12,9 +12,9 @@
 
                                                                                                                                                                    Share = Total requested resources/Cluster resources
                                                                                                                                                                    
 
                                                                                                                                                                    If a job involves multiple resources, the resource with the largest share value is the dominant resource. The share value of the dominant resource will be used in priority-based scheduling.
                                                                                                                                                                    
 
                                                                                                                                                                    For example, there are two workloads, job 1 and job 2. The following figure shows the resources requested by the two jobs. After DRF calculation, the dominant resource of job 1 is memory, and its share value is 0.4; the dominant resource of job 2 is CPU, and its share value is 0.5. Since the dominant resource share of job 1 is less than that of job 2, job 1 takes precedence over job 2 in scheduling according to the max-min fairness policy.
                                                                                                                                                                    
-
                                                                                                                                                                    Figure 1 DRF scheduling
                                                                                                                                                                    
+
                                                                                                                                                                    Figure 1 DRF scheduling
                                                                                                                                                                    
 
                                                                                                                                                                    Configuring DRF
                                                                                                                                                                    After Volcano is installed, you can enable or disable DRF scheduling on the Scheduling page. This function is enabled by default.
                                                                                                                                                                    
-
                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                    2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane and click the Scheduling tab.
                                                                                                                                                                    3. In the AI task performance enhanced scheduling pane, select whether to enable DRF.
                                                                                                                                                                      This function helps you enhance the service throughput of the cluster and improve service running performance.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                      2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                      3. In the AI task performance enhanced scheduling pane, select whether to enable DRF.
                                                                                                                                                                        This function helps you enhance the service throughput of the cluster and improve service running performance.
                                                                                                                                                                        
 
                                                                                                                                                                      4. Click Confirm.
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0778.html b/docs/cce/umn/cce_10_0778.html
index 99d061bb..616752af 100644
--- a/docs/cce/umn/cce_10_0778.html
+++ b/docs/cce/umn/cce_10_0778.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                Gang
                                                                                                                                                                
-
                                                                                                                                                                Gang scheduling is a scheduling algorithm that schedules correlated processes or threads to run simultaneously on different processors. It meets the scheduling requirements of "All or nothing" in the scheduling process and avoids the waste of cluster resources caused by arbitrary scheduling of pods. Gang is mainly used in scenarios that require multi-process collaboration, such as AI and big data scenarios. Gang scheduling effectively resolves pain points such as deadlocks in distributed training jobs, thereby significantly improving the utilization of cluster resources.
                                                                                                                                                                
+
                                                                                                                                                                Gang scheduling is a scheduling algorithm that schedules correlated processes or threads to run simultaneously on different processors. It meets the scheduling requirements of "All or nothing" in the scheduling process and avoids the waste of cluster resources caused by arbitrary scheduling of pods. Gang is mainly used in scenarios that require multi-process collaboration, such as AI and big data scenarios. Gang scheduling effectively resolves pain points such as resource waiting or deadlocks in distributed training jobs, thereby significantly improving the utilization of cluster resources.
                                                                                                                                                                
 
                                                                                                                                                                Prerequisites
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                How It Works
                                                                                                                                                                The Gang scheduling policy is one of the core scheduling algorithms of Volcano. It meets the scheduling requirements of "All or nothing" in the scheduling process and avoids the waste of cluster resources caused by arbitrary scheduling of pods. The Gang scheduler algorithm checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.
                                                                                                                                                                
 
                                                                                                                                                                The Gang scheduling algorithm based on container groups is well suitable for scenarios where multi-process collaboration is required. AI scenarios typically involve complex processes. Data ingestion, data analysts, data splitting, trainers, serving, and logging which require a group of containers to work together are suitable for container-based Gang scheduling. Multi-thread parallel computing communication scenarios under MPI computing framework are also suitable for Gang scheduling because master and slave processes need to work together. Containers in a pod group are highly correlated, and there may be resource contention. The overall scheduling allocation can effectively resolve deadlocks. If cluster resources are insufficient, Gang scheduling can significantly improve the utilization of cluster resources.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Configuring Gang
                                                                                                                                                                After Volcano is installed, you can enable or disable Gang scheduling on the Scheduling page. This function is enabled by default.
                                                                                                                                                                
-
                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane and click the Scheduling tab.
                                                                                                                                                                3. In the AI task performance enhanced scheduling pane, select whether to enable Gang.
                                                                                                                                                                  This function helps you enhance the service throughput of the cluster and improve service running performance.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                  3. In the AI task performance enhanced scheduling pane, select whether to enable Gang.
                                                                                                                                                                    This function helps you enhance the service throughput of the cluster and improve service running performance.
                                                                                                                                                                    
 
                                                                                                                                                                  4. Click Confirm.
                                                                                                                                                                  5. After the configuration, use Gang scheduling in workloads or Volcano jobs.
                                                                                                                                                                    • Create a workload using Gang scheduling.
                                                                                                                                                                      1. Create a pod group and specify minMember and minResources as follows:
                                                                                                                                                                        apiVersion: scheduling.volcano.sh/v1beta1
 kind: PodGroup
 metadata:
diff --git a/docs/cce/umn/cce_10_0789.html b/docs/cce/umn/cce_10_0789.html
new file mode 100644
index 00000000..b617d580
--- /dev/null
+++ b/docs/cce/umn/cce_10_0789.html
@@ -0,0 +1,135 @@
+
+
+
                                                                                                                                                                        Load-aware Scheduling
                                                                                                                                                                        
+
                                                                                                                                                                        Volcano Scheduler offers CPU and memory load-aware scheduling for pods and preferentially schedules pods to the node with the lightest load to balance node loads. This prevents an application or node failure due to heavy loads on a single node.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Features
                                                                                                                                                                        The native Kubernetes scheduler schedules resources only based on requested resources. However, the actual resource usage of a pod differs greatly from the requested or limited value of the requested resources, which is the cause of cluster load imbalancing.
                                                                                                                                                                        
+
                                                                                                                                                                        1. The actual resource usage of certain nodes in a cluster is far lower than the resource allocation rate, but no more pods are scheduled onto the nodes, leading to resource waste.
                                                                                                                                                                        2. Certain nodes in a cluster have been overloaded, but this could not been detected by the scheduler. This may greatly affect service stability.
                                                                                                                                                                        
+
                                                                                                                                                                        Volcano resolves the preceding issues based on actual loads. If there are plenty of resources, pods are preferentially scheduled to nodes with the lightest load to balance the load on each node in the cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        The status, workload traffic, and requests of a cluster change dynamically, and the resource usage of nodes changes in real time. To prevent extreme load imbalance in a cluster after pod scheduling, Volcano provides load-aware hotspot descheduling for the optimal load balancing of cluster nodes. For details about hotspot descheduling, see Descheduling.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        How It Works
                                                                                                                                                                        Load-aware scheduling is implemented using both Volcano and the CCE cloud native monitoring add-on (kube-prometheus-stack). After load-aware scheduling is enabled, metrics such as CPU and memory loads are defined by following Prometheus adapter rules. Then, the kube-prometheus-stack add-on collects and saves the actual CPU and memory loads of each node based on the defined metric rules. Volcano scores and sorts nodes based on the metric values provided by the kube-prometheus-stack add-on and preferentially schedules pods to the node with the lightest load.
                                                                                                                                                                        
+
                                                                                                                                                                        Load-aware scheduling scores each node using the weighted average of the CPU and memory metrics as well as the load-aware scheduling policy and preferentially selects the node with the highest score for scheduling. You can customize the weights of the CPU, memory, and load-aware scheduling policy on the Scheduling tab by choosing Settings in the navigation pane of the target cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        The formula for scoring a node is as follows: Weight of the load-aware scheduling policy x [(1 - CPU usage) x CPU weight + (1 - Memory usage) x Memory weight]/(CPU weight + Memory weight)
                                                                                                                                                                        
+
                                                                                                                                                                        • CPU usage: average CPU usage of all nodes in the target cluster in the last 10 minutes (The collection frequency can be modified in the Prometheus adapter rule.)
                                                                                                                                                                        • Memory usage: average memory usage of all nodes in the target cluster in the last 10 minutes
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Configuring Load-aware Scheduling
                                                                                                                                                                        1. Obtain resource metrics by calling the metrics API and add custom metric collection rules.
                                                                                                                                                                          After the kube-prometheus-stack add-on is installed, enable the function of automatically obtaining resource metrics through the metrics API. For details, see Providing Resource Metrics Through the Metrics API.
                                                                                                                                                                          
+
                                                                                                                                                                          Add custom metric collection rules. For details, see Creating an HPA Policy Using Custom Metrics. In the following example rules, the rules in red are new ones and those in black are existing ones:
                                                                                                                                                                          rules:
+  - seriesQuery: '{__name__=~"node_cpu_seconds_total"}'
+    resources:
+      overrides:
+        instance:
+          resource: node
+    name:
+      matches: node_cpu_seconds_total
+      as: node_cpu_usage_avg
+    metricsQuery: avg_over_time((1 - avg (irate(<<.Series>>{mode="idle"}[5m])) by (instance))[10m:30s])
+  - seriesQuery: '{__name__=~"node_memory_MemTotal_bytes"}'
+    resources:
+      overrides:
+        instance:
+          resource: node
+    name:
+      matches: node_memory_MemTotal_bytes
+      as: node_memory_usage_avg
+    metricsQuery: avg_over_time(((1-node_memory_MemAvailable_bytes/<<.Series>>))[10m:30s])
+resourceRules:
+  cpu:
+    containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[1m])) by (<<.GroupBy>>)
+    nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[1m])) by (<<.GroupBy>>)
+    resources:
+      overrides:
+        instance:
+          resource: node
+        namespace:
+          resource: namespace
+        pod:
+          resource: pod
+    containerLabel: container
+  memory:
+    containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""}) by (<<.GroupBy>>)
+    nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>)
+    resources:
+      overrides:
+        instance:
+          resource: node
+        namespace:
+          resource: namespace
+        pod:
+          resource: pod
+    containerLabel: container
+  window: 1m
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          • Rules for collecting the average CPU usage
                                                                                                                                                                            • node_cpu_usage_avg: average CPU usage of nodes. The name of this metric cannot be changed.
                                                                                                                                                                            • metricsQuery: avg_over_time((1 - avg (irate(<<.Series>>{mode="idle"}[5m])) by (instance))[10m:30s]): statement for obtaining nodes' average CPU usage.
                                                                                                                                                                              metricsQuery indicates to obtain the average CPU usage of all nodes in the target cluster in the last 10 minutes. To change the period, for example, to the last 5 or 30 minutes, change 10m in red to 5m or 30m.
                                                                                                                                                                              
+
                                                                                                                                                                            
+
                                                                                                                                                                          • Rules for collecting the average memory usage
                                                                                                                                                                            • node_memory_usage_avg: average memory usage of nodes. The name of this metric cannot be changed.
                                                                                                                                                                            • metricsQuery: avg_over_time(((1-node_memory_MemAvailable_bytes/<<.Series>>))[10m:30s]): statement for obtaining nodes' average memory usage.
                                                                                                                                                                              metricsQuery indicates to obtain the average memory usage of all nodes in the target cluster in the last 10 minutes. To change the period, for example, to the last 5 or 30 minutes, change 10m in red to 5m or 30m.
                                                                                                                                                                              
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                        2. Enable load-aware scheduling.
                                                                                                                                                                          After Volcano is installed, you can enable or disable load-aware scheduling on the Scheduling page by choose Settings in the navigation pane. This function is disabled by default.
                                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                                          2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                          3. In the Resource utilization optimization scheduling area, modify the load-aware scheduling settings.
                                                                                                                                                                             
                                                                                                                                                                            For optimal load-aware scheduling, disable bin packing because this policy preferentially schedules pods to the node with the maximal resources allocated based on pods' requested resources. This affects load-aware scheduling to some extent. For details about the combination of multiple policies, see Configuration Cases for Resource Usage-based Scheduling.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
+
                                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                            Parameter
                                                                                                                                                                            
+
                                                                                                                                                                            Description
                                                                                                                                                                            
+
                                                                                                                                                                            Default Value
                                                                                                                                                                            
+
                                                                                                                                                                            Load-Aware Scheduling Policy Weight
                                                                                                                                                                            
+
                                                                                                                                                                            A larger value indicates a higher weight of the load-aware policy in overall scheduling.
                                                                                                                                                                            
+
                                                                                                                                                                            5
                                                                                                                                                                            
+
                                                                                                                                                                            CPU Weight
                                                                                                                                                                            
+
                                                                                                                                                                            A larger value indicates CPU resources will be preferentially balanced.
                                                                                                                                                                            
+
                                                                                                                                                                            1
                                                                                                                                                                            
+
                                                                                                                                                                            Memory Weight
                                                                                                                                                                            
+
                                                                                                                                                                            A larger value indicates memory resources will be preferentially balanced.
                                                                                                                                                                            
+
                                                                                                                                                                            1
                                                                                                                                                                            
+
                                                                                                                                                                            Actual load threshold effective mode
                                                                                                                                                                            
+
                                                                                                                                                                            • Soft constraint: When the actual CPU or memory load of a node reaches the threshold, new tasks will be preferentially allocated to underutilized nodes, but this node can still be scheduled.
                                                                                                                                                                            • Hard constraint: When the actual CPU or memory load of a node reaches the threshold, no new tasks can be scheduled to this node.
                                                                                                                                                                            
+
                                                                                                                                                                            Hard constraint
                                                                                                                                                                            
+
                                                                                                                                                                            Actual CPU Load Threshold
                                                                                                                                                                            
+
                                                                                                                                                                            When a node's CPU usage goes beyond this threshold, pods will be preferentially or forcibly scheduled to other nodes based on how the load threshold takes effect.
                                                                                                                                                                            
+
                                                                                                                                                                            80
                                                                                                                                                                            
+
                                                                                                                                                                            Actual Memory Load Threshold
                                                                                                                                                                            
+
                                                                                                                                                                            When a node's memory usage goes beyond this threshold, pods will be preferentially or forcibly scheduled to other nodes based on how the load threshold takes effect.
                                                                                                                                                                            
+
                                                                                                                                                                            80
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Resource Usage-based Scheduling
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0811.html b/docs/cce/umn/cce_10_0811.html
index fb6606c3..f7a12cf5 100644
--- a/docs/cce/umn/cce_10_0811.html
+++ b/docs/cce/umn/cce_10_0811.html
@@ -4,6 +4,8 @@
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0813.html b/docs/cce/umn/cce_10_0813.html
new file mode 100644
index 00000000..4e5aea2e
--- /dev/null
+++ b/docs/cce/umn/cce_10_0813.html
@@ -0,0 +1,134 @@
+
+
+
                                                                                                                                                                        Configuration Cases for Resource Usage-based Scheduling
                                                                                                                                                                        
+
                                                                                                                                                                        Overview
                                                                                                                                                                        Volcano scheduling involves node filtering and scoring, which is used to filter the nodes meeting scheduling conditions and score the filtered nodes to find the one with the highest score for scheduling. Volcano provides multiple scheduling policies for node scoring. The weight of each scheduling policy can be adjusted based on service scenarios to enhance or reduce the impact of the policy on node scoring.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Scheduling Policies for Node Scoring
                                                                                                                                                                        The following table lists the scheduling policies supported by Volcano for node scoring.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Scheduling Policy
                                                                                                                                                                        
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Reference
                                                                                                                                                                        
+
                                                                                                                                                                        Bin packing
                                                                                                                                                                        
+
                                                                                                                                                                        binpack.weight
                                                                                                                                                                        
+
                                                                                                                                                                        After this function is enabled, the parameter defaults to 10.
                                                                                                                                                                        
+
                                                                                                                                                                        Bin Packing
                                                                                                                                                                        
+
                                                                                                                                                                        kube-scheduler node sorting (nodeorder)
                                                                                                                                                                        
+
                                                                                                                                                                        nodeaffinity.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled based on node affinity. The parameter defaults to 2.
                                                                                                                                                                        
+
                                                                                                                                                                        By default, this function is enabled.
                                                                                                                                                                        
+
                                                                                                                                                                        podaffinity.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled based on pod affinity. The parameter defaults to 2.
                                                                                                                                                                        
+
                                                                                                                                                                        leastrequested.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled to the node with the least requested resources. The parameter defaults to 1.
                                                                                                                                                                        
+
                                                                                                                                                                        balancedresource.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled to the node with balanced resource allocation. The parameter defaults to 1.
                                                                                                                                                                        
+
                                                                                                                                                                        mostrequested.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled to the node with the most requested resources. The parameter defaults to 0.
                                                                                                                                                                        
+
                                                                                                                                                                        tainttoleration.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled to the node with a high taint tolerance. The parameter defaults to 3.
                                                                                                                                                                        
+
                                                                                                                                                                        imagelocality.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled to the node where the required images exist. The parameter defaults to 1.
                                                                                                                                                                        
+
                                                                                                                                                                        selectorspread.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are evenly scheduled to different nodes. The parameter defaults to 0.
                                                                                                                                                                        
+
                                                                                                                                                                        podtopologyspread.weight
                                                                                                                                                                        
+
                                                                                                                                                                        Pods are scheduled based on the pod topology. The parameter defaults to 2.
                                                                                                                                                                        
+
                                                                                                                                                                        NUMA affinity scheduling (numa-aware)
                                                                                                                                                                        
+
                                                                                                                                                                        weight
                                                                                                                                                                        
+
                                                                                                                                                                        After this function is enabled, the parameter defaults to 1.
                                                                                                                                                                        
+
                                                                                                                                                                        NUMA Affinity Scheduling
                                                                                                                                                                        
+
                                                                                                                                                                        Load-aware scheduling (usage)
                                                                                                                                                                        
+
                                                                                                                                                                        weight
                                                                                                                                                                        
+
                                                                                                                                                                        After this function is enabled, the parameter defaults to 5.
                                                                                                                                                                        
+
                                                                                                                                                                        Load-aware Scheduling
                                                                                                                                                                        
+
                                                                                                                                                                        Node pool affinity scheduling (nodepoolaffinity)
                                                                                                                                                                        
+
                                                                                                                                                                        nodepoolaffinity.weight
                                                                                                                                                                        
+
                                                                                                                                                                        After this function is enabled, the parameter defaults to 10000.
                                                                                                                                                                        
+
                                                                                                                                                                        Node Pool Affinity
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        How Can I Improve Cluster Resource Utilization by Reducing Node Resource Fragments?
                                                                                                                                                                        There are both heavy- and low-resource jobs running in a cluster. It is hoped that the low-resource job preferentially uses resource fragments on each node so that idle nodes can be allocated to the high-resource job. This prevents job scheduling failures caused by insufficient node resources.
                                                                                                                                                                        
+
                                                                                                                                                                        To resolve the preceding issue, enable bin packing and use the default policy weight 10. For details, see Bin Packing.
                                                                                                                                                                        
+
                                                                                                                                                                        Recommended configurations:
                                                                                                                                                                        
+
                                                                                                                                                                        • To preferentially reduce CPU fragments in the cluster, increase the CPU weight to 5 and retain the memory weight to 1 in the bin packing policy.
                                                                                                                                                                        • To preferentially reduce memory fragments in the cluster, increase the memory weight to 5 and retain the CPU weight to 1 in the bin packing policy.
                                                                                                                                                                        • To preferentially reduce GPU fragments in the cluster, customize the GPU resource type, set the GPU weight to 10, and retain both the CPU weight and memory weight to 1 in the bin packing policy.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        How Can I Balance the Actual CPU and Memory Loads on Nodes?
                                                                                                                                                                        When a workload is running, the CPU and memory resources used may differ greatly from what was initially requested. To avoid any issues caused by overloading a single node, it is hoped that the scheduler preferentially schedules pods to the nodes with lighter loads based on nodes' CPU and memory usage in the cluster. This balances loads between nodes and ensures the stability of both applications and nodes.
                                                                                                                                                                        
+
                                                                                                                                                                        Configuration case 1
                                                                                                                                                                        
+
                                                                                                                                                                        1. Enable load-aware scheduling and use the default policy weight 5. For details, see Load-aware Scheduling.
                                                                                                                                                                        2. Disable bin packing. For details, see Bin Packing.
                                                                                                                                                                        
+
                                                                                                                                                                        Recommended configurations:
                                                                                                                                                                        
+
                                                                                                                                                                        • To preferentially balance the CPU load of each node, increase the CPU weight of the policy to 5 and retain the memory weight to 1.
                                                                                                                                                                        • To preferentially balance the memory load of each node, increase the memory weight of the policy to 5 and retain the CPU weight to 1.
                                                                                                                                                                        • To use bot the CPU and memory usage and the CPU and memory thresholds, do as follows:
                                                                                                                                                                          • Hard constraints:
                                                                                                                                                                            • After the CPU usage of a node exceeds its CPU threshold, do not schedule new loads to the node.
                                                                                                                                                                            • After the memory usage of a node exceeds its memory threshold, do not schedule new loads to the node.
                                                                                                                                                                            
+
                                                                                                                                                                          • Soft constraints:
                                                                                                                                                                            • After the CPU usage of a node exceeds its CPU threshold, do not schedule new loads to the node as far as possible.
                                                                                                                                                                            • After the memory usage of a node exceeds its memory threshold, do not schedule new loads to the node as far as possible.
                                                                                                                                                                            
+
                                                                                                                                                                          • To balance the load of each node in a cluster while maximizing the cluster resource utilization, enable soft constraints for the CPU and memory thresholds and use the default value 80 for both the CPU and memory thresholds.
                                                                                                                                                                          • To ensure workload stability and reduce the CPU and memory usage of heavy-load nodes, enable hard constraints for the CPU and memory thresholds and set the CPU and memory thresholds a value ranging from 60 to 80.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        Configuration case 2
                                                                                                                                                                        
+
                                                                                                                                                                        The status, workload traffic, and requests of a cluster change dynamically, and the resource usage of nodes changes in real time. Node imbalancing may recur after pod scheduling. Use both load-aware scheduling and descheduling for the optimal load balancing of cluster nodes. For details about hotspot descheduling, see Descheduling.
                                                                                                                                                                        
+
                                                                                                                                                                        1. Enable load-aware scheduling and use the default policy weight 5. For details, see Load-aware Scheduling.
                                                                                                                                                                        2. Enable descheduling and configure the load-aware descheduling policy. For details, see Descheduling.
                                                                                                                                                                        3. Disable bin packing. For details, see Bin Packing.
                                                                                                                                                                        
+
                                                                                                                                                                        Recommended configurations:
                                                                                                                                                                        
+
                                                                                                                                                                        • Configure the load-aware descheduling policy as follows:
                                                                                                                                                                          • targetThreshold for evicting pods from heavy-load nodes: Set the CPU threshold to 75 and memory threshold to 70.
                                                                                                                                                                          • thresholds for accepting pods on light-load nodes: Set both the CPU and memory thresholds to 30.
                                                                                                                                                                          
+
                                                                                                                                                                        • Ensure the actual CPU or memory threshold is between the CPU or memory threshold of the heaviest-load node and that of the lightest-load node.
                                                                                                                                                                          • Actual CPU threshold: 65
                                                                                                                                                                          • Actual memory threshold: 60
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Resource Usage-based Scheduling
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0831.html b/docs/cce/umn/cce_10_0831.html
new file mode 100644
index 00000000..5e25c952
--- /dev/null
+++ b/docs/cce/umn/cce_10_0831.html
@@ -0,0 +1,79 @@
+
+
+
                                                                                                                                                                        Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service
                                                                                                                                                                        
+
                                                                                                                                                                        When using a LoadBalancer Service, you can configure a trustlist or blocklist to specify the IP addresses that are allowed or denied to access a load balancer listener.
                                                                                                                                                                        
+
                                                                                                                                                                        • Trustlist: Only the IP addresses in the list can access the listener.
                                                                                                                                                                        • Blocklist: The IP addresses in the list are not allowed to access the listener.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.12-r0 or later
                                                                                                                                                                          • v1.25: v1.25.7-r0 or later
                                                                                                                                                                          • v1.27: v1.27.4-r0 or later
                                                                                                                                                                          • v1.28: v1.28.2-r0 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
+
                                                                                                                                                                        • An IP address group has been created on the ELB console. For details, see .
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Services tab, and click Create Service in the upper right corner.
                                                                                                                                                                        3. Configure Service parameters.
                                                                                                                                                                          • Service Name: Enter a service name, for example, service-acl.
                                                                                                                                                                          • Service Type: Select LoadBalancer.
                                                                                                                                                                          • Service Affinity: Select cluster level or node level as needed. For details about the differences, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                          • Load Balancer
                                                                                                                                                                            Select a load balancer to be accessed. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console. Alternatively, select Auto create to create a load balancer. For details about parameter settings, see Table 1.
                                                                                                                                                                            
+
                                                                                                                                                                          • Health Check: defaults to Global health check. You can configure this parameter as needed.
                                                                                                                                                                          • Ports
                                                                                                                                                                            • Protocol: protocol used by the Service.
                                                                                                                                                                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                            
+
                                                                                                                                                                          • Access Control
                                                                                                                                                                            • Allow all IP addresses: No access control is configured.
                                                                                                                                                                            • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                            • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        An example YAML file of a Service created using an existing load balancer is as follows:
                                                                                                                                                                        apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                    # Load balancer ID. Replace it with the actual value.
+    kubernetes.io/elb.class: performance                   # Load balancer type
+    kubernetes.io/elb.acl-id: <your_acl_id>               # ID of an IP address group for accessing a load balancer
+    kubernetes.io/elb.acl-status: 'on'                  # Enable access control.
+    kubernetes.io/elb.acl-type: 'white'                   # Trustlist for access control
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Annotations for ELB access control
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.acl-id
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                          How to obtain:
                                                                                                                                                                          
+
                                                                                                                                                                          Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.acl-status
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • on: Access control is enabled.
                                                                                                                                                                        • off: Access control is disabled.
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.acl-type
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                                                        • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: LoadBalancer
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0832.html b/docs/cce/umn/cce_10_0832.html
new file mode 100644
index 00000000..a9f248e6
--- /dev/null
+++ b/docs/cce/umn/cce_10_0832.html
@@ -0,0 +1,84 @@
+
+
+
                                                                                                                                                                        Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress
                                                                                                                                                                        
+
                                                                                                                                                                        You can add IP addresses to a trustlist or blocklist to control access to a listener of a LoadBalancer ingress.
                                                                                                                                                                        
+
                                                                                                                                                                        • Trustlist: Only the IP addresses in the list can access the listener.
                                                                                                                                                                        • Blocklist: The IP addresses in the list are not allowed to access the listener.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.12-r0 or later
                                                                                                                                                                          • v1.25: v1.25.7-r0 or later
                                                                                                                                                                          • v1.27: v1.27.4-r0 or later
                                                                                                                                                                          • v1.28: v1.28.2-r0 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
+
                                                                                                                                                                        • An IP address group has been created on the ELB console. For details, see .
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                        3. Configure access control parameters for the ingress.
                                                                                                                                                                          • Allow all IP addresses: No access control is configured.
                                                                                                                                                                          • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                          • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          For details about how to configure other parameters, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                        apiVersion: networking.k8s.io/v1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.id: <your_elb_id>                    # Load balancer ID. Replace it with the actual value.
+    kubernetes.io/elb.class: performance                   # Load balancer type
+    kubernetes.io/elb.port: '80'                           # External port of the load balancer listener
+    kubernetes.io/elb.acl-id: <your_acl_id>               # ID of an IP address group for accessing a load balancer
+    kubernetes.io/elb.acl-status: 'on'                  # Enable access control.
+    kubernetes.io/elb.acl-type: 'white'                   # Trustlist for access control
+spec:
+  rules: 
+  - host: ''
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 8080             # Replace 8080 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+  ingressClassName: cce      
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Annotations for ELB access control
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.acl-id
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                        • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                        • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                          How to obtain:
                                                                                                                                                                          
+
                                                                                                                                                                          Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.acl-status
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • on: Access control is enabled.
                                                                                                                                                                        • off: Access control is disabled.
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.acl-type
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                                                        • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: LoadBalancer Ingresses
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0839.html b/docs/cce/umn/cce_10_0839.html
new file mode 100644
index 00000000..ae8d1162
--- /dev/null
+++ b/docs/cce/umn/cce_10_0839.html
@@ -0,0 +1,141 @@
+
+
+
                                                                                                                                                                        (Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
                                                                                                                                                                        
+
                                                                                                                                                                        When an SFS Turbo volume is mounted to a workload container, the root directory is mounted to the container by default. However, the minimum capacity of an SFS Turbo volume is 500 GiB, which exceeds the capacity required by most workloads, leading to a waste of storage resources. To properly use the storage capacity, CCE allows you to dynamically create an SFS Turbo subdirectory when creating a PVC so that different workloads can share one SFS Turbo volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • You have created a cluster and installed the CCE Container Storage (Everest) add-on of v2.3.23 or later in the cluster.
                                                                                                                                                                        • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Dynamically Creating an SFS Turbo Subdirectory on the Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          PVC Type
                                                                                                                                                                          
+
                                                                                                                                                                          In this example, select SFS Turbo.
                                                                                                                                                                          
+
                                                                                                                                                                          PVC Name
                                                                                                                                                                          
+
                                                                                                                                                                          Enter the PVC name, which must be unique in a namespace.
                                                                                                                                                                          
+
                                                                                                                                                                          Creation Method
                                                                                                                                                                          
+
                                                                                                                                                                          Select New subdirectory.
                                                                                                                                                                          
+
                                                                                                                                                                          Storage Classes
                                                                                                                                                                          
+
                                                                                                                                                                          Choose csi-sfsturbo.
                                                                                                                                                                          
+
                                                                                                                                                                          Access Mode
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo
                                                                                                                                                                          
+
                                                                                                                                                                          Click Select SFS Turbo. On the displayed page, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                                                          
+
                                                                                                                                                                          Subdirectory
                                                                                                                                                                          
+
                                                                                                                                                                          Enter the absolute path of a subdirectory, for example, /a/b.
                                                                                                                                                                          
+
                                                                                                                                                                          Subdirectory Reclaim Policy
                                                                                                                                                                          
+
                                                                                                                                                                          Whether to retain subdirectories when a PVC is deleted.
                                                                                                                                                                          
+
                                                                                                                                                                          • Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                                          • Delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        3. Click Create to create a PVC and a PV.
                                                                                                                                                                          You can choose Storage in the navigation pane and view the created PVC and PV on the PVCs and PVs tab pages, respectively.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Dynamically Creating an SFS Turbo Subdirectory Using kubectl
                                                                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                                                                        2. Create the pvc-sfsturbo-subpath.yaml file.
                                                                                                                                                                          apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-sfsturbo-subpath    # PVC name
+  namespace: default
+  annotations:
+    everest.io/volume-as: absolute-path                # An SFS Turbo subdirectory is used.
+    everest.io/sfsturbo-share-id: <sfsturbo_id>        # SFS Turbo ID
+    everest.io/path: /a                                # Subdirectory that is automatically created, which must be an absolute path
+    everest.io/reclaim-policy: retain-volume-only      # When a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
+spec:
+  accessModes:
+    - ReadWriteMany      # ReadWriteMany must be selected for SFS Turbo.
+  resources:
+    requests:
+      storage: 10Gi      # This parameter is only used for verification for the PVCs of the SFS Turbo subdirectory type. The value cannot be empty or 0.
+  storageClassName: csi-sfsturbo     # Storage class name of the SFS Turbo file system
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/volume-as
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/sfsturbo-share-id
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          SFS Turbo ID
                                                                                                                                                                          
+
                                                                                                                                                                          How to obtain: Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS Turbo file system. On the details page, copy the content following ID.
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/path
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          Subdirectory that is automatically created, which must be an absolute path.
                                                                                                                                                                          
+
                                                                                                                                                                          everest.io/reclaim-policy
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                                                                          
+
                                                                                                                                                                          • retain-volume-only: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                                          • delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          storage
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Requested capacity in the PVC, in Gi.
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter is only used for verification for the PVCs of the SFS Turbo subdirectory type. The value cannot be empty or 0, and can be fixed at 10 because any value you set does not take effect.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        3. Run the following command to create a PVC:
                                                                                                                                                                          kubectl apply -f pvc-sfsturbo-subpath.yaml
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: SFS Turbo
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0841.html b/docs/cce/umn/cce_10_0841.html
new file mode 100644
index 00000000..cfb1f41c
--- /dev/null
+++ b/docs/cce/umn/cce_10_0841.html
@@ -0,0 +1,93 @@
+
+
+
                                                                                                                                                                        Configuring SNI for a LoadBalancer Service
                                                                                                                                                                        
+
                                                                                                                                                                        An SNI certificate is an extended server certificate that allows the same IP address and port number to provide multiple access domain names for external systems. Different security certificates can be used based on the domain names requested by clients to ensure HTTPS communication security.
                                                                                                                                                                        
+
                                                                                                                                                                        When configuring SNI, you need to add a certificate associated with a domain name. The client submits the requested domain name information when initiating an SSL handshake request. After receiving the SSL request, the load balancer searches for the certificate based on the domain name. If the certificate is found, the load balancer will return it to the client. If the certificate is not found, the load balancer will return the default server certificate.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        After SNI is configured, if you delete the SNI configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.13-r0 or later
                                                                                                                                                                          • v1.25: v1.25.8-r0 or later
                                                                                                                                                                          • v1.27: v1.27.5-r0 or later
                                                                                                                                                                          • v1.28: v1.28.3-r0 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        • You have created one or more SNI certificates in ELB and specified a domain name in these certificates. 
                                                                                                                                                                        • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                        3. Configure Service parameters. In this example, only mandatory parameters required for using SNI are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                          • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                          • Service Type: Select LoadBalancer.
                                                                                                                                                                          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                          • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                            • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                            • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                            
+
                                                                                                                                                                          • Ports
                                                                                                                                                                            • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                            • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use SNI. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                            
+
                                                                                                                                                                          • Listener
                                                                                                                                                                            • SSL Authentication: Select this option if HTTPS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                              • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                              • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                              
+
                                                                                                                                                                            • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                            • Server Certificate: Select a server certificate as the default certificate. 
                                                                                                                                                                            • SNI: Add an SNI certificate containing a domain name. 
                                                                                                                                                                              If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                              
+
                                                                                                                                                                            • Security Policy: If HTTPS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                            • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        This section uses an existing load balancer as an example. An example YAML file of a SNI-compliant Service is as follows:
                                                                                                                                                                        apiVersion: v1
+kind: Service
+metadata:
+  name: test
+  labels:
+    app: test
+  namespace: default
+  annotations:
+    kubernetes.io/elb.class: performance        # Load balancer type
+    kubernetes.io/elb.id: 65318265-4f01-4541-a654-fa74e439dfd3  # ID of an existing load balancer
+    kubernetes.io/elb.protocol-port: https:80    # Port where SNI is to be enabled
+    kubernetes.io/elb.cert-id: b64ab636f1614e1a960b5249c497a880    # HTTPS server certificate
+    kubernetes.io/elb.tls-certificate-ids: 5196aa70b0f143189e4cb54991ba2286,8125d71fcc124aabbe007610cba42d60    # SNI certificate IDs
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
+spec:
+  selector:
+    app: test
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: cce-service-0
+      targetPort: 80
+      nodePort: 0
+      port: 80
+      protocol: TCP
+  type: LoadBalancer
+  loadBalancerIP: **.**.**.**       #  Private IP address of the load balancer
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.protocol-port
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        If a Service is HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port".
                                                                                                                                                                        
+
                                                                                                                                                                        where,
                                                                                                                                                                        
+
                                                                                                                                                                        • protocol: specifies the protocol used by the listener port. The value can be http or https.
                                                                                                                                                                        • ports: Service ports specified by spec.ports[].port.
                                                                                                                                                                        
+
                                                                                                                                                                        For example, to use SNI, the Service protocol must be https and the Service port must be 80. Therefore, the parameter value is https:80.
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.cert-id
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        ID of an ELB certificate, which is used as the HTTPS server certificate.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        In ELB, the IDs of SNI certificates that must contain a domain name are separated by commas (,).
                                                                                                                                                                        
+
                                                                                                                                                                        If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: LoadBalancer
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0842.html b/docs/cce/umn/cce_10_0842.html
new file mode 100644
index 00000000..3bee781e
--- /dev/null
+++ b/docs/cce/umn/cce_10_0842.html
@@ -0,0 +1,96 @@
+
+
+
                                                                                                                                                                        Configuring HTTP/2 for a LoadBalancer Service
                                                                                                                                                                        
+
                                                                                                                                                                        Services can be exposed via HTTP/2. By default, HTTP/1.x is used between clients and load balancers. HTTP/2 can improve access performance between clients and load balancers, but HTTP/1.x is still used between load balancers and backend servers.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        • An HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                                                        • After HTTP/2 is configured, if you delete the advanced configuration for enabling HTTP/2 on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.13-r0 or later
                                                                                                                                                                          • v1.25: v1.25.8-r0 or later
                                                                                                                                                                          • v1.27: v1.27.5-r0 or later
                                                                                                                                                                          • v1.28: v1.28.3-r0 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                        3. Configure Service parameters. In this example, only mandatory parameters are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                          • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                          • Service Type: Select LoadBalancer.
                                                                                                                                                                          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                          • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                            • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                            • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                            
+
                                                                                                                                                                          • Ports
                                                                                                                                                                            • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                            • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use HTTP/2. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                            
+
                                                                                                                                                                          • Listener
                                                                                                                                                                            • SSL authentication is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                              • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                              • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                              
+
                                                                                                                                                                            • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                            • Server Certificate: Select a server certificate when HTTPS is used. 
                                                                                                                                                                            • SNI: Add an SNI certificate containing a domain name. 
                                                                                                                                                                            • Advanced Options: Click Add custom container network settings and enable HTTP/2.
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        To enable HTTP/2, add the following annotation:
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.http2-enable: 'true'
                                                                                                                                                                        
+
                                                                                                                                                                        The following shows an example YAML file where an existing load balancer is associated:
                                                                                                                                                                        apiVersion: v1
+kind: Service
+metadata:
+  name: test
+  labels:
+    app: test
+    version: v1
+  namespace: default
+  annotations:
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 35cb350b-23e6-4551-ac77-10d5298f5204
+    kubernetes.io/elb.protocol-port: https:443
+    kubernetes.io/elb.cert-id: b64ab636f1614e1a960b5249c497a880
+    kubernetes.io/elb.http2-enable: 'true'
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
+spec:
+  selector:
+    app: test
+    version: v1
+  externalTrafficPolicy: Cluster
+  ports:
+    - name: cce-service-0
+      targetPort: 80
+      nodePort: 0
+      port: 443
+      protocol: TCP
+  type: LoadBalancer
+  loadBalancerIP: **.**.**.**
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 HTTP/2 parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.protocol-port
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        If a Service is HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port".
                                                                                                                                                                        
+
                                                                                                                                                                        where,
                                                                                                                                                                        
+
                                                                                                                                                                        • protocol: specifies the protocol used by the listener port. The value can be http or https.
                                                                                                                                                                        • ports: Service ports specified by spec.ports[].port.
                                                                                                                                                                        
+
                                                                                                                                                                        For example, to use HTTPS, the Service port must be 443. Therefore, the parameter value is https:443.
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.cert-id
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        ID of an ELB certificate, which is used as the HTTPS server certificate.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.http2-enable
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                                        
+
                                                                                                                                                                        Options:
                                                                                                                                                                        
+
                                                                                                                                                                        • true: enabled
                                                                                                                                                                        • false: disabled (default value)
                                                                                                                                                                        
+
                                                                                                                                                                        Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: LoadBalancer
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0859.html b/docs/cce/umn/cce_10_0859.html
new file mode 100644
index 00000000..a4b0243a
--- /dev/null
+++ b/docs/cce/umn/cce_10_0859.html
@@ -0,0 +1,37 @@
+
+
+
                                                                                                                                                                        Encrypting EVS Disks
                                                                                                                                                                        
+
                                                                                                                                                                        Encrypting cloud disks ensures data privacy and control, making it ideal for scenarios that demand high security or compliance standards. This section describes how to use the keys managed by Data Encryption Workshop (DEW) to encrypt EVS disks.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Dynamically create a PVC and PV.
                                                                                                                                                                          1. Choose Storage in the navigation pane and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
                                                                                                                                                                          2. Select EVS for the storage type, enable encryption, and choose a key. Configure other parameters based on service requirements. For details, see Using an EVS Disk Through a Dynamic PV.
                                                                                                                                                                          3. Click Create.
                                                                                                                                                                          
+
                                                                                                                                                                        3. Go to the PersistentVolumeClaims (PVCs) tab and check whether the PVC of the encrypted EVS disk is created and whether the disk is encrypted.
                                                                                                                                                                        4. The method of using an encrypted PVC is the same as that of using a regular PVC.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Automatically Creating an Encrypted EVS Disk Using kubectl
                                                                                                                                                                        1. Use kubectl to access the cluster.
                                                                                                                                                                        2. Create the pvc-evs-auto.yaml file. For details, see Automatically Creating an EVS Volume Through kubectl.
                                                                                                                                                                          apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-evs-auto
+  namespace: default
+  annotations:
+    everest.io/disk-volume-type: SAS    # EVS disk
+    everest.io/crypt-key-id: 37f202db-a970-4ac1-a506-e5c4f2d7ce69   # Encryption key ID, which can be obtained from DEW
+  labels:
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
+spec:
+  accessModes:
+  - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
+  resources:
+    requests:
+      storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768
+  storageClassName: csi-disk    # The storage class is EVS.
                                                                                                                                                                          
+
                                                                                                                                                                        3. Run the following command to create a PVC:
                                                                                                                                                                          kubectl apply -f pvc-evs-auto.yaml
                                                                                                                                                                          
+
                                                                                                                                                                        4. Go to the PersistentVolumeClaims (PVCs) tab and check whether the PVC of the encrypted EVS disk is created and whether the disk is encrypted.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Elastic Volume Service
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0860.html b/docs/cce/umn/cce_10_0860.html
new file mode 100644
index 00000000..0e9cea4e
--- /dev/null
+++ b/docs/cce/umn/cce_10_0860.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                        Expanding the Capacity of an EVS Disk
                                                                                                                                                                        
+
                                                                                                                                                                        If the EVS disk attached to a workload does not have enough space, you can increase its capacity by expanding it. This section describes how to expand the capacity of an EVS disk through the console.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Procedure for an EVS Disk
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Storage in the navigation pane and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                        3. Enter the capacity to be added and click OK.
                                                                                                                                                                           
                                                                                                                                                                          The disk size can only be increased, not decreased.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Elastic Volume Service
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0864.html b/docs/cce/umn/cce_10_0864.html
new file mode 100644
index 00000000..c4f90a19
--- /dev/null
+++ b/docs/cce/umn/cce_10_0864.html
@@ -0,0 +1,22 @@
+
+
+
                                                                                                                                                                        Configuring a Cluster's API Server for Internet Access
                                                                                                                                                                        
+
                                                                                                                                                                        You can bind an EIP to an API server of a Kubernetes cluster so that the API server can access the Internet.
                                                                                                                                                                        
+
                                                                                                                                                                        Procedure
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. On the Overview page, locate the Connection Info area, and click Bind next to EIP.
                                                                                                                                                                        3. Select an existing EIP. If no EIP is available, click Create EIP to go to the EIP console and assign one.
                                                                                                                                                                           
                                                                                                                                                                          • Binding an EIP to an API server for Internet access can pose a risk to the cluster's security. To mitigate this risk, configure Advanced Anti-DDoS or API server access policies (Configuring Access Policies for an API Server) for the bound EIP.
                                                                                                                                                                          • Binding an EIP to an API server will cause the API server to restart briefly and update the kubeconfig certificate. Do not make any changes to the cluster during this period.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Configuring Access Policies for an API Server
                                                                                                                                                                        To ensure the security of a cluster's API server, it is important to modify the security group rules for the master nodes. This is because the EIP, which is exposed to the Internet, is at risk of being attacked.
                                                                                                                                                                        
+
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                        2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                        3. Select Description as the filter criterion and paste the cluster ID to search for the target security groups.
                                                                                                                                                                        4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                        5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                          
+
                                                                                                                                                                        6. Change the source IP address that can be accessed as required. For example, if the IP address used by the client to access the API Server is 100.*.*.*, you can add an inbound rule for port 5443 and set the source IP address to 100.*.*.*.
                                                                                                                                                                           
                                                                                                                                                                          In addition to the client IP address, the port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh to ensure that the API Server can be accessed from within the cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        7. Click Confirm.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Connecting to a Cluster
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0883.html b/docs/cce/umn/cce_10_0883.html
new file mode 100644
index 00000000..1e9a6652
--- /dev/null
+++ b/docs/cce/umn/cce_10_0883.html
@@ -0,0 +1,70 @@
+
+
+
                                                                                                                                                                        Differences Between CCE Node mountPath Configurations and Community Native Configurations
                                                                                                                                                                        
+
                                                                                                                                                                        To maintain the stability of nodes, CCE stores Kubernetes and container runtime components on separate data disks. Kubernetes uses the /mnt/paas/kubernetes directory, and the container runtime uses the /mnt/paas/runtime directory. The paths to these directories are the same as the default paths used in the community through soft links.
                                                                                                                                                                        
+
                                                                                                                                                                        Configuration Differences Between CCE and Community Native
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Item
                                                                                                                                                                        
+
                                                                                                                                                                        Kubernetes Native Path
                                                                                                                                                                        
+
                                                                                                                                                                        CCE Path
                                                                                                                                                                        
+
                                                                                                                                                                        kubelet root-dir
                                                                                                                                                                        
+
                                                                                                                                                                        /var/lib/kubelet
                                                                                                                                                                        
+
                                                                                                                                                                        /mnt/paas/kubernetes/kubelet
                                                                                                                                                                        
+
                                                                                                                                                                        kubelet
                                                                                                                                                                        
+
                                                                                                                                                                        /var/lib/kubelet
                                                                                                                                                                        
+
                                                                                                                                                                        /mnt/paas/kubernetes/kubelet
                                                                                                                                                                        
+
                                                                                                                                                                        The soft link from /var/lib/kubelet to /mnt/paas/kubernetes/kubelet is also available.
                                                                                                                                                                        
+
                                                                                                                                                                        Container runtime (Docker)
                                                                                                                                                                        
+
                                                                                                                                                                        /var/lib/docker
                                                                                                                                                                        
+                                                                                                                                                                        		
+
                                                                                                                                                                        Container runtime (containerd)
                                                                                                                                                                        
+
                                                                                                                                                                        /var/lib/containerd
                                                                                                                                                                        
+                                                                                                                                                                        		
+
                                                                                                                                                                        containerd logs
                                                                                                                                                                        
+
                                                                                                                                                                        /var/log/pods
                                                                                                                                                                        
+
                                                                                                                                                                        /var/lib/containerd/container_logs
                                                                                                                                                                        
+
                                                                                                                                                                        The soft link from /var/log/pods to /var/lib/containerd/container_logs is also available.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, modified soft links will be mounted in both Kubernetes and CCE paths.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Possible Impact of Differences
                                                                                                                                                                        • If a soft link file is mounted into a container, the real path that the soft link file points to cannot be accessed.
                                                                                                                                                                          For example, if /var/log is mounted to /mnt/log in a container through a hostPath, /mnt/log/pods is an abnormal soft link file in the container, and the actual data in /var/log/pods cannot be accessed.
                                                                                                                                                                          
+
                                                                                                                                                                          Mount the actual file path to the container to prevent a file read failure caused by soft links.
                                                                                                                                                                          
+
                                                                                                                                                                        • The kubelet root-dir path (/mnt/paas/kubernetes/kubelet) is inconsistent with the community path (/var/lib/kubelet). If the container mount path of a third-party CSI add-on is the community path, the file mounting does not take effect.
                                                                                                                                                                          For example, when Vault (an open-source third-party add-on) uses secrets-store-csi-driver to mount a secret, if the root-dir path to the add-on is inconsistent with the CCE configuration path (the default value of the add-on is the same as the community path /var/lib/kubelet), the Vault secret cannot be obtained in the container.
                                                                                                                                                                          
+
                                                                                                                                                                          This is because CSI uses mountPropagation to mount volumes to target containers. kubelet includes the mount path (/mnt/paas/kubernetes/kubelet/pods/{podID}/volume/...) related to kubelet root-dir into the CSI request for mounting a volume. When the CSI container mounts a volume to the mount path requested by kubelet CSI, if the mount path is irrelevant to the hostPath, the mount propagation will be invalid. For example, the CSI container mounts host /var/lib/kubelet to container /var/lib/kubelet, and /mnt/paas/kubernetes/kubelet/pods/{podID}/volume/... in the CSI container is irrelevant to the hostPath.
                                                                                                                                                                          
+
                                                                                                                                                                          Update the root-dir path in CSI to match the kubelet root-dir path on the current CCE node.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Node O&M
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0886.html b/docs/cce/umn/cce_10_0886.html
new file mode 100644
index 00000000..6d408df8
--- /dev/null
+++ b/docs/cce/umn/cce_10_0886.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                        Accepting Nodes in a Node Pool
                                                                                                                                                                        
+
                                                                                                                                                                        If you want to add a newly created ECS to a node pool in a cluster, or remove a node from a node pool and add it to the node pool again, accept the node.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        • When an ECS is accepted for management, the ECS OS will be reset to the standard image provided by CCE to ensure node stability.
                                                                                                                                                                        • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs) will be deleted from the system disks and data disks attached to the selected ECSs during acceptance. Ensure that the information has been backed up.
                                                                                                                                                                        • During the acceptance of an ECS, do not perform any operation on the ECS through the ECS console.
                                                                                                                                                                        • After a node is managed by a node pool, if a scaling-in task is triggered in the node pool, the node will be deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Procedure
                                                                                                                                                                        1. Log in to the CCE console.
                                                                                                                                                                        2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                        3. Choose More > Accept Node in the operation bar of the target node pool.
                                                                                                                                                                          
+
                                                                                                                                                                        4. Select one or more nodes that meet the requirements.
                                                                                                                                                                          • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                                                                          • The nodes and the current node pool belong to the same enterprise project.
                                                                                                                                                                          • The billing mode of the nodes must be the same as that of the current node pool. For example, a pay-per-use node pool can accept only pay-per-use nodes.
                                                                                                                                                                          • The cloud server group of the nodes must be the same as that of the current node pool.
                                                                                                                                                                          • The nodes must be running and cannot be labeled with CCE-Dynamic-Provisioning-Node.
                                                                                                                                                                          • Data disks must be attached to the nodes. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                          • The flavor of the nodes must be at least 2 vCPUs and 4 GiB memory, and only one NIC can be bound to each of the nodes.
                                                                                                                                                                          • Only the cloud servers that have the same flavor, AZ, resource reservation, system disk, and data disk configurations as the node pool can be added for batch acceptance.
                                                                                                                                                                          • Partitioned disks on cloud servers will not be accepted as data disks. Back up data and clear the disks before node acceptance.
                                                                                                                                                                          
+
                                                                                                                                                                        5. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Managing a Node Pool
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0896.html b/docs/cce/umn/cce_10_0896.html
new file mode 100644
index 00000000..84737f67
--- /dev/null
+++ b/docs/cce/umn/cce_10_0896.html
@@ -0,0 +1,90 @@
+
+
+
                                                                                                                                                                        Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
                                                                                                                                                                        
+
                                                                                                                                                                        Dedicated load balancer ingresses support custom header forwarding policies. You can configure different header key-value pairs to determine the backend Service to which data is forwarded.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        A cluster meeting the following requirements is available:
                                                                                                                                                                        • v1.23: v1.23.16-r0 or later
                                                                                                                                                                        • v1.25: v1.25.11-r0 or later
                                                                                                                                                                        • v1.27: v1.27.8-r0 or later
                                                                                                                                                                        • v1.28: v1.28.6-r0 or later
                                                                                                                                                                        • v1.29: v1.29.2-r0 or later
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                        apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: test-header
+  namespace: default
+  annotations:
+    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.id: 08eab934-1636-4d90-a4cd-cb3fa4330411
+    kubernetes.io/elb.class: performance  # A dedicated load balancer is required.
+    # Path /a can be accessed only through Header key1=value1 or key1=value2. The accessed Service is svc-a:80.
+    kubernetes.io/elb.headers.svc-a: | 
+      {
+          "key": "key1",
+          "values": [
+              "value1",
+              "value2"
+          ]
+      }
+    # Path /b can be accessed only through Header key2=value1 or key2=value2. The accessed Service is svc-b:81.
+    kubernetes.io/elb.headers.svc-b: |  
+      {
+          "key": "key2",
+          "values": [
+              "value1",
+              "value2"
+          ]
+      }
+spec:
+  rules:
+    - host: ''
+      http:
+        paths:
+          - path: /a
+            backend:
+              service:
+                name: svc-a
+                port:
+                  number: 80
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+          - path: /b
+            backend:
+              service:
+                name: svc-b
+                port:
+                  number: 81
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+  ingressClassName: cce
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Annotations for configuring a custom header forwarding policy
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                                        
+
                                                                                                                                                                        Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
                                                                                                                                                                        
+
                                                                                                                                                                        • key/value indicates the key-value pair of the custom header. A maximum of eight values can be configured.
                                                                                                                                                                          Enter 1 to 40 characters for a key. Only letters, digits, hyphens (-), and underscores (_) are allowed.
                                                                                                                                                                          
+
                                                                                                                                                                          Enter 1 to 128 characters for a value. Asterisks (*) and question marks (?) are allowed, but spaces and double quotation marks are not allowed. An asterisk can match zero or more characters, and a question mark can match one character.
                                                                                                                                                                          
+
                                                                                                                                                                        • Either a custom header or grayscale release can be configured.
                                                                                                                                                                        • Enter 1 to 51 characters for ${svc_name}.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: LoadBalancer Ingresses
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0897.html b/docs/cce/umn/cce_10_0897.html
new file mode 100644
index 00000000..af5e2492
--- /dev/null
+++ b/docs/cce/umn/cce_10_0897.html
@@ -0,0 +1,105 @@
+
+
+
                                                                                                                                                                        Binding a Security Group to a Pod Using an Annotation
                                                                                                                                                                        
+
                                                                                                                                                                        Application Scenarios
                                                                                                                                                                        In Cloud Native 2.0 network mode, pods use ENIs or sub-ENIs of the VPC. You can configure a security group for a pod using a pod's annotation.
                                                                                                                                                                        
+
                                                                                                                                                                        Configure a security group in either of the following cases:
                                                                                                                                                                        
+
                                                                                                                                                                        • To newly bind a security group to a pod, use annotation yangtse.io/security-group-ids.
                                                                                                                                                                        • To bind more security groups to a pod, use annotation yangtse.io/additional-security-group-ids.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        The priority of the security group bound to a pod using annotation yangtse.io/security-group-ids is higher than those of the security groups in the security group policy (SecurityGroup) and cluster container network configuration (NetworkAttachmentDefinition).
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        A CCE Turbo cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                        • v1.23: v1.23.16-r0 or later
                                                                                                                                                                        • v1.25: v1.25.11-r0 or later
                                                                                                                                                                        • v1.27: v1.27.8-r0 or later
                                                                                                                                                                        • v1.28: v1.28.6-r0 or later
                                                                                                                                                                        • v1.29: v1.29.2-r0 or later
                                                                                                                                                                        • Versions later than v1.29
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        • Create a workload with a security group configured. The security group bound to the pod is subject to the one configured using an annotation.
                                                                                                                                                                           
                                                                                                                                                                          If the pod has been bound to a security group, the configuration will be overwritten.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/security-group-ids: *****  # Security group ID. Use commas (,) to separate multiple security groups.
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                                          
+
                                                                                                                                                                        • Add an additional security group for the workload.
                                                                                                                                                                          apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+      annotations:
+        yangtse.io/additional-security-group-ids: *****  # Security group ID. Use commas (,) to separate multiple security groups.
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 100m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                                          
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Annotations for configuring a security group for a pod
                                                                                                                                                                        Annotation
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Value Range
                                                                                                                                                                        
+
                                                                                                                                                                        yangtse.io/security-group-ids
                                                                                                                                                                        
+
                                                                                                                                                                        Configure a security group for a pod. The security group of the pod is subject to the one configured using this annotation. If the pod already has a security group, the original security group will be overwritten.
                                                                                                                                                                        
+
                                                                                                                                                                        Security group IDs. A maximum of five IDs are allowed. Use commas (,) to separate multiple security groups.
                                                                                                                                                                        
+
                                                                                                                                                                        yangtse.io/additional-security-group-ids
                                                                                                                                                                        
+
                                                                                                                                                                        Add more security groups to a pod.
                                                                                                                                                                        
+
                                                                                                                                                                        Security group IDs. The total number of newly added security group IDs and existing security group IDs cannot exceed 5. Use commas (,) to separate multiple security groups.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Cloud Native Network 2.0 Settings
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0904.html b/docs/cce/umn/cce_10_0904.html
new file mode 100644
index 00000000..4006d143
--- /dev/null
+++ b/docs/cce/umn/cce_10_0904.html
@@ -0,0 +1,21 @@
+
+
+
+  
                                                                                                                                                                        VPC Network Settings
                                                                                                                                                                        
+
+  
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
+
diff --git a/docs/cce/umn/cce_10_0906.html b/docs/cce/umn/cce_10_0906.html
new file mode 100644
index 00000000..44507272
--- /dev/null
+++ b/docs/cce/umn/cce_10_0906.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                        Adding a Pod Subnet for a Cluster
                                                                                                                                                                        
+
                                                                                                                                                                        Scenario
                                                                                                                                                                        If the pod subnet configured during CCE Turbo cluster creation cannot meet service expansion requirements, you can add a pod subnet for the cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        • This function is available only for CCE Turbo clusters of v1.19 or later.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Procedure
                                                                                                                                                                        1. Log in to the CCE console and access the CCE Turbo cluster console.
                                                                                                                                                                        2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                                                                        3. Select a pod subnet in the same VPC. You can add multiple pod subnets at a time. If no other pod subnet is available, go to the VPC console and create one.
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Cloud Native Network 2.0 Settings
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0907.html b/docs/cce/umn/cce_10_0907.html
new file mode 100644
index 00000000..0809a8e5
--- /dev/null
+++ b/docs/cce/umn/cce_10_0907.html
@@ -0,0 +1,23 @@
+
+
+
+  
                                                                                                                                                                        Scheduling and Elasticity Add-ons
                                                                                                                                                                        
+
+  
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
+
diff --git a/docs/cce/umn/cce_10_0908.html b/docs/cce/umn/cce_10_0908.html
new file mode 100644
index 00000000..9e775ee4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0908.html
@@ -0,0 +1,23 @@
+
+
+
+  
                                                                                                                                                                        Cloud Native Observability Add-ons
                                                                                                                                                                        
+
+  
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
+
diff --git a/docs/cce/umn/cce_10_0909.html b/docs/cce/umn/cce_10_0909.html
new file mode 100644
index 00000000..4ed2605b
--- /dev/null
+++ b/docs/cce/umn/cce_10_0909.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                        Cloud Native Heterogeneous Computing Add-ons
                                                                                                                                                                        
+
+  
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Add-ons
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0910.html b/docs/cce/umn/cce_10_0910.html
new file mode 100644
index 00000000..ae88b8ba
--- /dev/null
+++ b/docs/cce/umn/cce_10_0910.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                        Container Network Add-ons
                                                                                                                                                                        
+
+  
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
                                                                                                                                                                        
+
                                                                                                                                                                        Parent topic: Add-ons
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0911.html b/docs/cce/umn/cce_10_0911.html
new file mode 100644
index 00000000..1c6256c4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0911.html
@@ -0,0 +1,21 @@
+
+
+
+  
                                                                                                                                                                        Container Storage Add-ons
                                                                                                                                                                        
+
+  
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
+
diff --git a/docs/cce/umn/cce_bestpractice_00004.html b/docs/cce/umn/cce_bestpractice_00004.html
index b48f61c2..bac2744f 100644
--- a/docs/cce/umn/cce_bestpractice_00004.html
+++ b/docs/cce/umn/cce_bestpractice_00004.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                        Constraints
                                                                                                                                                                        To access a CCE cluster through a VPN, ensure that the VPN does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Basic Concepts
                                                                                                                                                                        • VPC CIDR Block
                                                                                                                                                                          Virtual Private Cloud (VPC) enables you to provision logically isolated, configurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases. You have complete control over your virtual network, including selecting your own CIDR block, creating subnets, and configuring security groups. You can also assign EIPs and allocate bandwidth in your VPC for secure and easy access to your business system.
                                                                                                                                                                          
-
                                                                                                                                                                        • Subnet CIDR Block
                                                                                                                                                                          A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                          Figure 1 VPC CIDR block architecture
                                                                                                                                                                          
+
                                                                                                                                                                        • Subnet CIDR Block
                                                                                                                                                                          A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                          Figure 1 VPC CIDR block architecture
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          By default, ECSs in all subnets of the same VPC can communicate with one another, while ECSs in different VPCs cannot communicate with each other.
                                                                                                                                                                          
 
                                                                                                                                                                          You can create a peering connection on VPC to enable ECSs in different VPCs to communicate with each other.
                                                                                                                                                                          
@@ -17,23 +17,23 @@
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Single-VPC Single-Cluster Scenarios
                                                                                                                                                                        CCE Clusters: include clusters in VPC network model and container tunnel network model. Figure 2 shows the CIDR block planning of a cluster.
                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                        • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                        • Container CIDR Block: cannot overlap with the subnet CIDR block.
                                                                                                                                                                        • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Figure 3 shows the CIDR block planning for a CCE Turbo cluster (Cloud Native Network 2.0).
                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                        • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                        • Container Subnet CIDR Block: The container subnet is included in the VPC CIDR block and can overlap with the subnet CIDR block or even be the same as the subnet CIDR block. Note that the container subnet size determines the maximum number of containers in the cluster because IP addresses in the VPC are directly allocated to containers. After a cluster is created, you can only add container subnets but cannot delete them. Set a larger IP address segment for the container subnet to prevent insufficient container IP addresses.
                                                                                                                                                                        • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo Clusters)
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo cluster)
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Single-VPC Multi-Cluster Scenarios
                                                                                                                                                                        VPC network model
                                                                                                                                                                        
 
                                                                                                                                                                        Pod packets are forwarded through VPC routes. CCE automatically configures a routing table on the VPC routes to each container CIDR block. The network scale is limited by the VPC route table. Figure 4 shows the CIDR block planning of the cluster.
                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                        • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                        • Container CIDR Block: If multiple VPC network model clusters exist in a single VPC, the container CIDR blocks of all clusters cannot overlap because the clusters use the same routing table. In this case, if the node security group allows container CIDR block from the peer cluster, pods in one cluster can directly access pods in another cluster through the pod IP addresses.
                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Tunnel network model
                                                                                                                                                                        
 
                                                                                                                                                                        Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications. Figure 5 shows the CIDR block planning of the cluster.
                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                        • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                        • Container CIDR Block: The container CIDR blocks of all clusters can overlap. In this case, pods in different clusters cannot be directly accessed through pod IP addresses. Pods in different clusters need to access each other through Services. The LoadBlancer Services are recommended.
                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Cloud Native 2.0 network model (CCE Turbo Clusters)
                                                                                                                                                                        
 
                                                                                                                                                                        In this mode, container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and multiple types of VPC networks can be bound to deliver high performance.
                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. In a CCE Turbo cluster, the CIDR block size affects the total number of nodes and containers that can be created in the cluster.
                                                                                                                                                                        • Subnet CIDR Block: There is no special restriction on the subnet CIDR blocks in CCE Turbo clusters.
                                                                                                                                                                        • Container Subnet: The CIDR block of the container subnet is included in the VPC CIDR block. Container subnets in different clusters can overlap with each other or overlap with the subnet CIDR block. However, you are advised to stagger the container CIDR blocks of different clusters and ensure that the container subnet CIDR blocks have sufficient IP addresses. In this case, if the ENI security group of the cluster allows the container CIDR block of the peer cluster, pods in different clusters can directly access each other through IP addresses.
                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container subnet CIDR block of the cluster.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 6 Cloud Native 2.0 network - multi-cluster scenario
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 6 Cloud Native 2.0 network - multi-cluster scenario
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Clusters using different networks
                                                                                                                                                                        
 
                                                                                                                                                                        When a VPC contains clusters created with different network models, comply with the following rules when creating a cluster:
                                                                                                                                                                        
@@ -42,17 +42,17 @@
 
                                                                                                                                                                        Cross-VPC Cluster Interconnection
                                                                                                                                                                        If VPCs cannot communicate with each other, a VPC peering connection is used to ensure communication between VPCs. When two VPC networks are interconnected, you can configure the packets to be sent to the peer VPC in the route table. 
                                                                                                                                                                        
 
                                                                                                                                                                        Clusters using VPC networks
                                                                                                                                                                        
 
                                                                                                                                                                        To allow clusters that use VPC networks to access each other across VPCs, add routes to the two ends of the VPC peering after a VPC peering connection is created.
                                                                                                                                                                        
-
                                                                                                                                                                        Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                        
 
                                                                                                                                                                        When creating a VPC peering connection between containers across VPCs, pay attention to the following points:
                                                                                                                                                                        
-
                                                                                                                                                                        • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                        • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                        • If the request end cluster uses the VPC network, check whether the node security group in the destination cluster allows the container CIDR block of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP address. Similarly, if nodes running in the clusters at the two ends of the VPC peering connection need to access each other, the node security group must allow the VPC CIDR block of the peer cluster.
                                                                                                                                                                        • You need to add routes for accessing the peer network CIDR block to the VPC routing tables at both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2.
                                                                                                                                                                          • Add the VPC CIDR block of the peer cluster: After the route of the VPC CIDR block is added, a pod in a cluster can access another cluster node. For example, the pod can access the port of a NodePort Service.
                                                                                                                                                                          • Add peer container CIDR block: After the route of the container CIDR block is added, a pod can directly access pods in another cluster through the container IP addresses.
                                                                                                                                                                          
+
                                                                                                                                                                          • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                          • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                          • If the request end cluster uses the VPC network, check whether the node security group in the destination cluster allows the container CIDR block of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes running in the clusters at the two ends of the VPC peering connection need to access each other, the node security group must allow the VPC CIDR block of the peer cluster.
                                                                                                                                                                          • You need to add routes for accessing the peer network CIDR block to the VPC routing tables at both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2.
                                                                                                                                                                            • Add the VPC CIDR block of the peer cluster: After the route of the VPC CIDR block is added, a pod in a cluster can access another cluster node. For example, the pod can access the port of a NodePort Service.
                                                                                                                                                                            • Add peer container CIDR block: After the route of the container CIDR block is added, a pod can directly access pods in another cluster through the container IP addresses.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          Clusters using tunnel networks
                                                                                                                                                                          
 
                                                                                                                                                                          To allow clusters that use tunnel networks to access each other across VPCs, add routes to the two ends of the VPC peering after a VPC peering connection is created.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                          
 
                                                                                                                                                                          Pay attention to the following:
                                                                                                                                                                          
 
                                                                                                                                                                          • The VPCs of the peer clusters must not overlap.
                                                                                                                                                                          • The container CIDR blocks of all clusters can overlap, so do the Service CIDR blocks.
                                                                                                                                                                          • If the request end cluster uses the tunnel network, check whether the node security group in the destination cluster allows the VPC CIDR block (including the node subnets) of the request end cluster. If yes, nodes in one cluster can access nodes in another cluster. However, pods in different clusters cannot be directly accessed using pod IP addresses. Access between pods in different clusters requires Services. The LoadBlancer Services are recommended.
                                                                                                                                                                          • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access another cluster node, for example, accessing the port of a NodePort Service.
                                                                                                                                                                          
 
                                                                                                                                                                          Clusters using Cloud Native 2.0 networks (CCE Turbo clusters)
                                                                                                                                                                          
-
                                                                                                                                                                          After creating a VPC peering connection, add routes of the VPC peering connection to the both ends so that the two VPCs can communicate with each other. Pay attention to the following:
                                                                                                                                                                          • The VPCs of the clusters at the two ends must not overlap.
                                                                                                                                                                          • If the request end cluster uses the Cloud Native 2.0 network, check whether the ENI security group (named in the format of {Cluster name}-cce-eni-{Random ID}) of the destination cluster allows the VPC CIDR block (including the node subnets and container CIDR block) of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes in the clusters at the two ends of the VPC peering need to access each other, allow the VPC CIDR block of the peer cluster in the node security group (named in the format of {Cluster name}-cce-node-{Random ID}).
                                                                                                                                                                          • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access pod IP addresses or nodes in another cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          After creating a VPC peering connection, add routes of the VPC peering connection to both ends so that the two VPCs can communicate with each other. Pay attention to the following:
                                                                                                                                                                          • The VPCs of the peer clusters must not overlap.
                                                                                                                                                                          • If the request end cluster uses the Cloud Native 2.0 network, check whether the ENI security group (named in the format of {Cluster name}-cce-eni-{Random ID}) of the destination cluster allows the VPC CIDR block (including the node subnets and container CIDR block) of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes in the clusters at the two ends of the VPC peering need to access each other, allow the VPC CIDR block of the peer cluster in the node security group (named in the format of {Cluster name}-cce-node-{Random ID}).
                                                                                                                                                                          • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access pod IP addresses or nodes in another cluster.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Clusters using different networks
                                                                                                                                                                          
 
                                                                                                                                                                          If clusters using different networks need to communicate with each other across VPCs, every one of them may serve as the request end or destination end. Pay attention to the following:
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0003.html b/docs/cce/umn/cce_bestpractice_0003.html
index 026c696b..b779c179 100644
--- a/docs/cce/umn/cce_bestpractice_0003.html
+++ b/docs/cce/umn/cce_bestpractice_0003.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                          No recoding or re-architecting is required. You only need to pack the entire application into a container image and deploy the container image on CCE.
                                                                                                                                                                          
 
                                                                                                                                                                          Introduction
                                                                                                                                                                          In this example, the enterprise management application is developed by enterprise A. This application is provided for third-party enterprises for use, and enterprise A is responsible for application maintenance.
                                                                                                                                                                          
 
                                                                                                                                                                          When a third-party enterprise needs to use this application, a suit of Tomcat application and MongoDB database must be deployed for the third-party enterprise. The MySQL database, used to store data of third-party enterprises, is provided by enterprise A.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 Application architecture
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 Application architecture
                                                                                                                                                                          
 
                                                                                                                                                                          As shown in Figure 1, the application is a standard Tomcat application, and its backend interconnects with MongoDB and MySQL databases. For this type of applications, there is no need to split the architecture. The entire application is built as an image, and the MongoDB database is deployed in the same image as the Tomcat application. In this way, the application can be deployed or upgraded through the image.
                                                                                                                                                                          
 
                                                                                                                                                                          • Interconnecting with the MongoDB database for storing user files.
                                                                                                                                                                          • Interconnecting with the MySQL database for storing third-party enterprise data. The MySQL database is an external cloud database.
                                                                                                                                                                          
 
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_00035.html b/docs/cce/umn/cce_bestpractice_00035.html
index 8db74b6a..b315a179 100644
--- a/docs/cce/umn/cce_bestpractice_00035.html
+++ b/docs/cce/umn/cce_bestpractice_00035.html
@@ -13,38 +13,15 @@
 
                                                                                                                                                                          X-Forwarded-For: IP address of the client,Proxy server 1-IP address,Proxy server 2-IP address,...
                                                                                                                                                                          
 
                                                                                                                                                                          If you use this method, the first IP address obtained is the IP address of the client.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          1. Take the Nginx workload as an example. Before configuring the source IP address, obtain the access logs. nginx-c99fd67bb-ghv4q indicates the pod name.
                                                                                                                                                                            kubectl logs nginx-c99fd67bb-ghv4q
                                                                                                                                                                            
-
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
-
                                                                                                                                                                            ...
-10.0.0.7 - - [17/Aug/2023:01:30:11 +0000] "GET / HTTP/1.1" 200 19 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "100.125.**.**"
                                                                                                                                                                            
-
                                                                                                                                                                            100.125.**.** specifies the CIDR block of the load balancer, indicating that the traffic is forwarded through the load balancer.
                                                                                                                                                                            
-
                                                                                                                                                                          2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                            1. Log in to the ELB console.
                                                                                                                                                                            2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                            3. Click Service List. Under Networking, click Elastic Load Balance.
                                                                                                                                                                            4. On the Load Balancers page, click the name of the load balancer.
                                                                                                                                                                            5. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                            6. Enable Transfer Client IP Address.
                                                                                                                                                                            
-
                                                                                                                                                                          3. (Perform this step only for Nginx ingresses.) Edit the nginx-ingress add-on. In the nginx configuration parameter area, configure the configuration fields and information. For details about the parameter range, see community document. After the configuration is complete, update the add-on.
                                                                                                                                                                            {
-    "enable-real-ip": "true",
-    "forwarded-for-header": "X-Forwarded-For",
-    "proxy-real-ip-cidr": "100.125.0.0/16",
-    "keep-alive-requests": "100"
-}
                                                                                                                                                                            
-
                                                                                                                                                                             
                                                                                                                                                                            The proxy-real-ip-cidr parameter indicates the CIDR block of the proxy server.
                                                                                                                                                                            
-
                                                                                                                                                                            • For shared load balancers, add CIDR block 100.125.0.0/16 (reserved only for load balancers and therefore, there is no risk) and the high-defense CIDR block.
                                                                                                                                                                            
-
                                                                                                                                                                            • For dedicated load balancers, add the CIDR block of the VPC subnet where the ELB resides.
                                                                                                                                                                            
-
                                                                                                                                                                            For details, see How Can I Transfer the IP Address of a Client?
                                                                                                                                                                            
-
                                                                                                                                                                            
-
                                                                                                                                                                          4. Access the workload again and view the new access log.
                                                                                                                                                                            ...
-10.0.0.7 - - [17/Aug/2023:02:43:11 +0000] "GET / HTTP/1.1" 304 0 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "124.**.**.**"
                                                                                                                                                                            
-
                                                                                                                                                                            The source IP address of the client is obtained.
                                                                                                                                                                            
-
                                                                                                                                                                          
 
                                                                                                                                                                          LoadBalancer
                                                                                                                                                                          For a LoadBalancer Service, different types of clusters obtain source IP addresses in different scenarios. In some scenarios, source IP addresses cannot be obtained currently.
                                                                                                                                                                          • CCE Clusters (using VPC or Tunnel network): Source IP addresses can be obtained when either a shared or dedicated load balancer is used.
                                                                                                                                                                          • CCE Turbo Clusters (using the Cloud Native Network 2.0): Source IP addresses can be obtained for dedicated load balancers, and for shared load balancers with hostNetwork enabled.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          VPC and Container Tunnel Network Models
                                                                                                                                                                          
-
                                                                                                                                                                          To obtain source IP addresses, perform the following steps:
                                                                                                                                                                          
-
                                                                                                                                                                          1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node-level instead of Cluster-level.
                                                                                                                                                                            
-
                                                                                                                                                                          2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                            1. Log in to the ELB console.
                                                                                                                                                                            2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                            3. Click Service List. Under Networking, click Elastic Load Balance.
                                                                                                                                                                            4. On the Load Balancers page, click the name of the load balancer.
                                                                                                                                                                            5. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                            6. Enable Transfer Client IP Address.
                                                                                                                                                                            
+
                                                                                                                                                                            To enable the function of obtaining the source IP address on the console, perform the following steps:
                                                                                                                                                                            
+
                                                                                                                                                                            1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node-level instead of Cluster-level.
                                                                                                                                                                            2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                              1. Log in to the ELB console.
                                                                                                                                                                              2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                              3. Click Service List. Under Networking, click Elastic Load Balance.
                                                                                                                                                                              4. On the Load Balancers page, click the name of the load balancer.
                                                                                                                                                                              5. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                              6. Enable Transfer Client IP Address.
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                            Cloud Native Network 2.0 Model (CCE Turbo Clusters)
                                                                                                                                                                            
 
                                                                                                                                                                            In the Cloud Native Network 2.0 model, when a shared load balancer is used for load balancing, the service affinity cannot be set to Node-level. As a result, source IP addresses cannot be obtained. To obtain a source IP address, you must use a dedicated load balancer. External access to the container does not need to pass through the forwarding plane.
                                                                                                                                                                            
-
                                                                                                                                                                            By default, transparent transmission of source IP addresses is enabled for dedicated load balancers. You do not need to manually enable Transfer Client IP Address on the ELB console. Instead, you only need to select a dedicated load balancer when creating an ENI LoadBalancer Service on the CCE console.
                                                                                                                                                                            
-
                                                                                                                                                                            
+
                                                                                                                                                                            By default, transparent transmission of source IP addresses is enabled for dedicated load balancers. You do not need to manually enable Transfer Client IP Address on the ELB console. Instead, you only need to select a dedicated load balancer when creating a LoadBalancer Service on the CCE console.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          NodePort
                                                                                                                                                                          Set the service affinity of a NodePort Service to Node-level instead of Cluster-level. That is, set spec.externalTrafficPolicy of the Service to Local.
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          When a node (using Cloud Native Network 2.0) accesses a NodePort Service, source IP addresses can be obtained only when hostNetwork is enabled for workloads.
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0004.html b/docs/cce/umn/cce_bestpractice_0004.html
index 02c7e5a5..c79270f0 100644
--- a/docs/cce/umn/cce_bestpractice_0004.html
+++ b/docs/cce/umn/cce_bestpractice_0004.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                          Containerization Process
                                                                                                                                                                          
 
                                                                                                                                                                          The following figure illustrates the process of containerizing an application.
                                                                                                                                                                          
-
                                                                                                                                                                          Figure 1 Process of containerizing an application
                                                                                                                                                                          
+
                                                                                                                                                                          Figure 1 Process of containerizing an application
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0006.html b/docs/cce/umn/cce_bestpractice_0006.html
index 2e48fd6c..c46d9675 100644
--- a/docs/cce/umn/cce_bestpractice_0006.html
+++ b/docs/cce/umn/cce_bestpractice_0006.html
@@ -5,11 +5,11 @@
 
                                                                                                                                                                          • Installing Docker: During application containerization, build a container image. To do so, you have to prepare a PC and install Docker on it.
                                                                                                                                                                          • Obtaining the base image tag: Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                          • Obtaining the runtime: Obtain the runtime of the application and the MongoDB database with which the application interconnects.
                                                                                                                                                                          
 
                                                                                                                                                                          Installing Docker
                                                                                                                                                                          Docker is compatible with almost all operating systems. Select a Docker version that best suits your needs.
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          SWR uses Docker 1.11.2 or later to upload images. 
                                                                                                                                                                          
-
                                                                                                                                                                          You are advised to install Docker and build images as user root. Obtain the password of user root of the host where Docker is to be installed in advance.
                                                                                                                                                                          
+
                                                                                                                                                                          It is recommended that you install Docker and build images as the user root. Make sure to obtain the user root password for the host where Docker will be installed beforehand.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          1. Log in as user root to the device on which Docker is about to be installed.
                                                                                                                                                                          2. Quickly install Docker on the device running Linux. You can also manually install Docker. For details, see Docker Engine installation.
                                                                                                                                                                            curl -fsSL get.docker.com -o get-docker.sh
                                                                                                                                                                            
+
                                                                                                                                                                            1. Log in as user root to the device on which Docker is about to be installed.
                                                                                                                                                                            2. Quickly install Docker on the device running Linux. You can also manually install Docker. For details, see Docker Engine installation.
                                                                                                                                                                              curl -fsSL get.docker.com -o get-docker.sh
                                                                                                                                                                              
 
                                                                                                                                                                              sh get-docker.sh
                                                                                                                                                                              
-
                                                                                                                                                                            3. Run the following command to query the Docker version:
                                                                                                                                                                              docker version
                                                                                                                                                                              Client:
+
                                                                                                                                                                            4. Run the following command to check the Docker version:
                                                                                                                                                                              docker version
                                                                                                                                                                              Client:
 Version: 17.12.0-ce
 API Version:1.35
 ...
                                                                                                                                                                              
@@ -20,7 +20,7 @@ API Version:1.35
 
                                                                                                                                                                              Obtaining the Base Image Tag
                                                                                                                                                                              Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                              
 
                                                                                                                                                                               
                                                                                                                                                                              Search for the image tag based on the OS on which the application runs.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              1. Visit the Docker website.
                                                                                                                                                                              2. Search for CentOS. The image corresponding to CentOS 7.1 is centos7.1.1503. Use this image name when editing the Dockerfile.
                                                                                                                                                                                Figure 1 Obtaining the CentOS version
                                                                                                                                                                                
+
                                                                                                                                                                                1. Visit the Docker website.
                                                                                                                                                                                2. Search for CentOS. The image corresponding to CentOS 7.1 is centos7.1.1503. Use this image name when editing the Dockerfile.
                                                                                                                                                                                  Figure 1 Obtaining the CentOS version
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                              Obtaining the Runtime
                                                                                                                                                                              In this example, the web application of the Tomcat type is used. This application requires the runtime of Tomcat 7.0, and Tomcat requires JDK 1.8. In addition, the application must interconnect with the MongoDB database in advance.
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_0009.html b/docs/cce/umn/cce_bestpractice_0009.html
index 876aff1a..9f16c705 100644
--- a/docs/cce/umn/cce_bestpractice_0009.html
+++ b/docs/cce/umn/cce_bestpractice_0009.html
@@ -11,7 +11,7 @@
 
                                                                                                                                                                              Procedure
                                                                                                                                                                              1. Log in as the root user to the device running Docker.
                                                                                                                                                                              2. Enter the apptest directory.
                                                                                                                                                                                cd apptest
                                                                                                                                                                                
 
                                                                                                                                                                                ll
                                                                                                                                                                                
 
                                                                                                                                                                                Ensure that files used to build the image are stored in the same directory.
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                              3. Build an image.
                                                                                                                                                                                docker build -t apptest .
                                                                                                                                                                                
 
                                                                                                                                                                              4. Upload the image to SWR. For details, see Uploading an Image Through the Client.
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_0010.html b/docs/cce/umn/cce_bestpractice_0010.html
index 83424856..a8c0bfb5 100644
--- a/docs/cce/umn/cce_bestpractice_0010.html
+++ b/docs/cce/umn/cce_bestpractice_0010.html
@@ -32,7 +32,7 @@
 
                                                                                                                                                              Creating a key pair
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Create a key pair before you create a containerized application. Key pairs are used for identity authentication during remote login to a node. If you have a key pair already, skip this task. 
                                                                                                                                                              
-
                                                                                                                                                              1. Log in to the management console.
                                                                                                                                                              2. In the service list, choose Data Encryption Workshop under Security & Compliance.
                                                                                                                                                              3. In the navigation pane, choose Key Pair Service. On the Private Key Pairs tab, click Create Key Pair.
                                                                                                                                                              4. Enter a key pair name, select I agree to have the private key managed on the cloud and I have read and agree to the Key Pair Service Disclaimer, and click OK.
                                                                                                                                                              5. In the dialog box displayed, click OK.
                                                                                                                                                                View and save the key pair. For security purposes, a key pair can be downloaded only once. Keep it secure to ensure successful login. 
                                                                                                                                                                
+
                                                                                                                                                                1. Log in to the management console.
                                                                                                                                                                2. In the service list, choose Data Encryption Workshop under Security & Compliance.
                                                                                                                                                                3. In the navigation pane, choose Key Pair Service. On the Private Key Pairs tab, click Create Key Pair.
                                                                                                                                                                4. Enter a key pair name, select I agree to host the private key of the key pair. and I have read and agree to the Key Pair Service Disclaimer, and click OK.
                                                                                                                                                                5. In the dialog box displayed, click OK.
                                                                                                                                                                  View and save the key pair. For security purposes, a key pair can be downloaded only once. Keep it secure to ensure successful login. 
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                              		
 
                                                                                                                                                              
 
                                                                                                                                                              Application scenarios
                                                                                                                                                              
 
                                                                                                                                                              • Common container service scenarios
                                                                                                                                                              • Scenarios that do not have high requirements on network latency and bandwidth
                                                                                                                                                              
+
                                                                                                                                                              • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                                                                                                              • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                                                                                                              
 
                                                                                                                                                              • Scenarios that have high requirements on network latency and bandwidth
                                                                                                                                                              • Containers can communicate with VMs using a microservice registration framework, such as Dubbo and CSE.
                                                                                                                                                              
+
                                                                                                                                                              • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                                                              • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                                                                                              
 
                                                                                                                                                              • Scenarios that have high requirements on network latency, bandwidth, and performance
                                                                                                                                                              • Containers can communicate with VMs using a microservice registration framework, such as Dubbo and CSE.
                                                                                                                                                              
+
                                                                                                                                                              • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                                                                                                              • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Core technology
                                                                                                                                                              
@@ -47,7 +47,7 @@
 
                                                                                                                                                              CCE Turbo cluster
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Network isolation
                                                                                                                                                              
+
                                                                                                                                                              Container network isolation
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Kubernetes native NetworkPolicy for pods
                                                                                                                                                              
 
                                                                                                                                                              Pods support security group isolation.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Passthrough networking
                                                                                                                                                              
+
                                                                                                                                                              Interconnecting pods to a load balancer
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              Interconnected through a NodePort
                                                                                                                                                              
 
                                                                                                                                                              No
                                                                                                                                                              
+
                                                                                                                                                              Interconnected through a NodePort
                                                                                                                                                              
 
                                                                                                                                                              Yes
                                                                                                                                                              
+
                                                                                                                                                              Directly interconnected using a dedicated load balancer
                                                                                                                                                              
+
                                                                                                                                                              Interconnected using a shared load balancer through a NodePort
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              IP address management
                                                                                                                                                              
+
                                                                                                                                                              Managing container IP addresses
                                                                                                                                                              
 
                                                                                                                                                              • The container CIDR block is allocated separately.
                                                                                                                                                              • CIDR blocks are divided by node and can be dynamically allocated (CIDR blocks can be dynamically added after being allocated.)
                                                                                                                                                              
+
                                                                                                                                                              • Separate container CIDR blocks needed
                                                                                                                                                              • Container CIDR blocks divided by node and dynamically added after being allocated
                                                                                                                                                              
 
                                                                                                                                                              • The container CIDR block is allocated separately.
                                                                                                                                                              • CIDR blocks are divided by node and statically allocated (the CIDR block cannot be changed after a node is created).
                                                                                                                                                              
+
                                                                                                                                                              • Separate container CIDR blocks needed
                                                                                                                                                              • Container CIDR blocks divided by node and statically allocated (the allocated CIDR blocks cannot be changed after a node is created)
                                                                                                                                                              
 
                                                                                                                                                              The container CIDR block is divided from the VPC subnet and does not need to be allocated separately.
                                                                                                                                                              
+
                                                                                                                                                              Container CIDR blocks divided from a VPC subnet (You do not need to configure separate container CIDR blocks.)
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Network performance
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Performance loss due to VXLAN encapsulation
                                                                                                                                                              
 
                                                                                                                                                              No tunnel encapsulation. Cross-node packets are forwarded through VPC routers, delivering performance equivalent to that of the host network.
                                                                                                                                                              
+
                                                                                                                                                              No tunnel encapsulation, and cross-node traffic forwarded through VPC routers (The performance is so good that is comparable to that of the host network, but there is a loss caused by NAT.)
                                                                                                                                                              
 
                                                                                                                                                              The container network is integrated with the VPC network, eliminating performance loss.
                                                                                                                                                              
+
                                                                                                                                                              Container network integrated with VPC network, eliminating performance loss
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Networking scale
                                                                                                                                                              
@@ -88,9 +89,10 @@
 
                                                                                                                                                              A maximum of 2000 nodes are supported.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              Suitable for small- and medium-scale networks due to the limitation on VPC routing tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                                                                                                              
-
                                                                                                                                                              Each time a node is added to the cluster, a route is added to the VPC routing tables. Therefore, the cluster scale is limited by the VPC routing tables. 
                                                                                                                                                              
+
                                                                                                                                                              Each time a node is added to the cluster, a route is added to the VPC routing tables. Evaluate the cluster scale that is limited by the VPC routing tables before creating the cluster. 
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              A maximum of 2000 nodes are supported.
                                                                                                                                                              
+
                                                                                                                                                              In a cloud-native network 2.0 cluster, containers' IP addresses are assigned from VPC CIDR blocks, and the number of containers supported is restricted by these blocks. Evaluate the cluster's scale limitations before creating it.
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
                                                                                                                                                               
 
                                                                                                                                                              Data disk
                                                                                                                                                              
 
                                                                                                                                                              A disk that must be attached to a node for the container engine and kubelet
                                                                                                                                                              
+
                                                                                                                                                              The first data disk attached to a node for container engine and kubelet
                                                                                                                                                              
                                                                                                                                                               		
+
                                                                                                                                                              Expanding Data Disk Capacity
                                                                                                                                                              
                                                                                                                                                               		
 
                                                                                                                                                              
 
                                                                                                                                                              Container storage
                                                                                                                                                              
@@ -49,7 +49,8 @@
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Expanding System Disk Capacity
                                                                                                                                                              EulerOS 2.9 is used as the sample OS. There is only one partition (/dev/vda1) with a capacity of 50 GiB in the system disk /dev/vda, and then 50 GiB is added to the system disk. In this example, the additional 50 GiB is allocated to the existing /dev/vda1 partition.
                                                                                                                                                              
-
                                                                                                                                                              1. Expand the capacity of the system disk on the EVS console.
                                                                                                                                                              2. Log in to the node and run the growpart command to check whether growpart has been installed.
                                                                                                                                                                If the tool operation guide is displayed, the growpart has been installed. Otherwise, run the following command to install growpart:
                                                                                                                                                                
+
                                                                                                                                                                1. Expand the system disk capacity on the EVS console. 
                                                                                                                                                                  Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the partition and file system.
                                                                                                                                                                  
+
                                                                                                                                                                2. Log in to the node and run the growpart command to check whether growpart has been installed.
                                                                                                                                                                  If the tool operation guide is displayed, the growpart has been installed. Otherwise, run the following command to install growpart:
                                                                                                                                                                  
 
                                                                                                                                                                  yum install cloud-utils-growpart
                                                                                                                                                                  
 
                                                                                                                                                                3. Run the following command to view the total capacity of the system disk /dev/vda:
                                                                                                                                                                  fdisk -l
                                                                                                                                                                  
 
                                                                                                                                                                  If the following information is displayed, the total capacity of /dev/vda is 100 GiB.
                                                                                                                                                                  
@@ -119,20 +120,37 @@ tmpfs                         tmpfs     1.8G   75M  1.8G   5% /tmp
 ...
 
                                                                                                                                                                4. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                
 
                                                                                                                                                              
-
                                                                                                                                                              Expanding the Capacity of a Data Disk Used by Container Engines
                                                                                                                                                              CCE divides the data disk space for two parts by default. One part is used to store the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. The available container engine space affects image pulls and container startup and running. This section uses Docker as an example to describe how to expand the container engine capacity.
                                                                                                                                                              
-
                                                                                                                                                              1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                              2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                              3. Log in to the target node.
                                                                                                                                                              4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                
-
                                                                                                                                                                • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                  # lsblk
+
                                                                                                                                                                  Expanding Data Disk Capacity
                                                                                                                                                                  The first data disk of a CCE node is composed of container engine and kubelet space by default. If either of them reaches full capacity, you can expand the disk space as needed.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Expanding the Container Engine Capacity
                                                                                                                                                                  The available container engine space affects image pulls and container startup and running. This section uses containerd as an example to describe how to expand the container engine capacity.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                    Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                    
+
                                                                                                                                                                  2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                  3. Log in to the target node.
                                                                                                                                                                  4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                    A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                    
+
                                                                                                                                                                    Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Check the disk and partition sizes of the device.
                                                                                                                                                                      # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                      
-
                                                                                                                                                                      Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                      
-
                                                                                                                                                                      pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                      
-
                                                                                                                                                                    2. Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                      # lsblk
+
                                                                                                                                                                    3. Expand the disk capacity.
                                                                                                                                                                      Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                        
+
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
+
                                                                                                                                                                        Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                        
+
                                                                                                                                                                      2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                        lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                        
+
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
+
                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                        
+
                                                                                                                                                                      3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                        resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                        
+
                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                        
+
                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
+old_desc_blocks = 12, new_desc_blocks = 24
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Check the disk and partition sizes of the device.
                                                                                                                                                                      # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -145,26 +163,57 @@ vda                                   8:0    0   50G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                      
-
                                                                                                                                                                      • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                        pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                        
-
                                                                                                                                                                      • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                        pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                        
-
                                                                                                                                                                      
-
                                                                                                                                                                
+
                                                                                                                                                              5. Expand the disk capacity.
                                                                                                                                                                Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                
+
                                                                                                                                                                1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                  pvresize /dev/vdb
                                                                                                                                                                  
+
                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                  
+
                                                                                                                                                                  Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                  
+
                                                                                                                                                                2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                  lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                  
+
                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                  
+
                                                                                                                                                                  Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
+Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                  
+
                                                                                                                                                                3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                
+
                                                                                                                                                                Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                
+
                                                                                                                                                                1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                  pvresize /dev/vdb
                                                                                                                                                                  
+
                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                  
+
                                                                                                                                                                  Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                  
+
                                                                                                                                                                2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                  lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                  
+
                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                  
+
                                                                                                                                                                  Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                  
+
                                                                                                                                                                3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                  resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                  
+
                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                  
+
                                                                                                                                                                  Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
+old_desc_blocks = 4, new_desc_blocks = 16
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                              
 
                                                                                                                                                              
 
-
                                                                                                                                                              Expanding the Capacity of a Data Disk Used by kubelet
                                                                                                                                                              CCE divides the data disk space for container engines and pods. The container engine space stores the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. To expand the kubelet space, perform the following steps:
                                                                                                                                                              
-
                                                                                                                                                              1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                              2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                              3. Log in to the target node.
                                                                                                                                                              4. Run lsblk to view the block device information of the node.
                                                                                                                                                                # lsblk
+
                                                                                                                                                                Expanding the kubelet Capacity
                                                                                                                                                                The kubelet space serves as a temporary storage location for kubelet components and EmptyDir. You can follow the following steps to increase the kubelet capacity:
                                                                                                                                                                
+
                                                                                                                                                                1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                  Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                  
+
                                                                                                                                                                2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                4. Run lsblk to view the block device information of the node.
                                                                                                                                                                  # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd            # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                  
-
                                                                                                                                                                5. Run the following commands on the node to add the new disk capacity to the Kubernetes disk:
                                                                                                                                                                  pvresize /dev/vdb
-lvextend -l+100%FREE -n vgpaas/kubernetes
-resize2fs /dev/vgpaas/kubernetes
                                                                                                                                                                  
+
                                                                                                                                                                6. Perform the following operations on the node to add the new disk capacity to the kubelet space:
                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where kubelet is located.
                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                    
+
                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                    
+
                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                    
+
                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/kubernetes specifies the logical volume used by kubelet.
                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/kubernetes
                                                                                                                                                                    
+
                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                    
+
                                                                                                                                                                    Size of logical volume vgpaas/kubernetes changed from <10.00 GiB (2559 extents) to <110.00 GiB (28159 extents).
+Logical volume vgpaas/kubernetes successfully resized.
                                                                                                                                                                    
+
                                                                                                                                                                  3. Adjust the size of the file system. /dev/vgpaas/kubernetes specifies the file system path of the container engine.
                                                                                                                                                                    resize2fs /dev/vgpaas/kubernetes
                                                                                                                                                                    
+
                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                    
+
                                                                                                                                                                    Filesystem at /dev/vgpaas/kubernetes is mounted on /mnt/paas/kubernetes/kubelet; on-line resizing required
+old_desc_blocks = 2, new_desc_blocks = 14
+The filesystem on /dev/vgpaas/kubernetes is now 28834816 (4k) blocks long.
                                                                                                                                                                    
+
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Expanding the Capacity of a Data Disk Used by Pod (basesize)
                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                2. Choose Nodes from the navigation pane.
                                                                                                                                                                3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                   
                                                                                                                                                                  Resetting a node may make unavailable the node-specific resources (such as local storage and workloads scheduled to this node). Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                  
@@ -175,11 +224,11 @@ resize2fs /dev/vgpaas/kubernetes
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                              5. After the node is reset, log in to the node and run the following command to access the container and check whether the container storage capacity has been expanded:
                                                                                                                                                                docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                
 
                                                                                                                                                                df -h
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Expanding a PVC
                                                                                                                                                              Cloud storage:
                                                                                                                                                              
-
                                                                                                                                                              • OBS and SFS: There is no storage restriction and capacity expansion is not required.
                                                                                                                                                              • EVS:
                                                                                                                                                                • You can expand the capacity of automatically created volumes on the console. The procedure is as follows:
                                                                                                                                                                  1. Choose Storage in the navigation pane and click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                  2. Enter the capacity to be added and click OK.
                                                                                                                                                                  
+
                                                                                                                                                                  • OBS and SFS: There is no storage restriction and capacity expansion is not required.
                                                                                                                                                                  • EVS:
                                                                                                                                                                    • You can expand the capacity of automatically created volumes on the console. The procedure is as follows:
                                                                                                                                                                      1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                      2. Enter the capacity to be added and click OK.
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                  • For SFS Turbo, expand the capacity on the SFS console and then change the capacity in the PVC.
                                                                                                                                                                  
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00199.html b/docs/cce/umn/cce_bestpractice_00199.html
index 1258b637..39f3606a 100644
--- a/docs/cce/umn/cce_bestpractice_00199.html
+++ b/docs/cce/umn/cce_bestpractice_00199.html
@@ -3,14 +3,14 @@
 
                                                                                                                                                              Mounting an Object Storage Bucket of a Third-Party Tenant
                                                                                                                                                              
 
                                                                                                                                                              This section describes how to mount OBS buckets and OBS parallel file systems (preferred) of third-party tenants.
                                                                                                                                                              
 
                                                                                                                                                              Application Scenarios
                                                                                                                                                              The CCE cluster of a SaaS service provider needs to be mounted with the OBS bucket of a third-party tenant, as shown in Figure 1.
                                                                                                                                                              
-
                                                                                                                                                              Figure 1 Mounting an OBS bucket of a third-party tenant
                                                                                                                                                              
+
                                                                                                                                                              Figure 1 Mounting an OBS bucket of a third-party tenant
                                                                                                                                                              
 
                                                                                                                                                              1. The third-party tenant authorizes the SaaS service provider to access the OBS buckets or parallel file systems by setting the bucket policy and bucket ACL.
                                                                                                                                                              2. The SaaS service provider statically imports the OBS buckets and parallel file systems of the third-party tenant.
                                                                                                                                                              3. The SaaS service provider processes the service and writes the processing result (result file or result data) back to the OBS bucket of the third-party tenant.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Precautions
                                                                                                                                                              • Only parallel file systems and OBS buckets of third-party tenants in the same region can be mounted.
                                                                                                                                                              • Only clusters where the everest add-on of v1.1.11 or later has been installed (the cluster version must be v1.15 or later) can be mounted with OBS buckets of third-party tenants.
                                                                                                                                                              • The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Authorizing the SaaS Service Provider to Access the OBS Buckets
                                                                                                                                                              The following uses an OBS bucket as an example to describe how to set a bucket policy and bucket ACL to authorize the SaaS service provider. The configuration for an OBS parallel file system is the same.
                                                                                                                                                              
-
                                                                                                                                                              1. Log in to the OBS console.
                                                                                                                                                              2. In the bucket list, click a bucket name and access the Overview page.
                                                                                                                                                              1. In the navigation pane, choose Permissions > Bucket Policies. On the displayed page, click Create to create a bucket policy.
                                                                                                                                                                Figure 2 Creating a bucket policy
                                                                                                                                                                
-
                                                                                                                                                                • Policy Mode: Select Customized.
                                                                                                                                                                • Effect: Select Allow.
                                                                                                                                                                • Principal: Select Include, select Cloud service user, and enter the account ID and user ID. The bucket policy is applied to the specified user.
                                                                                                                                                                • Resources: Select the resources that can be operated.
                                                                                                                                                                • Actions: Select the actions that can be operated.
                                                                                                                                                                
+
                                                                                                                                                                1. Log in to the OBS console.
                                                                                                                                                                2. In the bucket list, click the name of the target bucket and access the Overview page.
                                                                                                                                                                1. In the navigation pane, choose Permissions > Bucket Policies. On the displayed page, click Create to create a bucket policy.
                                                                                                                                                                  Figure 2 Creating a bucket policy
                                                                                                                                                                  
+
                                                                                                                                                                  • Policy Mode: Select Customized.
                                                                                                                                                                  • Effect: Select Allow.
                                                                                                                                                                  • Principal: Select Include, select Cloud service user, and enter the account ID and user ID. The bucket policy is applied to the specified user.
                                                                                                                                                                  • Resources: Select the resource that can be operated.
                                                                                                                                                                  • Actions: Select the action that can be operated.
                                                                                                                                                                  
 
                                                                                                                                                                2. In the navigation pane, choose Permissions > Bucket ACLs. In the right pane, click Add. Enter the account ID or account name of the authorized user, select Read and Write for Access to Bucket, select Read and Write for Access to ACL, and click OK.
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              Statically Importing OBS Buckets and Parallel File Systems
                                                                                                                                                              • Static PV of an OBS bucket:
                                                                                                                                                                apiVersion: v1
diff --git a/docs/cce/umn/cce_bestpractice_00221.html b/docs/cce/umn/cce_bestpractice_00221.html
index 6ef7fab4..c83a65b6 100644
--- a/docs/cce/umn/cce_bestpractice_00221.html
+++ b/docs/cce/umn/cce_bestpractice_00221.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                Configuration Method
                                                                                                                                                                 
                                                                                                                                                                In the following example, only pods and Deployments in the test space can be viewed and added, and they cannot be deleted.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                1. Set the service account name to my-sa and namespace to test.
                                                                                                                                                                  kubectl create sa my-sa -n test
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                2. Configure the role table and assign operation permissions to different resources.
                                                                                                                                                                  vi role-test.yaml
                                                                                                                                                                  
 
                                                                                                                                                                  The content is as follows:
                                                                                                                                                                   
                                                                                                                                                                  In this example, the permission rules include the read-only permission (get/list/watch) of pods in the test namespace, and the read (get/list/watch) and create permissions of deployments.
                                                                                                                                                                  
 
                                                                                                                                                                  
@@ -45,7 +45,7 @@ rules:
 
                                                                                                                                                                  
 
                                                                                                                                                                  Create a Role.
                                                                                                                                                                  
 
                                                                                                                                                                  kubectl create -f role-test.yaml
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                3. Create a RoleBinding and bind the service account to the role so that the user can obtain the corresponding permissions.
                                                                                                                                                                  vi myrolebinding.yaml
                                                                                                                                                                  
 
                                                                                                                                                                  The content is as follows:
                                                                                                                                                                  apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -63,7 +63,7 @@ subjects:
 
                                                                                                                                                                  
 
                                                                                                                                                                  Create a RoleBinding.
                                                                                                                                                                  
 
                                                                                                                                                                  kubectl create -f myrolebinding.yaml
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  The user information is configured. Now perform 5 to 7 to write the user information to the configuration file.
                                                                                                                                                                  
 
                                                                                                                                                                4. Manually create a token that is valid for a long time for ServiceAccount.
                                                                                                                                                                  vi my-sa-token.yaml
                                                                                                                                                                  
 
                                                                                                                                                                  The content is as follows:
                                                                                                                                                                  apiVersion: v1
@@ -82,7 +82,7 @@ type: kubernetes.io/service-account-token
                                                                                                                                                                  
 
                                                                                                                                                                  1. Set a cluster access mode. test-arm specifies the cluster to be accessed. https://192.168.0.110:5443 specifies the apiserver IP address of the cluster. /home/test.config specifies the path for storing the configuration file.
                                                                                                                                                                    • If the internal API server address is used, run the following command:
                                                                                                                                                                      kubectl config set-cluster test-arm --server=https://192.168.0.110:5443  --certificate-authority=/home/ca.crt  --embed-certs=true --kubeconfig=/home/test.config
                                                                                                                                                                      
 
                                                                                                                                                                    • If the public API server address is used, run the following command:
                                                                                                                                                                      kubectl config set-cluster test-arm --server=https://192.168.0.110:5443 --kubeconfig=/home/test.config --insecure-skip-tls-verify=true
                                                                                                                                                                      
 
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                   
                                                                                                                                                                  If you perform operations on a node in the cluster or the node that uses the configuration is a cluster node, do not set the path of kubeconfig to /root/.kube/config.
                                                                                                                                                                  
 
                                                                                                                                                                  
@@ -91,18 +91,18 @@ type: kubernetes.io/service-account-token
                                                                                                                                                                
 
                                                                                                                                                                token=$(kubectl describe secret my-sa-token-secret -n test | awk '/token:/{print $2}')
                                                                                                                                                                
 
                                                                                                                                                                1. Set the cluster user ui-admin.
                                                                                                                                                                
 
                                                                                                                                                                kubectl config set-credentials ui-admin --token=$token --kubeconfig=/home/test.config
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                              • Configure the context information for cluster authentication access. ui-admin@test specifies the context name.
                                                                                                                                                                kubectl config set-context ui-admin@test --cluster=test-arm --user=ui-admin --kubeconfig=/home/test.config
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                              • Configure the context. For details about how to use the context, see Verification.
                                                                                                                                                                kubectl config use-context ui-admin@test --kubeconfig=/home/test.config
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                                 
                                                                                                                                                                If you want to assign other users the above permissions to perform operations on the cluster, provide the generated configuration file /home/test.config to the user after performing step 7. The user must ensure that the host can access the API server address of the cluster. When performing step 8 on the host and using kubectl, the user must set the kubeconfig parameter to the path of the configuration file.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                • 
 
                                                                                                                                                              
 
                                                                                                                                                              Verification
                                                                                                                                                              1. Pods in the test namespace cannot access pods in other namespaces.
                                                                                                                                                                kubectl get pod -n test --kubeconfig=/home/test.config
                                                                                                                                                                
-
                                                                                                                                                                
-
                                                                                                                                                              2. Pods in the test namespace cannot be deleted.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                              3. Pods in the test namespace cannot be deleted.
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Further Readings
                                                                                                                                                              For more information about users and identity authentication in Kubernetes, see Authenticating.
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00226.html b/docs/cce/umn/cce_bestpractice_00226.html
index 2e054242..d281ef5b 100644
--- a/docs/cce/umn/cce_bestpractice_00226.html
+++ b/docs/cce/umn/cce_bestpractice_00226.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                              Using hostAliases to Configure /etc/hosts in a Pod
                                                                                                                                                              
+
                                                                                                                                                              Configuring the /etc/hosts File of a Pod Using hostAliases
                                                                                                                                                              
 
                                                                                                                                                              Application Scenarios
                                                                                                                                                              If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the hostname at the pod level when adding entries to the /etc/hosts file of the pod.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Procedure
                                                                                                                                                              1. Use kubectl to connect to the cluster.
                                                                                                                                                              2. Create the hostaliases-pod.yaml file.
                                                                                                                                                                vi hostaliases-pod.yaml
                                                                                                                                                                
@@ -145,7 +145,7 @@ spec:
 hostaliases-pod       1/1            Running      0             16m
 
                                                                                                                                                              3. Check whether the hostAliases functions properly.
                                                                                                                                                                docker ps |grep hostaliases-pod
                                                                                                                                                                
 
                                                                                                                                                                docker exec -ti Container ID /bin/sh
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00228.html b/docs/cce/umn/cce_bestpractice_00228.html
index 267235c7..4b7aa1b8 100644
--- a/docs/cce/umn/cce_bestpractice_00228.html
+++ b/docs/cce/umn/cce_bestpractice_00228.html
@@ -49,7 +49,7 @@ spec:
 
                                                                                                                                                              deployment.apps/mysql created
                                                                                                                                                              
 
                                                                                                                                                            • Query the created Docker container on the node where the workload is running.
                                                                                                                                                              docker ps -a|grep mysql
                                                                                                                                                              
 
                                                                                                                                                              The init container will exit after it runs to completion. The query result Exited (0) shows the exit status of the init container.
                                                                                                                                                              
-
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                              • 
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00231.html b/docs/cce/umn/cce_bestpractice_00231.html
index 02b9a236..fe248911 100644
--- a/docs/cce/umn/cce_bestpractice_00231.html
+++ b/docs/cce/umn/cce_bestpractice_00231.html
@@ -274,7 +274,7 @@ metadata:
     kubernetes.io/elb.session-affinity-mode: APP_COOKIE     # Select APP_COOKIE.
     kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}'  # Application cookie name
 ...
-
                                                                                                                                                            • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                              apiVersion: networking.k8s.io/v1
+
                                                                                                                                                            • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                              apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -335,7 +335,7 @@ metadata:
     kubernetes.io/elb.session-affinity-mode: APP_COOKIE     # Select APP_COOKIE.
     kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}'  # Application cookie name
 ...
                                                                                                                                                              
-
                                                                                                                                                            • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                              apiVersion: networking.k8s.io/v1
+
                                                                                                                                                            • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                              apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -430,7 +430,7 @@ metadata:
     kubernetes.io/elb.session-affinity-mode: APP_COOKIE     # Select APP_COOKIE.
     kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}'  # Application cookie name
 ...
                                                                                                                                                              
-
                                                                                                                                                            • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                              apiVersion: networking.k8s.io/v1
+
                                                                                                                                                            • Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                              apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
diff --git a/docs/cce/umn/cce_bestpractice_0024.html b/docs/cce/umn/cce_bestpractice_0024.html
index add10522..425e7464 100644
--- a/docs/cce/umn/cce_bestpractice_0024.html
+++ b/docs/cce/umn/cce_bestpractice_0024.html
@@ -26,7 +26,7 @@ Run `velero backup describe wordpress-backup` or `velero backup logs wordpress-b
 wordpress-backup   Completed   0        0          2021-10-14 15:32:07 +0800 CST   29d       default            <none>
                                                                                                                                                              
 
 
                                                                                                                                                              In addition, you can go to the object bucket to view the backup files. The backups path is the application resource backup path, and the other is the PV data backup path.
                                                                                                                                                              
-
                                                                                                                                                              
+
                                                                                                                                                              
 
                                                                                                                                                              • 
 
 
                                                                                                                                                              Restoring Applications in the Target Cluster
                                                                                                                                                              The storage infrastructure of an on-premises cluster is different from that of a cloud cluster. After the cluster is migrated, PVs cannot be mounted to pods. Therefore, during the migration, update the storage class of the target cluster to shield the differences of underlying storage interfaces between the two clusters when creating a workload and request storage resources of the corresponding type. For details, see Updating the Storage Class. 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00253.html b/docs/cce/umn/cce_bestpractice_00253.html
index 7b895d45..a3ff084b 100644
--- a/docs/cce/umn/cce_bestpractice_00253.html
+++ b/docs/cce/umn/cce_bestpractice_00253.html
@@ -1,14 +1,14 @@
 
 
-
                                                                                                                                                              Using StorageClass to Dynamically Create a Subdirectory in an SFS Turbo File System
                                                                                                                                                              
-
                                                                                                                                                              Background
                                                                                                                                                              The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                              
-
                                                                                                                                                              The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                              
+
                                                                                                                                                              Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                              
+
                                                                                                                                                              Background
                                                                                                                                                              The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                              
+
                                                                                                                                                              The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Constraints
                                                                                                                                                              • Only clusters of v1.15 or later are supported.
                                                                                                                                                              • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                              • Kata containers are not supported.
                                                                                                                                                              • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                              • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                
+
                                                                                                                                                                Constraints
                                                                                                                                                                • Only clusters of v1.15 or later are supported.
                                                                                                                                                                • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                • Kata containers are not supported.
                                                                                                                                                                • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                  Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                  The following is an example:
                                                                                                                                                                  
-
                                                                                                                                                                  apiVersion: storage.k8s.io/v1
+
                                                                                                                                                                  Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                  1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                  2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                    The following is an example:
                                                                                                                                                                    
+
                                                                                                                                                                    apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
@@ -29,16 +29,16 @@ parameters:
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                    
-
                                                                                                                                                                    In this example:
                                                                                                                                                                    
-
                                                                                                                                                                    • name: indicates the name of the StorageClass.
                                                                                                                                                                    • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                      • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                      • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                        mountOptions:
+
                                                                                                                                                                        In this example:
                                                                                                                                                                        
+
                                                                                                                                                                        • name: indicates the name of the StorageClass.
                                                                                                                                                                        • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                          • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                          • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                            mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                            
 
                                                                                                                                                                          
-
                                                                                                                                                                        • everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                        • everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                        • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                        • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                        • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                        • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                        • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                        • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                        
-
                                                                                                                                                                  1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                  2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                    The following is an example:
                                                                                                                                                                    
-
                                                                                                                                                                    apiVersion: v1
+
                                                                                                                                                                  3. everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                  4. everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                  5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                  6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                  7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                  8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                  9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                  10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                              
+
                                                                                                                                                              1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                              2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                The following is an example:
                                                                                                                                                                
+
                                                                                                                                                                apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: sfs-turbo-test
@@ -51,13 +51,13 @@ spec:
       storage: 50Gi
   storageClassName: sfsturbo-subpath-sc
   volumeMode: Filesystem
                                                                                                                                                                
-
                                                                                                                                                                In this example:
                                                                                                                                                                
-
                                                                                                                                                                • name: indicates the name of the PVC.
                                                                                                                                                                • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                   
                                                                                                                                                                  The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                  
+
                                                                                                                                                                  In this example:
                                                                                                                                                                  
+
                                                                                                                                                                  • name: indicates the name of the PVC.
                                                                                                                                                                  • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                  • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                     
                                                                                                                                                                    The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
-
                                                                                                                                                              1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                              
+
                                                                                                                                                              1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                              1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                The following is an example:
                                                                                                                                                                apiVersion: apps/v1
+
                                                                                                                                                                Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                  The following is an example:
                                                                                                                                                                  apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-turbo-subpath-example
@@ -89,13 +89,13 @@ spec:
         persistentVolumeClaim: 
           claimName: sfs-turbo-test
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  In this example:
                                                                                                                                                                  
-
                                                                                                                                                                  • name: indicates the name of the created workload.
                                                                                                                                                                  • image: specifies the image used by the workload.
                                                                                                                                                                  • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                  • claimName: indicates the name of an existing PVC.
                                                                                                                                                                  
-
                                                                                                                                                                1. Create the Deployment.
                                                                                                                                                                  kubectl create -f deployment-test.yaml
                                                                                                                                                                  
+
                                                                                                                                                                  In this example:
                                                                                                                                                                  
+
                                                                                                                                                                  • name: indicates the name of the created workload.
                                                                                                                                                                  • image: specifies the image used by the workload.
                                                                                                                                                                  • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                  • claimName: indicates the name of an existing PVC.
                                                                                                                                                                  
+
                                                                                                                                                                1. Create the Deployment.
                                                                                                                                                                  kubectl create -f deployment-test.yaml
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                  The following is an example:
                                                                                                                                                                  
-
                                                                                                                                                                  apiVersion: apps/v1
+
                                                                                                                                                                  Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                  1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                    The following is an example:
                                                                                                                                                                    
+
                                                                                                                                                                    apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: test-turbo-subpath
@@ -151,15 +151,15 @@ spec:
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                    
-
                                                                                                                                                                    In this example:
                                                                                                                                                                    
-
                                                                                                                                                                    • name: indicates the name of the created workload.
                                                                                                                                                                    • image: specifies the image used by the workload.
                                                                                                                                                                    • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                    • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                    • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                    
-
                                                                                                                                                                  1. Create the StatefulSet.
                                                                                                                                                                    kubectl create -f statefulset-test.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    In this example:
                                                                                                                                                                    
+
                                                                                                                                                                    • name: indicates the name of the created workload.
                                                                                                                                                                    • image: specifies the image used by the workload.
                                                                                                                                                                    • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                    • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                    • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                    
+
                                                                                                                                                                  1. Create the StatefulSet.
                                                                                                                                                                    kubectl create -f statefulset-test.yaml
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Parent topic: Storage
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: SFS Turbo
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_bestpractice_00253_0.html b/docs/cce/umn/cce_bestpractice_00253_0.html
index 3a8c743c..8d5b44b0 100644
--- a/docs/cce/umn/cce_bestpractice_00253_0.html
+++ b/docs/cce/umn/cce_bestpractice_00253_0.html
@@ -1,14 +1,14 @@
 
 
-
                                                                                                                                                                Using StorageClass to Dynamically Create a Subdirectory in an SFS Turbo File System
                                                                                                                                                                
-
                                                                                                                                                                Background
                                                                                                                                                                The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                
-
                                                                                                                                                                The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                
+
                                                                                                                                                                Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                
+
                                                                                                                                                                Background
                                                                                                                                                                The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                
+
                                                                                                                                                                The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Constraints
                                                                                                                                                                • Only clusters of v1.15 or later are supported.
                                                                                                                                                                • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                • Kata containers are not supported.
                                                                                                                                                                • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                  Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                  
+
                                                                                                                                                                  Constraints
                                                                                                                                                                  • Only clusters of v1.15 or later are supported.
                                                                                                                                                                  • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                  • Kata containers are not supported.
                                                                                                                                                                  • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                  • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                    Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                  1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                  2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                    The following is an example:
                                                                                                                                                                    
-
                                                                                                                                                                    apiVersion: storage.k8s.io/v1
+
                                                                                                                                                                    Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                    1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                    2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                      The following is an example:
                                                                                                                                                                      
+
                                                                                                                                                                      apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
@@ -29,16 +29,16 @@ parameters:
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                      
-
                                                                                                                                                                      In this example:
                                                                                                                                                                      
-
                                                                                                                                                                      • name: indicates the name of the StorageClass.
                                                                                                                                                                      • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                        • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                        • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                          mountOptions:
+
                                                                                                                                                                          In this example:
                                                                                                                                                                          
+
                                                                                                                                                                          • name: indicates the name of the StorageClass.
                                                                                                                                                                          • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                            • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                            • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                              mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                              
 
                                                                                                                                                                            
-
                                                                                                                                                                          • everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                          • everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                          • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                          • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                          • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                          • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                          • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                          • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                          
-
                                                                                                                                                                    1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                    2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                      The following is an example:
                                                                                                                                                                      
-
                                                                                                                                                                      apiVersion: v1
+
                                                                                                                                                                    3. everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                    4. everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                    5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                    6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                    7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                    8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                    9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                    10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                
+
                                                                                                                                                              1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                              2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                The following is an example:
                                                                                                                                                                
+
                                                                                                                                                                apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: sfs-turbo-test
@@ -51,13 +51,13 @@ spec:
       storage: 50Gi
   storageClassName: sfsturbo-subpath-sc
   volumeMode: Filesystem
                                                                                                                                                                
-
                                                                                                                                                                In this example:
                                                                                                                                                                
-
                                                                                                                                                                • name: indicates the name of the PVC.
                                                                                                                                                                • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                   
                                                                                                                                                                  The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                  
+
                                                                                                                                                                  In this example:
                                                                                                                                                                  
+
                                                                                                                                                                  • name: indicates the name of the PVC.
                                                                                                                                                                  • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                  • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                     
                                                                                                                                                                    The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
-
                                                                                                                                                              1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                              
+
                                                                                                                                                              1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                              
 
                                                                                                                                                              
-
                                                                                                                                                              Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                              1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                The following is an example:
                                                                                                                                                                apiVersion: apps/v1
+
                                                                                                                                                                Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                  The following is an example:
                                                                                                                                                                  apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-turbo-subpath-example
@@ -89,13 +89,13 @@ spec:
         persistentVolumeClaim: 
           claimName: sfs-turbo-test
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  In this example:
                                                                                                                                                                  
-
                                                                                                                                                                  • name: indicates the name of the created workload.
                                                                                                                                                                  • image: specifies the image used by the workload.
                                                                                                                                                                  • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                  • claimName: indicates the name of an existing PVC.
                                                                                                                                                                  
-
                                                                                                                                                                1. Create the Deployment.
                                                                                                                                                                  kubectl create -f deployment-test.yaml
                                                                                                                                                                  
+
                                                                                                                                                                  In this example:
                                                                                                                                                                  
+
                                                                                                                                                                  • name: indicates the name of the created workload.
                                                                                                                                                                  • image: specifies the image used by the workload.
                                                                                                                                                                  • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                  • claimName: indicates the name of an existing PVC.
                                                                                                                                                                  
+
                                                                                                                                                                1. Create the Deployment.
                                                                                                                                                                  kubectl create -f deployment-test.yaml
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                  The following is an example:
                                                                                                                                                                  
-
                                                                                                                                                                  apiVersion: apps/v1
+
                                                                                                                                                                  Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                  1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                    The following is an example:
                                                                                                                                                                    
+
                                                                                                                                                                    apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: test-turbo-subpath
@@ -151,15 +151,15 @@ spec:
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                    
-
                                                                                                                                                                    In this example:
                                                                                                                                                                    
-
                                                                                                                                                                    • name: indicates the name of the created workload.
                                                                                                                                                                    • image: specifies the image used by the workload.
                                                                                                                                                                    • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                    • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                    • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                    
-
                                                                                                                                                                  1. Create the StatefulSet.
                                                                                                                                                                    kubectl create -f statefulset-test.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    In this example:
                                                                                                                                                                    
+
                                                                                                                                                                    • name: indicates the name of the created workload.
                                                                                                                                                                    • image: specifies the image used by the workload.
                                                                                                                                                                    • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                    • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                    • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                    
+
                                                                                                                                                                  1. Create the StatefulSet.
                                                                                                                                                                    kubectl create -f statefulset-test.yaml
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Parent topic: SFS Turbo
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Storage
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_bestpractice_00254.html b/docs/cce/umn/cce_bestpractice_00254.html
index 19ecaef5..1c869aef 100644
--- a/docs/cce/umn/cce_bestpractice_00254.html
+++ b/docs/cce/umn/cce_bestpractice_00254.html
@@ -1,17 +1,22 @@
 
 
 
                                                                                                                                                                Connecting to Multiple Clusters Using kubectl
                                                                                                                                                                
-
                                                                                                                                                                Background
                                                                                                                                                                When you have multiple CCE clusters, you may find it difficult to efficiently connect to all of them.
                                                                                                                                                                
+
                                                                                                                                                                Background
                                                                                                                                                                The kubectl command line tool relies on the kubeconfig configuration file to locate the necessary authentication information to select a cluster and communicate with its API server. By default, kubectl uses the $HOME/.kube/config file as the credential for accessing the cluster.
                                                                                                                                                                
+
                                                                                                                                                                When working with CCE clusters on a daily basis, it is common to manage multiple clusters simultaneously. However, this can make using the kubectl command line tool to connect to clusters cumbersome, as it requires frequent switching of the kubeconfig file during routine O&M. This section introduces how to connect to multiple clusters using the same kubectl client.
                                                                                                                                                                
+
                                                                                                                                                                 
                                                                                                                                                                The file used to configure cluster access is called the kubeconfig file, but it does not mean that the file name is kubeconfig.
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                This section describes how to configure access to multiple clusters by modifying kubeconfig.json. The file describes multiple clusters, users, and contexts. To access different clusters, run the kubectl config use-context command to switch between contexts.
                                                                                                                                                                
-
                                                                                                                                                                Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                
+
                                                                                                                                                                Solution
                                                                                                                                                                When performing O&M on Kubernetes clusters, it is often necessary to switch between multiple clusters. The following shows some typical solutions for cluster switchover:
                                                                                                                                                                
+
                                                                                                                                                                • Solution 1: Specify --kubeconfig of kubectl to select the kubeconfig file used by each cluster and use aliases to simplify commands.
                                                                                                                                                                • Solution 2: Combine clusters, users, and credentials in multiple kubeconfig files into one configuration file and run kubectl config use-context to switch clusters.
                                                                                                                                                                  Compared with solution 1, this solution requires manual configuration of the kubeconfig file, which is relatively complex.
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Prerequisites
                                                                                                                                                                kubectl can access multiple clusters.
                                                                                                                                                                
+
                                                                                                                                                                Prerequisites
                                                                                                                                                                • You have a Linux VM with the kubectl command line tool installed. The kubectl version must match the cluster version. For details, see Install Tools.
                                                                                                                                                                • The VM where kubectl is installed must be able to access the network of each cluster.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Introduction to kubeconfig.json
                                                                                                                                                                kubeconfig.json is the configuration file of kubectl. You can download it on the cluster details page.
                                                                                                                                                                
+
                                                                                                                                                                kubeconfig File Structure
                                                                                                                                                                kubeconfig is the configuration file of kubectl. You can download it on the cluster details page.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                
-
                                                                                                                                                                The content of kubeconfig.json is as follows:
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                The content of the kubeconfig file is as follows:
                                                                                                                                                                
 
                                                                                                                                                                {
     "kind": "Config",
     "apiVersion": "v1",
@@ -53,11 +58,44 @@
 }
                                                                                                                                                                
 
                                                                                                                                                                It mainly consists of three sections.
                                                                                                                                                                
 
                                                                                                                                                                • clusters: describes the cluster information, mainly the access address of the cluster.
                                                                                                                                                                • users: describes information about the users who access the cluster. It includes the client-certificate-data and client-key-data certificate files.
                                                                                                                                                                • contexts: describes the configuration contexts. You switch between contexts to access different clusters. A context is associated with user and cluster, that is, it defines which user accesses which cluster.
                                                                                                                                                                
-
                                                                                                                                                                The preceding kubeconfig.json defines the private network address and public network address of the cluster as two clusters with two different contexts. You can switch the context to use different addresses to access the cluster.
                                                                                                                                                                
+
                                                                                                                                                                The preceding kubeconfig defines the private network address and public network address of the cluster as two clusters with two different contexts. You can switch the context to use different addresses to access the cluster.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Configuring Access to Multiple Clusters
                                                                                                                                                                The following steps walk you through the procedure of configuring access to two clusters by modifying kubeconfig.json.
                                                                                                                                                                
+
                                                                                                                                                                Solution 1: Specify Different kubeconfig Files in Commands
                                                                                                                                                                1. Log in to the VM where kubectl is installed.
                                                                                                                                                                2. Download the kubeconfig files of the two clusters to the /home directory on the kubectl client. The following names are taken as examples.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                  Cluster Name
                                                                                                                                                                  
+
                                                                                                                                                                  kubeconfig File Name
                                                                                                                                                                  
+
                                                                                                                                                                  Cluster A
                                                                                                                                                                  
+
                                                                                                                                                                  kubeconfig-a.json
                                                                                                                                                                  
+
                                                                                                                                                                  Cluster B
                                                                                                                                                                  
+
                                                                                                                                                                  kubeconfig-b.json
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                3. Make kubectl access cluster A by default and move the kubeconfig-a.json file to $HOME/.kube/config.
                                                                                                                                                                  cd /home 
+mkdir -p $HOME/.kube 
+mv -f kubeconfig-a.json $HOME/.kube/config
                                                                                                                                                                  
+
                                                                                                                                                                4. Move the kubeconfig-b.json file of cluster B to $HOME/.kube/config-test.
                                                                                                                                                                  mv -f kubeconfig-b.json $HOME/.kube/config-test
                                                                                                                                                                  
+
                                                                                                                                                                  The name of the config-test file can be customized.
                                                                                                                                                                  
+
                                                                                                                                                                5. Add --kubeconfig to specify the credential used by the kubectl commands when accessing cluster B. (There is no need to add --kubeconfig when running kubectl commands to access cluster A, because kubectl can access cluster A by default.) For example, run the following command to check the nodes in cluster B:
                                                                                                                                                                  kubectl --kubeconfig=$HOME/.kube/config-test get node
                                                                                                                                                                  
+
                                                                                                                                                                  If you frequently use a long command, the preceding method can be inconvenient. To simplify the command, you can use aliases. For example:
                                                                                                                                                                  alias ka='kubectl --kubeconfig=$HOME/.kube/config'
+alias kb='kubectl --kubeconfig=$HOME/.kube/config-test'
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  In the preceding information, ka and kb can be custom aliases. When running the kubectl command, you can directly enter ka or kb to replace kubectl. The --kubeconfig parameter is automatically added. For example, the command for checking nodes in cluster B can be simplified as follows:
                                                                                                                                                                  
+
                                                                                                                                                                  kb get node
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Solution 2: Combine the kubeconfig Files of the Two Clusters Together
                                                                                                                                                                The following steps walk you through the procedure of modifying the kubeconfig files and accessing multiple clusters.
                                                                                                                                                                
 
                                                                                                                                                                This example configures only the public network access to the clusters. If you want to access multiple clusters over private networks, retain the clusters field and ensure that the clusters can be accessed over private networks. Its configuration is similar to that described in this example.
                                                                                                                                                                
-
                                                                                                                                                                1. Download kubeconfig.json of the two clusters and delete the lines related to private network access, as shown in the following figure.
                                                                                                                                                                  • Cluster A:
                                                                                                                                                                    {
+
                                                                                                                                                                    1. Download the kubeconfig files of the two clusters and delete the lines related to private network access, as shown in the following figure.
                                                                                                                                                                      • Cluster A:
                                                                                                                                                                        {
     "kind": "Config",
     "apiVersion": "v1",
     "preferences": {},
@@ -217,13 +255,9 @@
     }],
     "current-context": "Cluster-A-Context"
 }
                                                                                                                                                                        
-
                                                                                                                                                                    
-
                                                                                                                                                                
-
                                                                                                                                                                Verification
                                                                                                                                                                Run the following command to copy the conbined file to the kubectl configuration path:
                                                                                                                                                                
-
                                                                                                                                                                mkdir -p $HOME/.kube
                                                                                                                                                                
-
                                                                                                                                                                mv -f kubeconfig.json $HOME/.kube/config
                                                                                                                                                                
-
                                                                                                                                                                Run the kubectl commands to check whether the two clusters can be connected.
                                                                                                                                                                
-
                                                                                                                                                                # kubectl config use-context Cluster-A-Context
+
                                                                                                                                                              2. Run the following command to copy the combined file to the kubectl configuration path:
                                                                                                                                                                mkdir -p $HOME/.kube
                                                                                                                                                                
+
                                                                                                                                                                mv -f kubeconfig.json $HOME/.kube/config
                                                                                                                                                                
+
                                                                                                                                                              3. Run the kubectl command to check whether the two clusters can be accessed.
                                                                                                                                                                # kubectl config use-context Cluster-A-Context
 Switched to context "Cluster-A-Context".
 # kubectl cluster-info
 Kubernetes control plane is running at https://119.xxx.xxx.xxx:5443
@@ -238,6 +272,17 @@ Kubernetes control plane is running at https://124.xxx.xxx.xxx:5443
 CoreDNS is running at https://124.xxx.xxx.xxx:5443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
 
 To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
                                                                                                                                                                
+
                                                                                                                                                                If you frequently use a long command, the preceding method can be inconvenient. To simplify the command, you can use aliases. For example:
                                                                                                                                                                
+
                                                                                                                                                                alias ka='kubectl config use-context Cluster-A-Context;kubectl'
+alias kb='kubectl config use-context Cluster-B-Context;kubectl'
                                                                                                                                                                
+
                                                                                                                                                                In the preceding information, ka and kb can be custom aliases. When running the kubectl command, you can directly enter ka or kb to replace kubectl. You need to switch the context and then run the kubectl command. For example:
                                                                                                                                                                
+
                                                                                                                                                                # ka cluster-info
+Switched to context "Cluster-A-Context".
+Kubernetes control plane is running at https://119.xxx.xxx.xxx:5443
+CoreDNS is running at https://119.xxx.xxx.xxx:5443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
+
+To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
                                                                                                                                                                
+
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_00281.html b/docs/cce/umn/cce_bestpractice_00281.html
index d4529766..e31eaee4 100644
--- a/docs/cce/umn/cce_bestpractice_00281.html
+++ b/docs/cce/umn/cce_bestpractice_00281.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                              Custom Storage Classes
                                                                                                                                                              
+
                                                                                                                                                              Using Custom Storage Classes
                                                                                                                                                              
 
                                                                                                                                                              Background
                                                                                                                                                              When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for an SAS (high I/O) EVS disk (block storage).
                                                                                                                                                              
 
                                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
@@ -21,7 +21,7 @@ spec:
 
                                                                                                                                                              • Set storageClassName only, which is simpler than specifying the EVS disk type by using everest.io/disk-volume-type.
                                                                                                                                                              • Avoid modifying YAML files or Helm charts. Some users switch from self-built or other Kubernetes services to CCE and have written YAML files of many applications. In these YAML files, different types of storage resources are specified by different StorageClassNames. When using CCE, they need to modify a large number of YAML files or Helm charts to use storage resources, which is labor-consuming and error-prone.
                                                                                                                                                              • Set the default storageClassName for all applications to use the default storage class. In this way, you can create storage resources of the default type without needing to specify storageClassName in the YAML file.
                                                                                                                                                              
 
                                                                                                                                                              
 
                                                                                                                                                              Solution
                                                                                                                                                              This section describes how to set a custom storage class in CCE and how to set the default storage class. You can specify different types of storage resources by setting storageClassName.
                                                                                                                                                              
-
                                                                                                                                                              • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                
+
                                                                                                                                                                • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                  
 
                                                                                                                                                                • For the second scenario, you can define a storage class with the same name as that in the existing YAML file without needing to modify storageClassName in the YAML file.
                                                                                                                                                                • For the third scenario, you can set the default storage class as described below to create storage resources without specifying storageClassName in YAML files.
                                                                                                                                                                  apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -40,7 +40,7 @@ spec:
 
                                                                                                                                                                  # kubectl get sc
 NAME                PROVISIONER                     AGE
 csi-disk            everest-csi-provisioner         17d          # EVS disk
-csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delayed
+csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delay
 csi-nas             everest-csi-provisioner         17d          # SFS 1.0
 csi-obs             everest-csi-provisioner         17d          # OBS
 csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
                                                                                                                                                                  
@@ -51,72 +51,72 @@ metadata:
 provisioner: everest-csi-provisioner
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 is used by default.
+csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
   everest.io/disk-volume-type: SAS
   everest.io/passthrough: 'true'
 reclaimPolicy: Delete
 allowVolumeExpansion: true
 volumeBindingMode: Immediate
                                                                                                                                                                  
 
-
                                                                                                                                                                  Table 1 Key parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Table 1 Key parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  provisioner
                                                                                                                                                                  
+
                                                                                                                                                                  provisioner
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies the storage resource provider, which is the Everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                                                                                                  
+
                                                                                                                                                                  Specifies the storage resource provider, which is the Everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  parameters
                                                                                                                                                                  
+
                                                                                                                                                                  parameters
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies the storage parameters, which vary with storage types. For details, see Table 2.
                                                                                                                                                                  
+
                                                                                                                                                                  Specifies the storage parameters, which vary with storage types. For details, see Table 2.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  reclaimPolicy
                                                                                                                                                                  
+
                                                                                                                                                                  reclaimPolicy
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                                                                                                  
-
                                                                                                                                                                  • Delete: indicates that a dynamically created PV will be automatically destroyed.
                                                                                                                                                                  • Retain: indicates that a dynamically created PV will not be automatically destroyed.
                                                                                                                                                                  
+
                                                                                                                                                                  Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                                                                                                  
+
                                                                                                                                                                  • Delete: indicates that a dynamically created PV will be automatically deleted when the PVC is deleted.
                                                                                                                                                                  • Retain: indicates that a dynamically created PV will be retained when the PVC is deleted.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  allowVolumeExpansion
                                                                                                                                                                  
+
                                                                                                                                                                  allowVolumeExpansion
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                                                  
+
                                                                                                                                                                  Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  volumeBindingMode
                                                                                                                                                                  
+
                                                                                                                                                                  volumeBindingMode
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                                                  
+
                                                                                                                                                                  Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                                                  
 
                                                                                                                                                                  • Immediate: PV binding and dynamic creation are completed when a PVC is created.
                                                                                                                                                                  • WaitForFirstConsumer: PV binding and creation are delayed. The PV creation and binding processes are executed only when the PVC is used in the workload.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  mountOptions
                                                                                                                                                                  
+
                                                                                                                                                                  mountOptions
                                                                                                                                                                  
 
                                                                                                                                                                  This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                                                                                                  
+
                                                                                                                                                                  This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
-
                                                                                                                                                                  Table 2 Parameters
                                                                                                                                                                  Volume Type
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Table 2 Parameters
                                                                                                                                                                  Volume Type
                                                                                                                                                                  
 
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
+
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  EVS
                                                                                                                                                                  
+
                                                                                                                                                                  EVS
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
+
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                                                  
+
                                                                                                                                                                  Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/fstype
                                                                                                                                                                  
@@ -143,13 +143,13 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                  The parameter value is fixed at true, which indicates that the EVS device type is SCSI. Other parameter values are not allowed.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  SFS
                                                                                                                                                                  
+
                                                                                                                                                                  SFS
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
+
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                                                                                                  
+
                                                                                                                                                                  Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/fstype
                                                                                                                                                                  
@@ -188,13 +188,13 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                  This parameter is mandatory only when SFS 3.0 is used. The value is fixed at sfs3.0.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  SFS Turbo
                                                                                                                                                                  
+
                                                                                                                                                                  SFS Turbo
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
+
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                                                                                                  
+
                                                                                                                                                                  Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/fstype
                                                                                                                                                                  
@@ -232,13 +232,13 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                  SFS Turbo storage class. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  OBS
                                                                                                                                                                  
+
                                                                                                                                                                  OBS
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
+
                                                                                                                                                                  csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                                                                                                  
+
                                                                                                                                                                  Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  csi.storage.k8s.io/fstype
                                                                                                                                                                  
@@ -246,7 +246,7 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                  Yes
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Instance type, which can be obsfs or s3fs.
                                                                                                                                                                  
-
                                                                                                                                                                  • obsfs: Parallel file system, which is mounted using obsfs (recommended).
                                                                                                                                                                  • s3fs: Object bucket, which is mounted using s3fs.
                                                                                                                                                                  
+
                                                                                                                                                                  • obsfs: a parallel file system
                                                                                                                                                                  • s3fs: object bucket
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  everest.io/obs-volume-type
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_00282.html b/docs/cce/umn/cce_bestpractice_00282.html
index 48e87e27..89fa253b 100644
--- a/docs/cce/umn/cce_bestpractice_00282.html
+++ b/docs/cce/umn/cce_bestpractice_00282.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                                                                  Using HPA and CA for Auto Scaling of Workloads and Nodes
                                                                                                                                                                  
 
                                                                                                                                                                  Application Scenarios
                                                                                                                                                                  The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                                                                                                  
-
                                                                                                                                                                  When pods or containers are used for deploying applications, the upper limit of available resources is typically required to set for pods or containers to prevent unlimited usage of node resources during peak hours. However, after the upper limit is reached, an application error may occur. To resolve this issue, scale in the number of pods to share workloads. If the node resource usage increases to a certain extent that newly added pods cannot be scheduled, scale in the number of nodes based on the node resource usage.
                                                                                                                                                                  
+
                                                                                                                                                                  When deploying applications in pods, you can configure requested resources and resource limits for the pods to prevent unlimited usage of resources during peak hours. However, after the upper limit is reached, an application error may occur. Pod scaling can effectively resolve this issue. If the resource usage on the node increases to a certain extent, newly added pods cannot be scheduled to this node. In this case, CCE will add nodes accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Solution
                                                                                                                                                                  Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                                                                  
 
                                                                                                                                                                  HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                                                                  
-
                                                                                                                                                                  As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                  Figure 1 HPA and CA working flows
                                                                                                                                                                  
+
                                                                                                                                                                  As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                  Figure 1 HPA and CA working flows
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                                                  
 
                                                                                                                                                                  This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                                                                  
@@ -28,8 +28,8 @@ COPY index.php /var/www/html/index.php
 RUN chmod a+rx index.php
 
                                                                                                                                                                  
 
                                                                                                                                                                • Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                                                  docker build -t hpa-example:latest .
                                                                                                                                                                  
-
                                                                                                                                                                • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner to create an organization.
                                                                                                                                                                  Skip this step if you already have an organization.
                                                                                                                                                                  
-
                                                                                                                                                                • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                • Tag the hpa-example image.
                                                                                                                                                                  docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                  
+
                                                                                                                                                                • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner.
                                                                                                                                                                  Skip this step if you already have an organization.
                                                                                                                                                                  
+
                                                                                                                                                                • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                • Tag the hpa-example image.
                                                                                                                                                                  docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                  
 
                                                                                                                                                                  • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                                                                                                  • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                                                                                                  • {Organization name}: name of the created organization.
                                                                                                                                                                  • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                                                                                                  
 
                                                                                                                                                                  The following is an example:
                                                                                                                                                                  
 
                                                                                                                                                                  docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                                                  
@@ -119,7 +119,7 @@ spec:
           averageUtilization: 50
 
                                                                                                                                                                  Configure the parameters as follows if you are using the console.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  • 
 
                                                                                                                                                                  Observing the Auto Scaling Process
                                                                                                                                                                  1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                                                    # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -130,7 +130,7 @@ NAME            STATUS   ROLES    AGE     VERSION
 NAME         REFERENCE                TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
 hpa-policy   Deployment/hpa-example   0%/50%    1         100       1          4m
                                                                                                                                                                    
 
                                                                                                                                                                  2. Run the following command to access the workload. In the following command, {ip:port} indicates the access address of the workload, which can be queried on the workload details page.
                                                                                                                                                                    while true;do wget -q -O- http://{ip:port}; done
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    If no EIP is displayed, the cluster node has not been assigned any EIP. Allocate one, bind it to the node, and synchronize node data. .
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    If no EIP is displayed, the cluster node has not been assigned any EIP. Allocate one, bind it to the node, and synchronize node data. 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Observe the scaling process of the workload.
                                                                                                                                                                    
 
                                                                                                                                                                    # kubectl get hpa hpa-policy --watch
diff --git a/docs/cce/umn/cce_bestpractice_00284.html b/docs/cce/umn/cce_bestpractice_00284.html
index d1cd7808..c199bf6b 100644
--- a/docs/cce/umn/cce_bestpractice_00284.html
+++ b/docs/cce/umn/cce_bestpractice_00284.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                                    Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topology)
                                                                                                                                                                    
+
                                                                                                                                                                    Scheduling EVS Disks Across AZs Using csi-disk-topology
                                                                                                                                                                    
 
                                                                                                                                                                    Background
                                                                                                                                                                    EVS disks cannot be attached to a node deployed in another AZ. For example, the EVS disks in AZ 1 cannot be attached to a node in AZ 2. If the storage class csi-disk is used for StatefulSets, when a StatefulSet is scheduled, a PVC and a PV are created immediately (an EVS disk is created along with the PV), and then the PVC is bound to the PV. However, when the cluster nodes are located in multiple AZs, the EVS disk created by the PVC and the node to which the pods are scheduled may be in different AZs. As a result, the pods fail to be scheduled.
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Solution
                                                                                                                                                                    CCE provides a storage class named csi-disk-topology, which is a late-binding EVS disk type. When you use this storage class to create a PVC, no PV will be created in pace with the PVC. Instead, the PV is created in the AZ of the node where the pod will be scheduled. An EVS disk is then created in the same AZ to ensure that the EVS disk can be attached and the pod can be successfully scheduled.
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Failed Pod Scheduling Due to csi-disk Used in Cross-AZ Node Deployment
                                                                                                                                                                    Create a cluster with three nodes in different AZs.
                                                                                                                                                                    
 
                                                                                                                                                                    Use the csi-disk storage class to create a StatefulSet and check whether the workload is successfully created.
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0050.html b/docs/cce/umn/cce_bestpractice_0050.html
index 0ee4034e..69435e8c 100644
--- a/docs/cce/umn/cce_bestpractice_0050.html
+++ b/docs/cce/umn/cce_bestpractice_0050.html
@@ -5,14 +5,16 @@
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
 
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0051.html b/docs/cce/umn/cce_bestpractice_0051.html
index ba99c4cf..2489886c 100644
--- a/docs/cce/umn/cce_bestpractice_0051.html
+++ b/docs/cce/umn/cce_bestpractice_0051.html
@@ -14,9 +14,9 @@
 
                                                                                                                                                                    3. 
 
                                                                                                                                                                  3. Using Init Containers to Initialize an Application
                                                                                                                                                                    
 
                                                                                                                                                                    4. 
-
                                                                                                                                                                  4. Using hostAliases to Configure /etc/hosts in a Pod
                                                                                                                                                                    
+
                                                                                                                                                                  5. Configuring the /etc/hosts File of a Pod Using hostAliases
                                                                                                                                                                    
 
                                                                                                                                                                    6. 
-
                                                                                                                                                                  6. Configuring Core Dumps
                                                                                                                                                                    
+
                                                                                                                                                                  7. Locating Container Faults Using the Core Dump File
                                                                                                                                                                    
 
                                                                                                                                                                    8. 
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0052.html b/docs/cce/umn/cce_bestpractice_0052.html
index d3bd0a79..9674f96f 100644
--- a/docs/cce/umn/cce_bestpractice_0052.html
+++ b/docs/cce/umn/cce_bestpractice_0052.html
@@ -13,8 +13,12 @@
 
 
                                                                                                                                                                  8. Obtaining the Client Source IP Address for a Container
                                                                                                                                                                    
 
                                                                                                                                                                    9. 
+
                                                                                                                                                                  9. CoreDNS Configuration Optimization
                                                                                                                                                                    
+
                                                                                                                                                                    10. 
 
                                                                                                                                                                  10. Pre-Binding Container ENI for CCE Turbo Clusters
                                                                                                                                                                    
 
                                                                                                                                                                    11. 
+
                                                                                                                                                                  11. Retaining the Original IP Address of a Pod
                                                                                                                                                                    
+
                                                                                                                                                                    12. 
 
 
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0053.html b/docs/cce/umn/cce_bestpractice_0053.html
index f8e0a637..8adf7788 100644
--- a/docs/cce/umn/cce_bestpractice_0053.html
+++ b/docs/cce/umn/cce_bestpractice_0053.html
@@ -8,13 +8,13 @@
 
 
                                                                                                                                                                  12. Mounting an Object Storage Bucket of a Third-Party Tenant
                                                                                                                                                                    
 
                                                                                                                                                                    13. 
-
                                                                                                                                                                  13. Using StorageClass to Dynamically Create a Subdirectory in an SFS Turbo File System
                                                                                                                                                                    
+
                                                                                                                                                                  14. Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                    
 
                                                                                                                                                                    15. 
-
                                                                                                                                                                  15. How Do I Change the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest?
                                                                                                                                                                    
+
                                                                                                                                                                  16. Changing the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest
                                                                                                                                                                    
 
                                                                                                                                                                    17. 
-
                                                                                                                                                                  17. Custom Storage Classes
                                                                                                                                                                    
+
                                                                                                                                                                  18. Using Custom Storage Classes
                                                                                                                                                                    
 
                                                                                                                                                                    19. 
-
                                                                                                                                                                  19. Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topology)
                                                                                                                                                                    
+
                                                                                                                                                                  20. Scheduling EVS Disks Across AZs Using csi-disk-topology
                                                                                                                                                                    
 
                                                                                                                                                                    21. 
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0107.html b/docs/cce/umn/cce_bestpractice_0107.html
index 01846a56..9bff36c8 100644
--- a/docs/cce/umn/cce_bestpractice_0107.html
+++ b/docs/cce/umn/cce_bestpractice_0107.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                    How Do I Change the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest?
                                                                                                                                                                    
+
                                                                                                                                                                    Changing the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest
                                                                                                                                                                    
 
                                                                                                                                                                    In clusters later than v1.15.11-r1, CSI (the everest add-on) has taken over all functions of fuxi FlexVolume (the storage-driver add-on) for managing container storage. You are advised to use CSI Everest.
                                                                                                                                                                    
 
                                                                                                                                                                    To migrate your storage volumes, create a static PV to associate with the original underlying storage, and then create a PVC to associate with this static PV. When you upgrade your application, mount the new PVC to the original mounting path to migrate the storage volumes.
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    Services will be interrupted during the migration. Therefore, properly plan the migration and back up data.
                                                                                                                                                                    
@@ -549,7 +549,7 @@ spec:
 
                                                                                                                                                                     
                                                                                                                                                                    Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  21. Run the kubectl edit command to edit the StatefulSet and use the newly created PVC.
                                                                                                                                                                    kubectl edit sts sts-example -n xxx
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    Replace sts-example in the preceding command with the actual name of the StatefulSet to upgrade. xxx indicates the namespace to which the StatefulSet belongs.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  22. Wait until the pods are running.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_0307.html b/docs/cce/umn/cce_bestpractice_0307.html
index cbc96483..933e75aa 100644
--- a/docs/cce/umn/cce_bestpractice_0307.html
+++ b/docs/cce/umn/cce_bestpractice_0307.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                  Now you can address the preceding challenges by using CCE, a service that allows easy cluster management and flexible scaling, integrated with application service mesh and Helm charts to simplify cluster O&M and reduce operations costs. CCE is easy to use and delivers high performance, security, reliability, openness, and compatibility. This section describes the solution and procedure for migrating on-premises clusters to CCE.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Migration Solution
                                                                                                                                                                  This section describes a cluster migration solution, which applies to the following types of clusters:
                                                                                                                                                                  
-
                                                                                                                                                                  • Kubernetes clusters built in local IDCs
                                                                                                                                                                  • On-premises clusters built using multiple ECSs
                                                                                                                                                                  • Cluster services provided by other cloud service providers
                                                                                                                                                                  • CCE clusters that are no longer maintained and cannot be upgraded in place
                                                                                                                                                                  
+
                                                                                                                                                                  • Kubernetes clusters built in local IDCs
                                                                                                                                                                  • On-premises clusters built using multiple ECSs
                                                                                                                                                                  • Cluster services provided by other cloud service providers
                                                                                                                                                                  • CCE clusters that are no longer maintained and cannot be upgraded in place
                                                                                                                                                                  
 
                                                                                                                                                                  Before the migration, analyze all resources in the source clusters and then determine the migration solution. Resources that can be migrated include resources inside and outside the clusters, as listed in the following table.
 
                                                                                                                                                                  
@@ -53,9 +53,9 @@
 
                                                                                                                                                                  Figure 1 shows the migration process. You can migrate resources outside a cluster as required.
                                                                                                                                                                  
-
                                                                                                                                                                  Figure 1 Migration solution diagram
                                                                                                                                                                  
+
                                                                                                                                                                  Figure 1 Migration solution diagram
                                                                                                                                                                  
-
                                                                                                                                                                  Migration Process
                                                                                                                                                                  
+
                                                                                                                                                                  Migration Process
                                                                                                                                                                  
 
                                                                                                                                                                  The cluster migration process is as follows:
                                                                                                                                                                  
 
                                                                                                                                                                  1. Plan resources for the target cluster.
                                                                                                                                                                    For details about the differences between CCE clusters and on-premises clusters, see Key Performance Parameter in Planning Resources for the Target Cluster. Plan resources as required and ensure that the performance configuration of the target cluster is the same as that of the source cluster.
                                                                                                                                                                    
 
                                                                                                                                                                  2. Migrate resources outside a cluster.
                                                                                                                                                                    To migrate resources outside the cluster, see Migrating Resources Outside a Cluster.
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0312.html b/docs/cce/umn/cce_bestpractice_0312.html
index 010b6800..842c622f 100644
--- a/docs/cce/umn/cce_bestpractice_0312.html
+++ b/docs/cce/umn/cce_bestpractice_0312.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                                  3. Run the following command to modify the workload and replace the image field in the YAML file with the image path:
                                                                                                                                                                    kubectl edit deploy wordpress
                                                                                                                                                                    
 
                                                                                                                                                                  4. Check the running status of the workload.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Updating Services
                                                                                                                                                                  After the cluster is migrated, the Service of the source cluster may fail to take effect. You can perform the following steps to update the Service. If ingresses are configured in the source cluster, connect the new cluster to ELB again after the migration. For details, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                  
+
                                                                                                                                                                  Updating Services
                                                                                                                                                                  After the cluster is migrated, the Service of the source cluster may fail to take effect. You can perform the following steps to update the Service. If ingresses are configured in the source cluster, connect the new cluster to ELB again after the migration. For details, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                  
 
                                                                                                                                                                  1. Connect to the cluster using kubectl.
                                                                                                                                                                  2. Edit the YAML file of the corresponding Service to change the Service type and port number.
                                                                                                                                                                    kubectl edit svc wordpress
                                                                                                                                                                    
 
                                                                                                                                                                    To update load balancer resources, connect to ELB again. Add the annotations by following the procedure described in LoadBalancer.
                                                                                                                                                                    annotations: 
   kubernetes.io/elb.class: union # Shared load balancer
diff --git a/docs/cce/umn/cce_bestpractice_0313.html b/docs/cce/umn/cce_bestpractice_0313.html
index 905935f0..ecb1347b 100644
--- a/docs/cce/umn/cce_bestpractice_0313.html
+++ b/docs/cce/umn/cce_bestpractice_0313.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                    Performing Additional Tasks
                                                                                                                                                                    
 
                                                                                                                                                                    Verifying Application Functions
                                                                                                                                                                    Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the redirection link of the article published in WordPress is still the original domain name. If you click the article title, you will be redirected to the application in the source cluster. Therefore, search for the original domain name in WordPress and replace it with the new domain name, change the values of site_url and primary URL in the database. For details, see Changing The Site URL.
                                                                                                                                                                    
 
                                                                                                                                                                    Access the new address of the WordPress application. If the article published before the migration is displayed, the data of the persistent volume is successfully restored.
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Switching Live Traffic to the Target Cluster
                                                                                                                                                                    O&M personnel switch DNS to direct live traffic to the target cluster.
                                                                                                                                                                    
 
                                                                                                                                                                    • DNS traffic switching: Adjust the DNS configuration to switch traffic.
                                                                                                                                                                    • Client traffic switching: Upgrade the client code or update the configuration to switch traffic.
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0315.html b/docs/cce/umn/cce_bestpractice_0315.html
index 771b69b1..a7bf75c9 100644
--- a/docs/cce/umn/cce_bestpractice_0315.html
+++ b/docs/cce/umn/cce_bestpractice_0315.html
@@ -8,13 +8,13 @@
 
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0317.html b/docs/cce/umn/cce_bestpractice_0317.html
index 797c2b43..94d95849 100644
--- a/docs/cce/umn/cce_bestpractice_0317.html
+++ b/docs/cce/umn/cce_bestpractice_0317.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                    Cluster Security
                                                                                                                                                                    
+
                                                                                                                                                                    Suggestions on CCE Cluster Security Configuration
                                                                                                                                                                    
 
                                                                                                                                                                    For security purposes, you are advised to configure a cluster as follows.
                                                                                                                                                                    
 
                                                                                                                                                                    Using the CCE Cluster of the Latest Version
                                                                                                                                                                    Kubernetes releases a major version in about four months. CCE follows the same frequency as Kubernetes to release major versions. To be specific, a new CCE version is released about three months after a new Kubernetes version is released in the community. For example, Kubernetes v1.19 was released in September 2020 and CCE v1.19 was released in March 2021.
                                                                                                                                                                    
 
                                                                                                                                                                    The latest cluster version has known vulnerabilities fixed or provides a more comprehensive security protection mechanism. You are advised to select the latest cluster version when creating a cluster. Before a cluster version is deprecated and removed, upgrade your cluster to a supported version.
                                                                                                                                                                    
@@ -78,7 +78,7 @@ spec:
 
                                                                                                                                                                    3. 
 
                                                                                                                                                                  
 
                                                                                                                                                                  Configuring Network Isolation in a Cluster
                                                                                                                                                                  • Container tunnel network
                                                                                                                                                                    If networks need to be isolated between namespaces in a cluster or between workloads in the same namespace, you can configure network policies to isolate the networks. 
                                                                                                                                                                    
-
                                                                                                                                                                  • Cloud Native Network 2.0
                                                                                                                                                                    In the Cloud Native Network 2.0 model, you can configure security groups to isolate networks between pods. For details, see SecurityGroups.
                                                                                                                                                                    
+
                                                                                                                                                                  • Cloud Native 2.0 network
                                                                                                                                                                    In the Cloud Native Network 2.0 model, you can configure security groups to isolate networks between pods. For details, see SecurityGroups.
                                                                                                                                                                    
 
                                                                                                                                                                  • VPC network
                                                                                                                                                                    Network isolation is not supported.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_0318.html b/docs/cce/umn/cce_bestpractice_0318.html
index b9b65c09..2e7c3dc4 100644
--- a/docs/cce/umn/cce_bestpractice_0318.html
+++ b/docs/cce/umn/cce_bestpractice_0318.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Node Security
                                                                                                                                                                  
+
                                                                                                                                                                  Suggestions on CCE Node Security Configuration
                                                                                                                                                                  
 
                                                                                                                                                                  Preventing Nodes from Being Exposed to Public Networks
                                                                                                                                                                  • Do not bind an EIP to a node unless necessary to reduce the attack surface.
                                                                                                                                                                  • If an EIP must be used, properly configure the firewall or security group rules to restrict access of unnecessary ports and IP addresses.
                                                                                                                                                                  
 
                                                                                                                                                                  You may have configured the kubeconfig.json file on a node in your cluster. kubectl can use the certificate and private key in this file to control the entire cluster. You are advised to delete unnecessary files from the /root/.kube directory on the node to prevent malicious use.
                                                                                                                                                                  
 
                                                                                                                                                                  rm -rf /root/.kube
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_0319.html b/docs/cce/umn/cce_bestpractice_0319.html
index f23788ab..e4241ef4 100644
--- a/docs/cce/umn/cce_bestpractice_0319.html
+++ b/docs/cce/umn/cce_bestpractice_0319.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Container Security
                                                                                                                                                                  
+
                                                                                                                                                                  Security Configuration Suggestions for Using Containers in CCE Clusters
                                                                                                                                                                  
 
                                                                                                                                                                  Controlling the Pod Scheduling Scope
                                                                                                                                                                  The nodeSelector or nodeAffinity is used to limit the range of nodes to which applications can be scheduled, preventing the entire cluster from being threatened due to the exceptions of a single application. 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Suggestions on Container Security Configuration
                                                                                                                                                                  • Set the computing resource limits (request and limit) of a container. This prevents the container from occupying too many resources and affecting the stability of the host and other containers on the same node.
                                                                                                                                                                  • Unless necessary, do not mount sensitive host directories to containers, such as /, /boot, /dev, /etc, /lib, /proc, /sys, and /usr.
                                                                                                                                                                  • Do not run the sshd process in containers unless necessary.
                                                                                                                                                                  • Unless necessary, it is not recommended that containers and hosts share the network namespace.
                                                                                                                                                                  • Unless necessary, it is not recommended that containers and hosts share the process namespace.
                                                                                                                                                                  • Unless necessary, it is not recommended that containers and hosts share the IPC namespace.
                                                                                                                                                                  • Unless necessary, it is not recommended that containers and hosts share the UTS namespace.
                                                                                                                                                                  • Unless necessary, do not mount the sock file of Docker to any container.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_0320.html b/docs/cce/umn/cce_bestpractice_0320.html
index c0fe3dd3..5f942aad 100644
--- a/docs/cce/umn/cce_bestpractice_0320.html
+++ b/docs/cce/umn/cce_bestpractice_0320.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Secret Security
                                                                                                                                                                  
+
                                                                                                                                                                  Security Configuration Suggestions for Using Secrets in CCE Clusters
                                                                                                                                                                  
 
                                                                                                                                                                  Currently, CCE has configured static encryption for secret resources. The secrets created by users will be encrypted and stored in etcd of the CCE cluster. Secrets can be used in two modes: environment variable and file mounting. No matter which mode is used, CCE still transfers the configured data to users. Therefore, it is recommended that:
                                                                                                                                                                  
 
                                                                                                                                                                  1. Do not record sensitive information in logs.
                                                                                                                                                                  2. For the secret that uses the file mounting mode, the default file permission mapped in the container is 0644. Configure stricter permissions for the file. For example:
                                                                                                                                                                    apiversion: v1
 kind: Pod
diff --git a/docs/cce/umn/cce_bestpractice_0323.html b/docs/cce/umn/cce_bestpractice_0323.html
index ccee6670..1791c7c1 100644
--- a/docs/cce/umn/cce_bestpractice_0323.html
+++ b/docs/cce/umn/cce_bestpractice_0323.html
@@ -8,7 +8,7 @@
 
 
                                                                                                                                                                    
 
                                                                                                                                                                      
-
                                                                                                                                                                    • Recommended Configurations for Cluster HA
                                                                                                                                                                      
+
                                                                                                                                                                    • Recommended Configurations for HA CCE Clusters
                                                                                                                                                                      
 
                                                                                                                                                                      • 
 
                                                                                                                                                                    • Implementing High Availability for Applications in CCE
                                                                                                                                                                      
 
                                                                                                                                                                      • 
diff --git a/docs/cce/umn/cce_bestpractice_0324.html b/docs/cce/umn/cce_bestpractice_0324.html
index 71f76e8d..d6e6487b 100644
--- a/docs/cce/umn/cce_bestpractice_0324.html
+++ b/docs/cce/umn/cce_bestpractice_0324.html
@@ -4,13 +4,13 @@
 
                                                                                                                                                                      
 
                                                                                                                                                                      Background
                                                                                                                                                                      GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).
                                                                                                                                                                      
 
                                                                                                                                                                      GitLab provides powerful CI/CD functions and is widely used in software development.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 1 GitLab CI/CD process
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 1 GitLab CI/CD process
                                                                                                                                                                      
 
                                                                                                                                                                      This section describes how to interconnect GitLab with SWR and CCE for CI/CD.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Preparations
                                                                                                                                                                      1. Create a CCE cluster and a node and bind an EIP to the node for downloading an image during GitLab Runner installation.
                                                                                                                                                                      2. Download and configure kubectl to connect to the cluster.
                                                                                                                                                                      3. Install Helm 3.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Installing GitLab Runner
                                                                                                                                                                      Log in to GitLab, choose Settings > CI/CD in the project view, click Expand next to Runners, and search for the GitLab Runner registration URL and token.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      Create the values.yaml file and fill in the following information:
                                                                                                                                                                      
 
                                                                                                                                                                      # Registration URL
 gitlabUrl: https://gitlab.com/
@@ -26,7 +26,7 @@ runners:
 
                                                                                                                                                                      helm repo add gitlab https://charts.gitlab.io 
 helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runner --version=0.43.1
                                                                                                                                                                      
 
                                                                                                                                                                      After the installation, you can obtain the gitlab-runner workload on the CCE console and view the connection information in GitLab later.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Creating an Application
                                                                                                                                                                      Place the application to be created in the GitLab project repository. This section takes Nginx modification as an example. For details, visit https://gitlab.com/c8147/cidemo/-/tree/main.
                                                                                                                                                                      
 
                                                                                                                                                                      The following files are included:
                                                                                                                                                                      
@@ -35,26 +35,26 @@ helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runne
 
                                                                                                                                                                      
 
                                                                                                                                                                      Configuring Global Variables
                                                                                                                                                                      When using pipelines, build an image, upload it to SWR, and run kubectl commands to deploy the image in the cluster. Before performing these operations, you must log in to SWR and obtain the credential for connecting to the cluster. You can define the information as variables in GitLab.
                                                                                                                                                                      
 
                                                                                                                                                                      Log in to GitLab, choose Settings > CI/CD in the project view, and click Expand next to Variables to add variables.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      • kube_config
                                                                                                                                                                        kubeconfig.json file used for kubectl command authentication. Run the following command on the host where kubectl is configured to convert the file to the Base64 format:
                                                                                                                                                                        
 
                                                                                                                                                                        echo $(cat ~/.kube/config | base64) | tr -d " "
                                                                                                                                                                        
 
                                                                                                                                                                        The command output is the content of kubeconfig.json.
                                                                                                                                                                        
-
                                                                                                                                                                      • project: project name.
                                                                                                                                                                        Log in to the management console, click your username in the upper right corner, and click My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                        
-
                                                                                                                                                                      • swr_ak: access key.
                                                                                                                                                                        Log in to the management console, click your username in the upper right corner, and click My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                        
+
                                                                                                                                                                      • project: project name.
                                                                                                                                                                        Log in to the management console, hover over your username in the upper right corner, and choose My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                        
+
                                                                                                                                                                      • swr_ak: access key.
                                                                                                                                                                        Log in to the management console, hover over your username in the upper right corner, and choose My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                        
 
                                                                                                                                                                      • swr_sk: secret key for logging in to SWR.
                                                                                                                                                                        Run the following command to obtain the key pair. Replace $AK and $SK with the AK and SK obtained in the preceding steps.
                                                                                                                                                                        
 
                                                                                                                                                                        printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'
                                                                                                                                                                        
 
                                                                                                                                                                        The command output displays the login key pair.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Creating a Pipeline
                                                                                                                                                                      Log in to Gitlab and add the .gitlab-ci.yml file to Repository.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      The content is as follows:
                                                                                                                                                                      
 
                                                                                                                                                                      # Define pipeline stages, including package, build, and deploy.
 stages:
   - package  
   - build
   - deploy
-# If no image is specified in each stage, the default image docker:latest is used.
+# If no image is specified in each stage, the default image docker:latest is used.
 image: docker:latest
 # In the package stage, only printing is performed.
 package:
@@ -95,16 +95,16 @@ deploy:
     # Deploy an application.
     - kubectl apply -f k8s.yaml
                                                                                                                                                                      
 
                                                                                                                                                                      After the .gitlab-ci.yml file is saved, the pipeline is started immediately. You can view the pipeline execution status in GitLab.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Verifying Deployment
                                                                                                                                                                      After the pipeline is deployed, locate the nginx-test Service on the CCE console, query its access address, and run the curl command to access the Service.
                                                                                                                                                                      
 
                                                                                                                                                                      # curl xxx.xxx.xxx.xxx:31111
 Hello Gitlab!
                                                                                                                                                                      
 
                                                                                                                                                                      If the preceding information is displayed, the deployment is correct.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Common Issues
                                                                                                                                                                      • If the following problem occurs during the deployment:
                                                                                                                                                                        
+
                                                                                                                                                                        Common Issues
                                                                                                                                                                        • If the following problem occurs during the deployment:
                                                                                                                                                                          
 
                                                                                                                                                                          Or
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          Check whether the following commands are missing in the .gitlab-ci.yml file. If yes, add them to the .gitlab-ci.yml file.
                                                                                                                                                                          
 
                                                                                                                                                                          ...
 deploy:
@@ -120,9 +120,9 @@ deploy:
     - echo $kube_config |base64 -d > $KUBECONFIG
     # Replace the image in the k8s.yaml file.
 ...
                                                                                                                                                                          
-
                                                                                                                                                                        • If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                          
+
                                                                                                                                                                        • If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                          
 
                                                                                                                                                                          The privileged: true parameter fails to be transferred during GitLab Runner installation. As a result, you do not have the permission to run the docker command. To resolve this issue, find GitLab Runner in the workload list on the CCE console, add the environment variable KUBERNETES_PRIVILEGED, and set its value to true.
                                                                                                                                                                          
-
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0325.html b/docs/cce/umn/cce_bestpractice_0325.html
index 1439446a..ca38792b 100644
--- a/docs/cce/umn/cce_bestpractice_0325.html
+++ b/docs/cce/umn/cce_bestpractice_0325.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                      Configuring Core Dumps
                                                                                                                                                                      
+
                                                                                                                                                                      Locating Container Faults Using the Core Dump File
                                                                                                                                                                      
 
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      Linux allows you to create a core dump file if an application crashes, which contains the data the application had in memory at the time of the crash. You can analyze the file to locate the fault.
                                                                                                                                                                      
 
                                                                                                                                                                      Generally, when a service application crashes, its container exits and is reclaimed and destroyed. Therefore, container core files need to be permanently stored on the host or cloud storage. This topic describes how to configure container core dumps.
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0346.html b/docs/cce/umn/cce_bestpractice_0346.html
new file mode 100644
index 00000000..8e72dc89
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0346.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                      Overview
                                                                                                                                                                      
+
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      DNS is one of the important basic services in Kubernetes. When the container DNS policy is not properly configured and the cluster scale is large, DNS resolution may time out or fail. In extreme cases, a large number of services in the cluster may fail to be resolved. This section describes the best practices of CoreDNS configuration optimization in Kubernetes clusters to help you avoid such problems.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Solution
                                                                                                                                                                      CoreDNS configuration optimization includes clients and servers.
                                                                                                                                                                      
+
                                                                                                                                                                      On the client, you can optimize domain name resolution requests to reduce resolution latency, and use proper container images and NodeLocal DNSCache to reduce resolution exceptions.
                                                                                                                                                                      
+
+
                                                                                                                                                                      On the server, you can adjust the CoreDNS deployment status or CoreDNS configuration to improve the availability and throughput of CoreDNS in the cluster.
                                                                                                                                                                      
+
+
+
                                                                                                                                                                      For more information about CoreDNS configurations, see https://coredns.io/.
                                                                                                                                                                      
+
                                                                                                                                                                      CoreDNS open source community: https://github.com/coredns/coredns
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • A CCE cluster has been created.
                                                                                                                                                                      • You can access the cluster using kubectl.
                                                                                                                                                                      • The CoreDNS add-on is installed in the cluster. The latest version of CoreDNS is recommended.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
diff --git a/docs/cce/umn/cce_bestpractice_0347.html b/docs/cce/umn/cce_bestpractice_0347.html
new file mode 100644
index 00000000..5d1ce831
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0347.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                      Client
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
diff --git a/docs/cce/umn/cce_bestpractice_0348.html b/docs/cce/umn/cce_bestpractice_0348.html
new file mode 100644
index 00000000..81789859
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0348.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                                      Optimizing Domain Name Resolution Requests
                                                                                                                                                                      
+
                                                                                                                                                                      DNS resolution is frequently used in Kubernetes clusters. Based on the characteristics of DNS resolution in Kubernetes, you can optimize domain name resolution requests in the following ways.
                                                                                                                                                                      
+
                                                                                                                                                                      Using a Connection Pool
                                                                                                                                                                      When a containerized application needs to frequently request another service, you are advised to use a connection pool. The connection pool can cache the link information of the upstream service to avoid the overhead of DNS resolution and TCP link reestablishment for each access.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Optimizing the resolve.conf File in the Container
                                                                                                                                                                      The ndots and search parameters in the resolve.conf file determine the domain name resolution efficiency. For details about the two parameters, see DNS Configuration.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Optimizing the Domain Name Configuration
                                                                                                                                                                      When a container needs to access a domain name, configure the domain name based on the following rules to improve the domain name resolution efficiency.
                                                                                                                                                                      1. When a pod accesses a Service in the same namespace, use <service-name>, which indicates the Service name.
                                                                                                                                                                      2. When a pod accesses a Service across namespaces, use <service-name>.<namespace-name>. namespace-name indicates the namespace where the Service is located.
                                                                                                                                                                      3. When a pod accesses an external domain name of a cluster, it uses the FQDN domain name. This type of domain name is specified by adding a period (.) at the end of a common domain name to avoid multiple invalid search attempts caused by search domain combination.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Client
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0349.html b/docs/cce/umn/cce_bestpractice_0349.html
new file mode 100644
index 00000000..8410b85c
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0349.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                      Selecting a Proper Image
                                                                                                                                                                      
+
                                                                                                                                                                      The musl libc library of the Alpine container image differs from the standard glibc library in the following aspects:
                                                                                                                                                                      
+
                                                                                                                                                                      • Alpine 3.3 and earlier versions do not support the search parameter. As a result, search domains cannot be specified for discovering Services.
                                                                                                                                                                      • Multiple DNS servers configured in /etc/resolve.conf are concurrently requested. As a result, NodeLocal DNSCache cannot improve the DNS performance.
                                                                                                                                                                      • When the same Socket is used to request A and AAAA records concurrently, the Conntrack source port conflict is triggered in the kernel of an earlier version. As a result, packet loss occurs.
                                                                                                                                                                      • If the domain name cannot be resolved when Alpine is used as the base container image, update the base container image for testing.
                                                                                                                                                                      
+
                                                                                                                                                                      For details about the functional differences from glibc, see Functional differences from glibc.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Client
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0350.html b/docs/cce/umn/cce_bestpractice_0350.html
new file mode 100644
index 00000000..718ac4ff
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0350.html
@@ -0,0 +1,11 @@
+
+
+
                                                                                                                                                                      Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
                                                                                                                                                                      
+
                                                                                                                                                                      When the kube-proxy uses IPVS load balancing, you may encounter DNS resolution timeout occasionally during CoreDNS scale-in or restart. This problem is caused by a Linux kernel defect. For details, see https://github.com/torvalds/linux/commit/35dfb013149f74c2be1ff9c78f14e6a3cd1539d1.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Client
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0352.html b/docs/cce/umn/cce_bestpractice_0352.html
new file mode 100644
index 00000000..891f34cb
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0352.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                      Upgrading the CoreDNS in the Cluster Timely
                                                                                                                                                                      
+
                                                                                                                                                                      CoreDNS provides simple functions and is compatible with different Kubernetes versions. CCE periodically synchronizes bugs from the community and upgrades the coredns add-on. You are advised to periodically upgrade the CoreDNS. The CCE add-on management center supports the CoreDNS installation and upgrade. You can define the CoreDNS version in the cluster. If the version can be upgraded, upgrade the CoreDNS component in the cluster as soon as possible.
                                                                                                                                                                      
+
                                                                                                                                                                      You can upgrade CoreDNS in a cluster by performing the following procedure:
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console, select a cluster, and click Add-ons in the navigation pane.
                                                                                                                                                                      2. In the Add-on Installed, locate the coredns add-on and click Upgrade.
                                                                                                                                                                      3. Set parameters.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Client
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0353.html b/docs/cce/umn/cce_bestpractice_0353.html
new file mode 100644
index 00000000..cdd1e7e3
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0353.html
@@ -0,0 +1,12 @@
+
+
+
                                                                                                                                                                      Adjusting the DNS Configuration of the VPC and VM
                                                                                                                                                                      
+
                                                                                                                                                                      When the coredns add-on is started, it obtains the DNS configuration in the resolve.conf file from the deployed instance by default and uses the configuration as the upstream resolution server address. Before the coredns add-on is restarted, the resolve.conf configuration on the node is not reloaded. Suggestions:
                                                                                                                                                                      
+
                                                                                                                                                                      • Ensure that the resolve.conf configuration of each node in the cluster is the same. In this way, the coredns add-on can schedule requests to any node in the cluster.
                                                                                                                                                                      • When modifying the resolve.conf file, if the node has a coredns add-on, restart the coredns add-on timely to ensure status consistency.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Client
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0354.html b/docs/cce/umn/cce_bestpractice_0354.html
new file mode 100644
index 00000000..bc2af76a
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0354.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                                      Server
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
diff --git a/docs/cce/umn/cce_bestpractice_0355.html b/docs/cce/umn/cce_bestpractice_0355.html
new file mode 100644
index 00000000..8a8351df
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0355.html
@@ -0,0 +1,11 @@
+
+
+
                                                                                                                                                                      Monitoring the coredns Add-on
                                                                                                                                                                      
+
                                                                                                                                                                      • CoreDNS exposes health metrics such as resolution results through the standard Prometheus API to detect exceptions on the CoreDNS server or even upstream DNS server.
                                                                                                                                                                      • Port for obtaining coredns metrics. The default zone listening IP address is {$POD_IP}:9153. Retain the default value. Otherwise, Prometheus cannot collect the metrics.
                                                                                                                                                                      • If you use on-premises Prometheus to monitor Kubernetes clusters, you can observe related metrics on Prometheus and configure alarms for the key metrics. For details, see prometheus.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Server
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0356.html b/docs/cce/umn/cce_bestpractice_0356.html
new file mode 100644
index 00000000..ca37a977
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0356.html
@@ -0,0 +1,31 @@
+
+
+
                                                                                                                                                                      Adjusting the CoreDNS Deployment Status
                                                                                                                                                                      
+
                                                                                                                                                                      In CCE clusters, the CoreDNS add-on is installed by default, and it can run on the same cluster nodes as your service containers. You need to pay attention to the following points when deploying CoreDNS:
                                                                                                                                                                      
+
+
                                                                                                                                                                      Properly Changing the Number of CoreDNS Replicas
                                                                                                                                                                      You are advised to set the number of CoreDNS replicas to at least 2 in any case and keep the number of replicas within a proper range to support the resolution of the entire cluster. The default number of pods for installing the add-on in a CCE cluster is 2.
                                                                                                                                                                      
+
                                                                                                                                                                      • Modifying the number of CoreDNS replicas, CPUs, and memory size will change CoreDNS' parsing capability. Therefore, evaluate the impact before the operation.
                                                                                                                                                                      • By default, podAntiAffinity (pod anti-affinity) is configured for the add-on. If a node already has a CoreDNS pod, no new pod can be added. That is, only one CoreDNS pod can run on a node. If there are more configured CoreDNS replicas than cluster nodes, the excess pods cannot be scheduled. Therefore, keep the number of replicas less than or equal to the number of nodes.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Properly Deploying the CoreDNS Pods
                                                                                                                                                                      • By default, podAntiAffinity (pod anti-affinity) is configured for CoreDNS, so CoreDNS pods are forcibly deployed on different nodes in a cluster. It is recommended that you deploy CoreDNS pods on nodes in different AZs to prevent the add-on from being interrupted by faults in a single AZ.
                                                                                                                                                                      • The CPU and memory of the cluster node where the coredns add-on runs must not be used up. Otherwise, the QPS and response of domain name resolution will be affected. It is recommended that you use the custom parameters to deploy CoreDNS separately.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Deploying CoreDNS Separately Using Custom Parameters
                                                                                                                                                                      It is recommended that CoreDNS be deployed separately from resource-intensive workloads to prevent CoreDNS performance deterioration or unavailability due to service fluctuation. You can customize parameters to deploy CoreDNS on a dedicated node.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      There should be more nodes than CoreDNS pods. You need to avoid deploying multiple CoreDNS pods on a single node.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes.
                                                                                                                                                                      2. Click the Nodes tab, select the node dedicated for CoreDNS, and click Labels and Taints above the node list.
                                                                                                                                                                        Add the following labels:
                                                                                                                                                                        
+
                                                                                                                                                                        • Key: node-role.kubernetes.io/coredns
                                                                                                                                                                        • Value: true
                                                                                                                                                                        
+
                                                                                                                                                                        Add the following taints:
                                                                                                                                                                        
+
                                                                                                                                                                        • Key: node-role.kubernetes.io/coredns
                                                                                                                                                                        • Value: true
                                                                                                                                                                        • Effect: NoSchedule
                                                                                                                                                                        
+
                                                                                                                                                                      3. In the navigation pane, choose Add-ons, locate CoreDNS, and click Edit.
                                                                                                                                                                      4. Select Custom Policies for Node Affinity and add the preceding node label.
                                                                                                                                                                        Add tolerations for the preceding taint.
                                                                                                                                                                        
+
                                                                                                                                                                      5. Click OK.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Automatically Expanding the CoreDNS Capacity Based on the HPA
                                                                                                                                                                      HPA frequently scales down the number of the coredns add-on replicas. Therefore, you are advised not to use HPA. If HPA is required, you can configure HPA auto scaling policies using the CCE Advanced HPA add-on. The process is as follows:
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the name of the target cluster to access the cluster console. In the navigation pane, choose Add-ons, locate the CCE Advanced HPA add-on on the right, and click Install.
                                                                                                                                                                      2. Configure the add-on parameters and click Install.
                                                                                                                                                                      3. In the navigation pane, choose Workloads, select the kube-system namespace, locate the row containing the CoreDNS pod, and click Auto Scaling in the Operation column.
                                                                                                                                                                        In the HPA Policies area, you can customize HPA policies based on metrics such as CPU usage and memory usage to automatically scale out the CoreDNS pods.
                                                                                                                                                                        
+
                                                                                                                                                                      4. Click Create. If the latest status is Started, the policy has taken effect.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Server
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_0357.html b/docs/cce/umn/cce_bestpractice_0357.html
new file mode 100644
index 00000000..adc3fa80
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0357.html
@@ -0,0 +1,137 @@
+
+
+
                                                                                                                                                                      Configuring CoreDNS
                                                                                                                                                                      
+
                                                                                                                                                                      On the console, the CoreDNS add-on can only be configured with the preset specifications, which can satisfy most of the service requirements. In some scenarios where there are requirements on the CoreDNS resource usage, you may need to customize the add-on specifications.
                                                                                                                                                                      
+
                                                                                                                                                                      CoreDNS official document: https://coredns.io/plugins/
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring CoreDNS Specifications
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS. The add-on details page is displayed.
                                                                                                                                                                      3. In the Specifications area, configure coredns specifications.
                                                                                                                                                                      4. Change the number of pods, CPU quotas, and memory quotas as needed to adjust the domain name resolution QPS provided by CoreDNS.
                                                                                                                                                                        
+
                                                                                                                                                                      5. Click OK.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Properly Configuring the Stub Domain for DNS
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                      3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local -- 10.150.0.1.
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                                                        The corresponding Corefile content is as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        .:5353 {
+    bind {$POD_IP}
+    cache 30 {
+        servfail 5s
+    }
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
+    }
+    reload
+    ready {$POD_IP}:8081
+}
+consul.local:5353 {
+    bind {$POD_IP}
+    errors
+    cache 30
+    forward . 10.150.0.1
+}
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Properly Configuring the Host
                                                                                                                                                                      To specify hosts for a specific domain name, you can use the hosts add-on. An example is as follows:
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                      3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                                                        {
+  "configBlock": "192.168.1.1 www.example.com\nfallthrough",
+  "name": "hosts"
+}
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next CoreDNS plug-in. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about how to configure the hosts file, visit https://coredns.io/plugins/hosts/.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                                                        The corresponding Corefile content is as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        .:5353 {
+    bind {$POD_IP}
+    hosts {
+      192.168.1.1 www.example.com
+      fallthrough
+    }
+    cache 30
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
+    }
+    reload
+    ready {$POD_IP}:8081
+}
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Configuring IPv6 Resolution Properly
                                                                                                                                                                      If the IPv6 kernel module is not disabled on the Kubernetes cluster host machine, the container initiates IPv4 and IPv6 resolution at the same time by default when requesting the coredns add-on. Generally, only IPv4 addresses are used. Therefore, if you only configure DOMAIN in IPv4 address, the coredns add-on forwards the request to the upstream DNS server for resolution because the local configuration cannot be found. As a result, the DNS resolution request of the container slows down.
                                                                                                                                                                      
+
                                                                                                                                                                      CoreDNS provides the template plug-in. After being configured, CoreDNS can immediately return an empty response to all IPv6 requests to prevent the requests from being forwarded to the upstream DNS.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                                                      3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                                                        • AAAA indicates an IPv6 resolution request. If NXDOMAIN is returned in the rcode control response, meaning that no resolution result is returned.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the template plug-in, visit https://github.com/coredns/coredns/tree/master/plugin/template.
                                                                                                                                                                        
+
                                                                                                                                                                        {
+  "configBlock": "rcode NXDOMAIN",
+  "name": "template",
+  "parameters": "ANY AAAA"
+}
                                                                                                                                                                        
+
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      5. In the navigation pane, choose ConfigMaps and Secrets. In the kube-system namespace, view the coredns configuration data to check whether the update is successful.
                                                                                                                                                                        Corresponding Corefile content:
                                                                                                                                                                        
+
                                                                                                                                                                        .:5353 {
+    bind {$POD_IP}
+    cache 30
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
+    }
+    reload
+    template ANY AAAA {
+        rcode NXDOMAIN
+    }
+    ready {$POD_IP}:8081
+}
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Properly Configuring Cache Policies
                                                                                                                                                                      If you configure CoreDNS with an upstream DNS server, you can implement a cache policy that enables CoreDNS to use the expired local cache when it is unable to access the upstream DNS server.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                                                      3. In the window that slides out from the right, in the Parameters area, modify the cache content in the plugins field for Advance Config. For details about how to configure the cache, see https://coredns.io/plugins/cache/.
                                                                                                                                                                        {
+    "configBlock": "servfail 5s\nserve_stale 60s immediate",
+    "name": "cache",
+    "parameters": 30
+}
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      5. In the navigation pane, choose ConfigMaps and Secrets. Select the kube-system namespace, view the data of the ConfigMap named coredns to check whether the update is successful.
                                                                                                                                                                        Corresponding Corefile content:
                                                                                                                                                                        
+
                                                                                                                                                                        .:5353 {
+    bind {$POD_IP}
+    cache 30 {
+        servfail 5s
+        serve_stale 60s immediate
+    }
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
+    }
+    reload
+    ready {$POD_IP}:8081
+}
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Server
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_10001.html b/docs/cce/umn/cce_bestpractice_10001.html
index ff97bde2..08ca2783 100644
--- a/docs/cce/umn/cce_bestpractice_10001.html
+++ b/docs/cce/umn/cce_bestpractice_10001.html
@@ -6,10 +6,10 @@
 
                                                                                                                                                                      Solution
                                                                                                                                                                      Several release policies are developed for service upgrade: grayscale release, blue-green deployment, A/B testing, rolling upgrade, and batch suspension of release. Traffic loss or service unavailability caused by releases can be avoided as much as possible.
                                                                                                                                                                      
 
                                                                                                                                                                      This document describes the principles and practices of grayscale release and blue-green deployment.
                                                                                                                                                                      
 
                                                                                                                                                                      • Grayscale release, also called canary release, is a smooth iteration mode for version upgrade. During the upgrade, some users use the new version, while other users continue to use the old version. After the new version is stable and ready, it gradually takes over all the live traffic. In this way, service risks brought by the release of the new version can be minimized, the impact of faults can be reduced, and quick rollback is supported.
                                                                                                                                                                        The following figure shows the general process of grayscale release. First, divide 20% of all service traffic to the new version. If the service version runs normally, gradually increase the traffic proportion and continue to test the performance of the new version. If the new version is stable, switch all traffic to it and bring the old version offline.
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                        If an exception occurs in the new version when 20% of the traffic goes to the new version, you can quickly switch back to the old version.
                                                                                                                                                                        
-
                                                                                                                                                                        
-
                                                                                                                                                                      • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10002.html b/docs/cce/umn/cce_bestpractice_10002.html
index cd358cf9..c1402145 100644
--- a/docs/cce/umn/cce_bestpractice_10002.html
+++ b/docs/cce/umn/cce_bestpractice_10002.html
@@ -3,12 +3,12 @@
 
                                                                                                                                                                      Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
                                                                                                                                                                      
 
                                                                                                                                                                      To implement grayscale release for a CCE cluster, deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These solutions are difficult to implement. If your grayscale release requirements are simple and you do not want to introduce too many plug-ins or complex configurations, you can refer to this section to implement simple grayscale release and blue-green deployment based on native Kubernetes features.
                                                                                                                                                                      
 
                                                                                                                                                                      Principles
                                                                                                                                                                      Users usually use Kubernetes objects such as Deployments and StatefulSets to deploy services. Each workload manages a group of pods. The following figure uses Deployment as an example.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      Generally, a Service is created for each workload. The Service uses the selector to match the backend pod. Other Services or objects outside the cluster can access the pods backing the Service. If a pod needs to be exposed, set the Service type to LoadBalancer. The ELB load balancer functions as the traffic entrance.
                                                                                                                                                                      
 
                                                                                                                                                                      • Grayscale release principles
                                                                                                                                                                        Take a Deployment as an example. A Service, in most cases, will be created for each Deployment. However, Kubernetes does not require that Services and Deployments correspond to each other. A Service uses a selector to match backend pods. If pods of different Deployments are selected by the same selector, a Service corresponds to multiple versions of Deployments. You can adjust the number of replicas of Deployments of different versions to adjust the weights of services of different versions to achieve grayscale release. The following figure shows the process:
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      • Blue-green deployment principles
                                                                                                                                                                        Take a Deployment as an example. Two Deployments of different versions have been deployed in the cluster, and their pods are labeled with the same key but different values to distinguish versions. A Service uses the selector to select the pod of a Deployment of a version. In this case, you can change the value of the label that determines the version in the Service selector to change the pod backing the Service. In this way, you can directly switch the service traffic from one version to another. The following figure shows the process:
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      The Nginx image has been uploaded to SWR. The Nginx images have two versions: v1 and v2. The welcome pages are Nginx-v1 and Nginx-v2.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10006.html b/docs/cce/umn/cce_bestpractice_10006.html
new file mode 100644
index 00000000..e4a48596
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10006.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                      CoreDNS Configuration Optimization
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
+
                                                                                                                                                                      
+
                                                                                                                                                                      Parent topic: Networking
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_10008.html b/docs/cce/umn/cce_bestpractice_10008.html
index 228d6d43..6d46ca70 100644
--- a/docs/cce/umn/cce_bestpractice_10008.html
+++ b/docs/cce/umn/cce_bestpractice_10008.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_bestpractice_10009.html b/docs/cce/umn/cce_bestpractice_10009.html
index fa0a2023..36a398c6 100644
--- a/docs/cce/umn/cce_bestpractice_10009.html
+++ b/docs/cce/umn/cce_bestpractice_10009.html
@@ -1,10 +1,10 @@
 
 
-
                                                                                                                                                                      Using Prometheus for Multi-cluster Monitoring
                                                                                                                                                                      
+
                                                                                                                                                                      Monitoring Multiple Clusters Using Prometheus
                                                                                                                                                                      
 
                                                                                                                                                                      Application Scenarios
                                                                                                                                                                      Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, you can deploy a set of Prometheus.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Solution Architecture
                                                                                                                                                                      Multiple clusters are connected to the same Prometheus monitoring system, as shown in the following figure. This reduces maintenance and resource costs and facilitates monitoring information aggregation.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      • The target cluster has been created.
                                                                                                                                                                      • Prometheus has been properly connected to the target cluster.
                                                                                                                                                                      • Prometheus has been installed on a Linux host using a binary file. For details, see Installation.
                                                                                                                                                                      
 
                                                                                                                                                                      
@@ -72,13 +72,13 @@ subjects:
 
                                                                                                                                                                      
 
                                                                                                                                                                      Obtain the serviceaccount information.
                                                                                                                                                                      
 
                                                                                                                                                                      kubectl describe sa prometheus-test -n kube-system
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      kubectl describe secret prometheus-test-token-hdhkg -n kube-system
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      
 
                                                                                                                                                                      Record the token value, which is the bearer_token information to be collected.
                                                                                                                                                                      
 
                                                                                                                                                                  
 
                                                                                                                                                                • Configure bearer_token information.
                                                                                                                                                                  Log in to the host where Prometheus is located, go to the Prometheus installation directory, and save the token information of the target cluster in a file.
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                • Configure a Prometheus monitoring job.
                                                                                                                                                                  The example job monitors container metrics. To monitor other metrics, you can add jobs and compile capture rules.
                                                                                                                                                                  
 
                                                                                                                                                                    - job_name: k8s_cAdvisor
     scheme: https
@@ -130,8 +130,8 @@ subjects:
       replacement: xxxx    ## (Optional) Enter the cluster information.
                                                                                                                                                                  
 
                                                                                                                                                                • Enable Prometheus.
                                                                                                                                                                  After the configuration, enable Prometheus.
                                                                                                                                                                  
 
                                                                                                                                                                  ./prometheus --config.file=prometheus.yml
                                                                                                                                                                  
-
                                                                                                                                                                • Log in to Prometheus and view the monitoring information.
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                • Log in to Prometheus and view the monitoring information.
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  • 
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_10010.html b/docs/cce/umn/cce_bestpractice_10010.html
index 323f9ead..c3868c3a 100644
--- a/docs/cce/umn/cce_bestpractice_10010.html
+++ b/docs/cce/umn/cce_bestpractice_10010.html
@@ -100,7 +100,7 @@
 
                                                                                                                                                                   
                                                                                                                                                                  Pods using HostNetwork are excluded.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Cluster-level Global Configuration
                                                                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                  2. Click  next to the target cluster and choose Manage.
                                                                                                                                                                  3. In the window that slides out from the right, click Networking Components. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                  4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                  
+
                                                                                                                                                                  Cluster-level Global Configuration
                                                                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                  2. Click  next to the target cluster and choose Manage.
                                                                                                                                                                  3. In the window that slides out from the right, click Networking Components. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                  4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Custom Settings at the Node Pool Level
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console, choose Nodes in the navigation pane, and click the Node Pools tab.
                                                                                                                                                                  3. Locate the row containing the target node pool and click Manage.
                                                                                                                                                                  4. In the window that slides out from the right, click Networking Components and enable node pool container ENI pre-binding. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                    
 
                                                                                                                                                                  5. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_10012.html b/docs/cce/umn/cce_bestpractice_10012.html
index bb58d7b3..278d0632 100644
--- a/docs/cce/umn/cce_bestpractice_10012.html
+++ b/docs/cce/umn/cce_bestpractice_10012.html
@@ -46,19 +46,34 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Solution 2: Expanding the disk capacity
                                                                                                                                                                  
-
                                                                                                                                                                  1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                  2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                  3. Log in to the target node.
                                                                                                                                                                  4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                    A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                    
-
                                                                                                                                                                    • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                      # lsblk
+
                                                                                                                                                                      1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                        Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                      4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                        A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                        
+
                                                                                                                                                                        Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                        
+
                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                          # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                          
-
                                                                                                                                                                          Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                          
-
                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                          
-
                                                                                                                                                                        2. Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                          # lsblk
+
                                                                                                                                                                        3. Expand the disk capacity.
                                                                                                                                                                          Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                          
+
                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                            
+
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
+
                                                                                                                                                                            Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                            
+
                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                            
+
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
+
                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                            
+
                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                            resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                            
+
                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                            
+
                                                                                                                                                                            Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
+old_desc_blocks = 12, new_desc_blocks = 24
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                        
+
                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                          # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -71,13 +86,32 @@ vda                                   8:0    0   50G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                          
-
                                                                                                                                                                          • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                            pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                            
-
                                                                                                                                                                          • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                            pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                            
-
                                                                                                                                                                          
-
                                                                                                                                                                    
+
                                                                                                                                                                  5. Expand the disk capacity.
                                                                                                                                                                    Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                      pvresize /dev/vdb
                                                                                                                                                                      
+
                                                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                                                      
+
                                                                                                                                                                      Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                      
+
                                                                                                                                                                    2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                      lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                      
+
                                                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                                                      
+
                                                                                                                                                                      Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
+Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                      
+
                                                                                                                                                                    3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                    
+
                                                                                                                                                                    Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                      pvresize /dev/vdb
                                                                                                                                                                      
+
                                                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                                                      
+
                                                                                                                                                                      Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                      
+
                                                                                                                                                                    2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                      lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                      
+
                                                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                                                      
+
                                                                                                                                                                      Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                      
+
                                                                                                                                                                    3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                      resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                      
+
                                                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                                                      
+
                                                                                                                                                                      Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
+old_desc_blocks = 4, new_desc_blocks = 16
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_10016.html b/docs/cce/umn/cce_bestpractice_10016.html
index e54c4b3c..5778d6a5 100644
--- a/docs/cce/umn/cce_bestpractice_10016.html
+++ b/docs/cce/umn/cce_bestpractice_10016.html
@@ -1,67 +1,67 @@
 
 
-
                                                                                                                                                                  Configuring a CCE Cluster
                                                                                                                                                                  
-
                                                                                                                                                                  When you use CCE to create a Kubernetes cluster, there are multiple configuration options and terms. This sections compares the key configurations for CCE clusters and provides recommendations to help you create a cluster that better suits your needs.
                                                                                                                                                                  
+
                                                                                                                                                                  Suggestions on CCE Cluster Selection
                                                                                                                                                                  
+
                                                                                                                                                                  When you use CCE to create a Kubernetes cluster, there are multiple configuration options and terms. This section compares the key configurations for CCE clusters and provides recommendations to help you create a cluster that better suits your needs.
                                                                                                                                                                  
 
                                                                                                                                                                  Cluster Types
                                                                                                                                                                  CCE supports CCE Turbo clusters and CCE standard clusters to meet your requirements. This section describes the differences between these two types of clusters.
                                                                                                                                                                  
 
-
                                                                                                                                                                  Table 1 Resources that can be migrated
                                                                                                                                                                  Category
                                                                                                                                                                  
                                                                                                                                                                   		
 
 
 
 
                                                                                                                                                                  Table 1 Cluster types
                                                                                                                                                                  Category
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -86,11 +86,11 @@
 
-
-
-
-
@@ -120,31 +120,32 @@
 
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_bestpractice_10017.html b/docs/cce/umn/cce_bestpractice_10017.html
index e839389b..3926882f 100644
--- a/docs/cce/umn/cce_bestpractice_10017.html
+++ b/docs/cce/umn/cce_bestpractice_10017.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Recommended Configurations for Cluster HA
                                                                                                                                                                  
+
                                                                                                                                                                  Recommended Configurations for HA CCE Clusters
                                                                                                                                                                  This section describes the recommended configurations for a Kubernetes cluster in which applications can run stably and reliably.
                                                                                                                                                                  
 
 
                                                                                                                                                                  Table 1 Cluster types
                                                                                                                                                                  Category
                                                                                                                                                                  
 
                                                                                                                                                                  Subcategory
                                                                                                                                                                  
+
                                                                                                                                                                  Subcategory
                                                                                                                                                                  
 
                                                                                                                                                                  CCE Turbo Cluster
                                                                                                                                                                  
+
                                                                                                                                                                  CCE Turbo Cluster
                                                                                                                                                                  
 
                                                                                                                                                                  CCE Standard Cluster
                                                                                                                                                                  
+
                                                                                                                                                                  CCE Standard Cluster
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Cluster
                                                                                                                                                                  
+
                                                                                                                                                                  Cluster
                                                                                                                                                                  
 
                                                                                                                                                                  Positioning
                                                                                                                                                                  
+
                                                                                                                                                                  Positioning
                                                                                                                                                                  
 
                                                                                                                                                                  Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                  
+
                                                                                                                                                                  Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                  
 
                                                                                                                                                                  Standard cluster for common commercial use
                                                                                                                                                                  
+
                                                                                                                                                                  Standard cluster for common commercial use
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Node type
                                                                                                                                                                  
+
                                                                                                                                                                  Node type
                                                                                                                                                                  
 
                                                                                                                                                                  Deployment of VMs
                                                                                                                                                                  
+
                                                                                                                                                                  Deployment of VMs
                                                                                                                                                                  
 
                                                                                                                                                                  Deployment of VMs and bare-metal servers
                                                                                                                                                                  
+
                                                                                                                                                                  Deployment of VMs and bare-metal servers
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Networking
                                                                                                                                                                  
+
                                                                                                                                                                  Networking
                                                                                                                                                                  
 
                                                                                                                                                                  Model
                                                                                                                                                                  
+
                                                                                                                                                                  Model
                                                                                                                                                                  
 
                                                                                                                                                                  Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                  
-
                                                                                                                                                                  Max networking scale: 2,000 nodes
                                                                                                                                                                  
+
                                                                                                                                                                  Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                  
+
                                                                                                                                                                  Max networking scale: 2,000 nodes
                                                                                                                                                                  
 
                                                                                                                                                                  Cloud Native Network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                  
-
                                                                                                                                                                  • Tunnel network model
                                                                                                                                                                  • VPC network model
                                                                                                                                                                  
+
                                                                                                                                                                  Cloud Native Network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                  
+
                                                                                                                                                                  • Tunnel network model
                                                                                                                                                                  • VPC network model
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Performance
                                                                                                                                                                  
+
                                                                                                                                                                  Performance
                                                                                                                                                                  
 
                                                                                                                                                                  Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                  
+
                                                                                                                                                                  Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                  
 
                                                                                                                                                                  Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                  
+
                                                                                                                                                                  Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Container network isolation
                                                                                                                                                                  
+
                                                                                                                                                                  Container network isolation
                                                                                                                                                                  
 
                                                                                                                                                                  Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                  
+
                                                                                                                                                                  Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                  
 
                                                                                                                                                                  • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                  • VPC network model: supports no isolation.
                                                                                                                                                                  
+
                                                                                                                                                                  • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                  • VPC network model: supports no isolation.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Security
                                                                                                                                                                  
+
                                                                                                                                                                  Security
                                                                                                                                                                  
 
                                                                                                                                                                  Isolation
                                                                                                                                                                  
+
                                                                                                                                                                  Isolation
                                                                                                                                                                  
 
                                                                                                                                                                  • VM: runs common containers, isolated by cgroups.
                                                                                                                                                                  
+
                                                                                                                                                                  • VM: runs common containers, isolated by cgroups.
                                                                                                                                                                  
 
                                                                                                                                                                  Runs common containers, isolated by cgroups.
                                                                                                                                                                  
+
                                                                                                                                                                  Runs common containers, isolated by cgroups.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  Application scenarios
                                                                                                                                                                  
 
                                                                                                                                                                  • Common container service scenarios
                                                                                                                                                                  • Scenarios that do not have high requirements on network latency and bandwidth
                                                                                                                                                                  
+
                                                                                                                                                                  • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                                                                                                                  • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                                                                                                                  
 
                                                                                                                                                                  • Scenarios that have high requirements on network latency and bandwidth
                                                                                                                                                                  • Containers can communicate with VMs using a microservice registration framework, such as Dubbo and CSE.
                                                                                                                                                                  
+
                                                                                                                                                                  • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                                                                  • Small- and medium-scale networks: Due to the limitation on VPC routing tables, it is recommended that the number of nodes in a cluster be less than or equal to 1000.
                                                                                                                                                                  
 
                                                                                                                                                                  • Scenarios that have high requirements on network latency, bandwidth, and performance
                                                                                                                                                                  • Containers can communicate with VMs using a microservice registration framework, such as Dubbo and CSE.
                                                                                                                                                                  
+
                                                                                                                                                                  • High performance requirements: Cloud Native 2.0 networks use VPC networks to construct container networks, eliminating the need for tunnel encapsulation or NAT when containers communicate. This makes Cloud Native 2.0 networks ideal for scenarios that demand high bandwidth and low latency.
                                                                                                                                                                  • Large-scale networking: Cloud Native 2.0 networks support a maximum of 2,000 ECS nodes and 100,000 pods.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Core technology
                                                                                                                                                                  
@@ -111,7 +111,7 @@
 
                                                                                                                                                                  CCE Turbo cluster
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Network isolation
                                                                                                                                                                  
+
                                                                                                                                                                  Container network isolation
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Kubernetes native NetworkPolicy for pods
                                                                                                                                                                  
 
                                                                                                                                                                  Pods support security group isolation.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Passthrough networking
                                                                                                                                                                  
+
                                                                                                                                                                  Interconnecting pods to a load balancer
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  Interconnected through a NodePort
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  Interconnected through a NodePort
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Directly interconnected using a dedicated load balancer
                                                                                                                                                                  
+
                                                                                                                                                                  Interconnected using a shared load balancer through a NodePort
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  IP address management
                                                                                                                                                                  
+
                                                                                                                                                                  Managing container IP addresses
                                                                                                                                                                  
 
                                                                                                                                                                  • The container CIDR block is allocated separately.
                                                                                                                                                                  • CIDR blocks are divided by node and can be dynamically allocated (CIDR blocks can be dynamically added after being allocated.)
                                                                                                                                                                  
+
                                                                                                                                                                  • Separate container CIDR blocks needed
                                                                                                                                                                  • Container CIDR blocks divided by node and dynamically added after being allocated
                                                                                                                                                                  
 
                                                                                                                                                                  • The container CIDR block is allocated separately.
                                                                                                                                                                  • CIDR blocks are divided by node and statically allocated (the CIDR block cannot be changed after a node is created).
                                                                                                                                                                  
+
                                                                                                                                                                  • Separate container CIDR blocks needed
                                                                                                                                                                  • Container CIDR blocks divided by node and statically allocated (the allocated CIDR blocks cannot be changed after a node is created)
                                                                                                                                                                  
 
                                                                                                                                                                  The container CIDR block is divided from the VPC subnet and does not need to be allocated separately.
                                                                                                                                                                  
+
                                                                                                                                                                  Container CIDR blocks divided from a VPC subnet (You do not need to configure separate container CIDR blocks.)
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Network performance
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Performance loss due to VXLAN encapsulation
                                                                                                                                                                  
 
                                                                                                                                                                  No tunnel encapsulation. Cross-node packets are forwarded through VPC routers, delivering performance equivalent to that of the host network.
                                                                                                                                                                  
+
                                                                                                                                                                  No tunnel encapsulation, and cross-node traffic forwarded through VPC routers (The performance is so good that is comparable to that of the host network, but there is a loss caused by NAT.)
                                                                                                                                                                  
 
                                                                                                                                                                  The container network is integrated with the VPC network, eliminating performance loss.
                                                                                                                                                                  
+
                                                                                                                                                                  Container network integrated with VPC network, eliminating performance loss
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Networking scale
                                                                                                                                                                  
@@ -152,9 +153,10 @@
 
                                                                                                                                                                  A maximum of 2000 nodes are supported.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Suitable for small- and medium-scale networks due to the limitation on VPC routing tables. It is recommended that the number of nodes be less than or equal to 1000.
                                                                                                                                                                  
-
                                                                                                                                                                  Each time a node is added to the cluster, a route is added to the VPC routing tables. Therefore, the cluster scale is limited by the VPC routing tables. 
                                                                                                                                                                  
+
                                                                                                                                                                  Each time a node is added to the cluster, a route is added to the VPC routing tables. Evaluate the cluster scale that is limited by the VPC routing tables before creating the cluster. 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  A maximum of 2000 nodes are supported.
                                                                                                                                                                  
+
                                                                                                                                                                  In a cloud-native network 2.0 cluster, containers' IP addresses are assigned from VPC CIDR blocks, and the number of containers supported is restricted by these blocks. Evaluate the cluster's scale limitations before creating it.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
-
@@ -114,7 +114,7 @@ spec:
             weight: 100
                                                                                                                                                                  You can also use Pod Topology Spread Constraints to deploy pods in multiple AZs.
                                                                                                                                                                  
-
                                                                                                                                                                  Deploying an Add-on in Multiple AZs
                                                                                                                                                                  The Deployment pods of CCE system add-ons like CoreDNS and Everest can be deployed in multiple AZs, the same way as deploying an application. This function can satisfy different user requirements.
                                                                                                                                                                  
+
                                                                                                                                                                  Deploying the System Add-ons in Multiple AZs
                                                                                                                                                                  The Deployment pods of CCE system add-ons like CoreDNS and Everest can be deployed in multiple AZs, the same way as deploying an application. This function can satisfy different user requirements.
                                                                                                                                                                  
 
 
                                                                                                                                                                  Item
                                                                                                                                                                  
@@ -29,7 +29,7 @@
 
 
                                                                                                                                                                  If you want your applications to be always available, especially during peak hours, run them in a scalable and elastic manner and pay attention to their running statuses.
                                                                                                                                                                  
                                                                                                                                                                   		
+
 
 
                                                                                                                                                                  
 
 
 
                                                                                                                                                                  
@@ -199,7 +199,7 @@ spec:
 
                                                                                                                                                                  Configuring Auto Scaling
                                                                                                                                                                  Auto scaling can automatically adjust the number of application containers and nodes as required. Containers and nodes can be quickly scaled out or scaled in to save resources and costs.
                                                                                                                                                                  
 
                                                                                                                                                                  Typically, two types of auto scaling may occur during peak hours:
                                                                                                                                                                  
-
                                                                                                                                                                  • Workload scaling: When pods or containers are used for deploying applications, the requested and limit values of the containers are generally configured to prevent unlimited usage of resources during peak hours. However, after the upper limit is reached, an application error may occur. To resolve this issue, scale in the number of pods to share workloads.
                                                                                                                                                                  • Node scaling: After the number of pods grows, the resource usage of the node may increase to a certain extent. This results in that the added pods cannot be scheduled. To solve this problem, scale in or out nodes based on the resource usage.
                                                                                                                                                                  
+
                                                                                                                                                                  • Workload scaling: When deploying applications in pods, you can configure requested resources and resource limits for the pods to prevent unlimited usage of resources during peak hours. However, after the upper limit is reached, an application error may occur. To resolve this issue, scale in the number of pods to share workloads.
                                                                                                                                                                  • Node scaling: After the number of pods grows, the resource usage of the node may increase to a certain extent. This results in that the added pods cannot be scheduled. To solve this problem, scale in or out nodes based on the resource usage.
                                                                                                                                                                  
 
                                                                                                                                                                  For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                                                                                                                                  
 
                                                                                                                                                                  Viewing Logs, Monitoring Metrics, and Adding Alarm Rules
                                                                                                                                                                  • Logging
                                                                                                                                                                    • Application logs are generated by pods. These logs include logs generated by pods in which the service containers are running and Kubernetes system components like CoreDNS. CCE allows you to configure policies for collecting, managing, and analyzing logs periodically to prevent logs from being over-sized.
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_10020.html b/docs/cce/umn/cce_bestpractice_10020.html
index f2e8cf2d..21109abc 100644
--- a/docs/cce/umn/cce_bestpractice_10020.html
+++ b/docs/cce/umn/cce_bestpractice_10020.html
@@ -1,15 +1,15 @@
 
 
-
                                                                                                                                                                    Executing the Post-installation Command During Node Creation
                                                                                                                                                                    
-
                                                                                                                                                                    Background
                                                                                                                                                                    When creating a node, use the post-installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the post-installation scripts. 
                                                                                                                                                                    
+
                                                                                                                                                                    Executing the Pre- or Post-installation Commands During Node Creation
                                                                                                                                                                    
+
                                                                                                                                                                    Background
                                                                                                                                                                    When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts. 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Precautions
                                                                                                                                                                    • Do not use the post-installation script that takes a long time to execute.
                                                                                                                                                                      The time limit to create a node in the CCE clusters is 30 minutes. If the node is not available within 30 minutes, it will be reclaimed. Therefore, do not run the post-installation script that takes a long time.
                                                                                                                                                                      
-
                                                                                                                                                                    • Do not directly use the reboot command in the script.
                                                                                                                                                                      CCE executes the post-installation commands after installing mandatory components on the node. The node will be available only after the post-installation commands are executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not run the reboot command.
                                                                                                                                                                      
-
                                                                                                                                                                      If you need to restart the node, perform the following operations:
                                                                                                                                                                      
-
                                                                                                                                                                      • Run the shutdown -r <time > command in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                      • After the node is available, manually restart it.
                                                                                                                                                                      
+
                                                                                                                                                                      Precautions
                                                                                                                                                                      • Do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                        The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                        
+
                                                                                                                                                                      • Do not directly use reboot in the script.
                                                                                                                                                                        CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.
                                                                                                                                                                        
+
                                                                                                                                                                        If you need to restart a node, perform the following operations:
                                                                                                                                                                        
+
                                                                                                                                                                        • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                        • After the node is available, manually restart it.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Procedure
                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                      2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                      3. In the Advanced Settings area, enter the post-installation command.
                                                                                                                                                                        
+
                                                                                                                                                                        Procedure
                                                                                                                                                                        1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                        3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                          
 
                                                                                                                                                                          For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                          
 
                                                                                                                                                                          iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          The command example here is for reference only.
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_10024.html b/docs/cce/umn/cce_bestpractice_10024.html
new file mode 100644
index 00000000..b4086d12
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10024.html
@@ -0,0 +1,95 @@
+
+
+
                                                                                                                                                                          Protecting a CCE Cluster Against Overload
                                                                                                                                                                          
+
                                                                                                                                                                          As services grow, the Kubernetes cluster scales up, putting more pressure on the control plane. If the control plane cannot handle the load, clusters may fail to provide services. This document explains the symptoms, impact, and causes of cluster overload, as well as how CCE clusters can protect against overload. It also provides recommended measures for protecting against overload.
                                                                                                                                                                          
+
                                                                                                                                                                          What Is Cluster Overload?
                                                                                                                                                                          An overloaded cluster can cause delays in Kubernetes API responses and increase the resource usage on master nodes. In severe cases, the APIs may fail to respond, master nodes may become unusable, and the entire cluster may malfunction.
                                                                                                                                                                          
+
                                                                                                                                                                          When a cluster is overloaded, both the control plane and the services that rely on it are impacted. The following lists some scenarios that may be affected:
                                                                                                                                                                          
+
                                                                                                                                                                          • Kubernetes resource management: Creating, deleting, updating, or obtaining Kubernetes resources may fail.
                                                                                                                                                                          • Kubernetes distributed leader selection: In distributed applications based on Kubernetes Leases, leaders may restart due to lease renewal request timeout.
                                                                                                                                                                             
                                                                                                                                                                            For example, if the lease renewal of the controller component of the NPD add-on fails, an active/standby switchover is triggered. This means that the active instance will restart, and the standby instance will take over services, ensuring that there is no impact on services.
                                                                                                                                                                            
+
                                                                                                                                                                            
+
                                                                                                                                                                          • Cluster management: When a cluster is severely overloaded, it may become unavailable. In this case, cluster management operations, such as creating or deleting nodes, cannot be performed.
                                                                                                                                                                          
+
                                                                                                                                                                          Common causes of cluster overload are as follows:
                                                                                                                                                                          
+
                                                                                                                                                                          • The cluster resource data volume is too large.
                                                                                                                                                                            etcd and kube-apiserver are two core components of the cluster control plane. etcd serves as the background database that stores all cluster data, while kube-apiserver acts as the entry point for processing requests. kube-apiserver caches cluster data to lessen the burden on etcd, and other core components in the cluster also cache various resources and monitor changes to these resources.
                                                                                                                                                                            
+
                                                                                                                                                                            However, if the cluster resource data volume is too large, the control plane resource usage remains high, leading to overload when the resource data volume exceeds the bearing capability.
                                                                                                                                                                            
+
                                                                                                                                                                          • A large amount of data is obtained from a client. For example, a large number of LIST requests are initiated or a single LIST request is sent to obtain a large amount of data.
                                                                                                                                                                            Assume that a client uses field selectors to obtain pod data in a cluster and needs to obtain data from etcd (although the client can also get data from the kube-apiserver cache). Data in etcd cannot be obtained by field, so kube-apiserver must get all pod data from etcd, replicate, and serialize structured pod data, and then respond to the client request.
                                                                                                                                                                            
+
                                                                                                                                                                            When the client sends a LIST request, it may need to be processed by multiple control plane components, resulting in a larger amount of data to be processed and a more complex data type. As a result, when the client gets a large amount of data, resource usages on etcd and API server remain high. If the bearing capability is exceeded, the cluster becomes overloaded.
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          CCE Overload Control
                                                                                                                                                                          • Overload control: CCE clusters have supported overload control since v1.23, which reduces the number of LIST requests outside the system when the control plane experiences high resource usage pressure. To use this function, enable overload control for your clusters. For details, see Cluster Overload Control.
                                                                                                                                                                          • Optimized processes on LIST requests: Starting from CCE clusters of v1.23.8-r0 and v1.25.3-r0, processes on LIST requests have been optimized. Even if a client does not specify the resourceVersion parameter, kube-apiserver responds to requests based on its cache to avoid additional etcd queries and ensure that the response data is up to date. Additionally, namespace indexes are now added to the kube-apiserver cache. This means that when a client requests a specified resource in a specified namespace, it no longer needs to obtain resources belonging to the namespace based on full data. This effectively reduces the response delay and control plane memory overhead.
                                                                                                                                                                          • Refined traffic limiting policy on the server: The API Priority and Fairness (APF) feature is used to implement fine-grained control on concurrent requests. For details, see API Priority and Fairness.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Suggestions
                                                                                                                                                                          This section describes measures and suggestions you can take to prevent clusters from being overloaded.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Upgrading the Cluster Version
                                                                                                                                                                          As the CCE cluster version evolves, new overload protection features and optimizations are regularly introduced. It is recommended that you promptly upgrade your clusters to the latest version. For details, see Upgrading a Cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Enabling Overload Control
                                                                                                                                                                          After overload control is enabled, concurrent LIST requests outside the system will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster.
                                                                                                                                                                          
+
                                                                                                                                                                          For details, see Cluster Overload Control.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Enabling Observability
                                                                                                                                                                          Observability is crucial for maintaining the reliability and stability of clusters. By using monitoring, alarms, and logs, administrators can gain a better understanding of the clusters' performance, promptly identify any issues, and take corrective action in a timely manner.
                                                                                                                                                                          
+
                                                                                                                                                                          Monitoring configurations
                                                                                                                                                                          
+
                                                                                                                                                                          • You can check the monitoring information about master nodes on the Overview page of the CCE cluster console.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Controlling Data Volume of Resources
                                                                                                                                                                          When the resource data volume in a cluster is too large, it can negatively impact etcd performance, including data read and write latency. Additionally, if the data volume of a single type of resource is too large, the control plane consumes a significant number of resources when a client requests all the resources. To avoid these issues, it is recommended that you keep both the etcd data volume and the data volume of a single type of resources under control.
                                                                                                                                                                          
+
+
                                                                                                                                                                  Table 1 Deployment description
                                                                                                                                                                  Mode
                                                                                                                                                                  
                                                                                                                                                                   		
 
 
                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                  Table 1 Recommended maximum etcd data volume for different cluster scales
                                                                                                                                                                  Cluster Scale
                                                                                                                                                                  
+
                                                                                                                                                                  50 Nodes
                                                                                                                                                                  
+
                                                                                                                                                                  200 Nodes
                                                                                                                                                                  
+
                                                                                                                                                                  1,000 Nodes
                                                                                                                                                                  
+
                                                                                                                                                                  2,000 Nodes
                                                                                                                                                                  
+
                                                                                                                                                                  Total etcd data capacity
                                                                                                                                                                  
+
                                                                                                                                                                  500Mi
                                                                                                                                                                  
+
                                                                                                                                                                  1Gi
                                                                                                                                                                  
+
                                                                                                                                                                  4Gi
                                                                                                                                                                  
+
                                                                                                                                                                  8Gi
                                                                                                                                                                  
+
                                                                                                                                                                  etcd data volume of a single type of resources
                                                                                                                                                                  
+
                                                                                                                                                                  50Mi
                                                                                                                                                                  
+
                                                                                                                                                                  100Mi
                                                                                                                                                                  
+
                                                                                                                                                                  400Mi
                                                                                                                                                                  
+
                                                                                                                                                                  800Mi
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
+
                                                                                                                                                                  Clearing Up Unused Resources
                                                                                                                                                                  To prevent a large number of pending pods from consuming extra resources on the control plane, it is recommended that you promptly clear up Kubernetes resources that are no longer in use, such as ConfigMaps, Secrets, and PVCs.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Optimizing the Client Access Mode
                                                                                                                                                                  • To avoid frequent LIST queries, it is best to use the client cache mechanism when retrieving cluster resource data multiple times. It is recommended that you communicate with clusters using informers and listers. For details, see client-go documentation.
                                                                                                                                                                    If a LIST query must be used, you can:
                                                                                                                                                                    
+
                                                                                                                                                                    • Obtain needed data from the kube-apiserver cache first and avoid making additional queries on etcd data. For clusters earlier than v1.23.8-r0 and v1.25.3-r0, you can set resourceVersion to 0. In clusters of v1.23.8-r0, v1.25.3-r0, and later versions, CCE has improved the way data is retrieved and ensured that the cached data is up to date. By default, you can access the required data from the cache.
                                                                                                                                                                    • Accurately define the query scope to avoid retrieving irrelevant data and using unnecessary resources. For example:
                                                                                                                                                                      # client-go Code example for obtaining pods in a specified namespace
+k8sClient.CoreV1().Pods("<your-namespace>").List(metav1.ListOptions{})
+# kubectl Command example for obtaining pods in a specified namespace
+kubectl get pods -n <your-namespace>
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  • Use the more efficient Protobuf format instead of the JSON format. By default, Kubernetes returns objects serialized to JSON with content type application/json. This is the default serialization format for the API. However, clients may request the more efficient Protobuf representation of these objects for better performance. For details, see Alternate representations of resources.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Changing the Cluster Scale
                                                                                                                                                                  If the resource usage on the master nodes in a cluster remains high for a long time, for example, the memory usage is greater than 85%, it is recommended that you promptly increase the cluster management scale. This will prevent the cluster from becoming overloaded during sudden traffic surges. For details, see Changing Cluster Scale.
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  • The performance of the master nodes improves and their specifications become higher as the management scale of a cluster increases.
                                                                                                                                                                  • The CCE cluster management scale is the maximum number of nodes that a cluster can manage. It is used as a reference during service deployment planning, and the actual quantity of nodes in use may not reach the maximum number of nodes selected. The actual scale depends on various factors, including the type, quantity, and size of resource objects in the cluster, as well as the number of external accesses to the cluster control plane.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Splitting the Cluster
                                                                                                                                                                  The Kubernetes architecture has a performance bottleneck, meaning that the scale of a single cluster cannot be expanded indefinitely. If your cluster has 2,000 worker nodes, it is necessary to split the services and deploy them across multiple clusters. If you encounter any issues with splitting a cluster, submit a service ticket for technical support.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Summary
                                                                                                                                                                  When running services on Kubernetes clusters, their performance and availability are influenced by various factors, including the cluster scale, number and size of resources, and resource access. CCE has optimized cluster performance and availability based on cloud native practices and has developed measures to protect against cluster overload. You can use these measures to ensure that your services run stably and reliably over the long term.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Parent topic: Cluster
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_bestpractice_10027.html b/docs/cce/umn/cce_bestpractice_10027.html
index ee273ad2..618a3851 100644
--- a/docs/cce/umn/cce_bestpractice_10027.html
+++ b/docs/cce/umn/cce_bestpractice_10027.html
@@ -4,15 +4,30 @@
 
                                                                                                                                                                  Application Scenarios
                                                                                                                                                                  CCE offers various add-ons that enhance the cloud native capabilities of clusters. These add-ons include features like container scheduling and elasticity, cloud native observability, container networking, storage, and security. Helm charts are used to deploy these add-ons. Workload pods of the add-ons are deployed on worker nodes within the clusters.
                                                                                                                                                                  
 
                                                                                                                                                                  As add-ons have become more popular, their stability and reliability have become essential requirements. By default, CCE implements a policy for add-on deployment where worker nodes have a hard anti-affinity configuration, and AZs have a soft anti-affinity configuration. This section explains how to enhance the CCE add-on scheduling policy, allowing you to customize the deployment policy according to your requirements.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Viewing the Scheduling Policy of an Add-on
                                                                                                                                                                  An add-on typically includes Deployments and daemon processes. By default, daemon processes are deployed on all nodes, while Deployments are deployed in multi-instance mode for HA scenarios.
                                                                                                                                                                  
-
                                                                                                                                                                  Take the CoreDNS add-on as an example. Two pods are deployed for this add-on by default, and multi-AZ deployment is in the preferred mode. The scheduling policy is hard anti-affinity for nodes and soft anti-affinity for AZs. As a result, to ensure that all pods run smoothly, the cluster requires two nodes. The Deployment pods of the add-on are scheduled to nodes in different AZs. However, if the nodes in the cluster are not in multiple AZs, the add-on pods will be scheduled to different nodes in a single AZ.
                                                                                                                                                                  
+
                                                                                                                                                                  Deployment Solution
                                                                                                                                                                  An add-on typically runs as Deployments or DaemonSets. By default, DaemonSet pods are deployed on all nodes. To ensure HA of the add-on, there are multiple pods, AZ affinity policies, and specified node scheduling configured for Deployments.
                                                                                                                                                                  
+
                                                                                                                                                                  Pod-level HA solution:
                                                                                                                                                                  
+
+
                                                                                                                                                                  Node-level HA solutions:
                                                                                                                                                                  
+
                                                                                                                                                                  • Deploying the Add-on Pods on Dedicated Nodes: To prevent resource preemption between service applications and core add-ons, it is best to deploy the core add-on pods on dedicated nodes. This ensures that the add-on resources are isolated and restricted on the node level.
                                                                                                                                                                  • Deploying the Add-on in Multiple AZs: Multi-AZ deployment can effectively prevent service unavailability caused by the failure of a single AZ.
                                                                                                                                                                  
+
                                                                                                                                                                  Take the CoreDNS add-on as an example. This add-on is deployed as two pods by default in the preferred mode, and the scheduling policies are hard anti-affinity for nodes and soft anti-affinity for AZs. In this case, two nodes are needed to ensure that all add-on pods in the cluster can run properly, and Deployment pods of the add-on can be preferentially scheduled to nodes in different AZs.
                                                                                                                                                                  
+
                                                                                                                                                                  The following sections describe how to further improve the add-on SLA.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Creating Nodes in Different AZs for a Cluster
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. In the navigation pane, choose Clusters. Click the target cluster name to access its details page.
                                                                                                                                                                  3. In the navigation pane, choose Nodes, click the Nodes tab, and click Create Node in the upper right corner.
                                                                                                                                                                  4. On the page displayed, select an AZ for the node.
                                                                                                                                                                  5. Configure other mandatory parameters following instructions to complete the creation.
                                                                                                                                                                  
-
                                                                                                                                                                  To create nodes in different AZs, you can simply repeat the previous steps. Alternatively, you can create multiple node pools, associate them with different AZ flavors, and increase the number of nodes in each pool to achieve the same result.
                                                                                                                                                                  
+
                                                                                                                                                                  Increasing the Number of Pods
                                                                                                                                                                  You can adjust the number of CoreDNS pods ensure high performance and HA.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Edit.
                                                                                                                                                                  2. Increase the number of pods.
                                                                                                                                                                  3. Click OK.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Configuring the AZ Anti-affinity Scheduling Policy for the Add-on
                                                                                                                                                                  By default, the add-on scheduling policy can handle single-node faults. However, if your services require a higher SLA, you can create nodes with different AZ specifications on the node pool page. Then, set the multi-AZ deployment mode of the add-on scheduling policy to the required mode.
                                                                                                                                                                  
-
                                                                                                                                                                  This section uses the CoreDNS add-on as an example to describe how to configure the multi-AZ deployment policy for an add-on.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation tree, choose Add-ons. In the right pane, locate CoreDNS and click Edit.
                                                                                                                                                                  3. In the window that slides out from the right, set Multi AZ to Required and click Install.
                                                                                                                                                                  4. Choose Workload, click the Deployments tab, and view the CoreDNS pods. Select the kube-system namespace to view the pod distribution of the add-on.
                                                                                                                                                                  5. View that the Deployment pods of the add-on has been allocated to nodes in two AZs.
                                                                                                                                                                  
+
                                                                                                                                                                  Deploying the Add-on Pods on Dedicated Nodes
                                                                                                                                                                  You can adjust the node affinity policy of CoreDNS and make the CoreDNS pods run on dedicated nodes. This can prevent the CoreDNS resources from being preempted by service applications.
                                                                                                                                                                  
+
                                                                                                                                                                  A custom policy is used as an example.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes.
                                                                                                                                                                  2. Click the Nodes tab, select the node dedicated for CoreDNS, and click Labels and Taints above the node list.
                                                                                                                                                                    Add the following labels:
                                                                                                                                                                    
+
                                                                                                                                                                    • Key: node-role.kubernetes.io/coredns
                                                                                                                                                                    • Value: true
                                                                                                                                                                    
+
                                                                                                                                                                    Add the following taints:
                                                                                                                                                                    
+
                                                                                                                                                                    • Key: node-role.kubernetes.io/coredns
                                                                                                                                                                    • Value: true
                                                                                                                                                                    • Effect: NoSchedule
                                                                                                                                                                    
+
                                                                                                                                                                  3. In the navigation pane, choose Add-ons, locate CoreDNS, and click Edit.
                                                                                                                                                                  4. Select Custom Policies for Node Affinity and add the preceding node label.
                                                                                                                                                                    Add tolerations for the preceding taint.
                                                                                                                                                                    
+
                                                                                                                                                                  5. Click OK.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Deploying the Add-on in Multiple AZs
                                                                                                                                                                  By default, the add-on scheduling policy can handle single-node faults. However, if your services require a higher SLA, you can create nodes with different AZ specifications on the node pool page and set the multi-AZ deployment mode of the add-on to the required mode.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. Create nodes in different AZs.
                                                                                                                                                                    To create nodes in different AZs, you can simply repeat these steps. Alternatively, you can create multiple node pools, associate them with different AZ specifications, and increase the number of nodes in each pool to achieve the same result.
                                                                                                                                                                    
+
                                                                                                                                                                    1. In the navigation pane, choose Nodes, click the Nodes tab, and click Create Node in the upper right corner.
                                                                                                                                                                    2. On the page displayed, select an AZ for the node.
                                                                                                                                                                    3. Configure other mandatory parameters following instructions to complete the creation.
                                                                                                                                                                    
+
                                                                                                                                                                  3. In the navigation tree, choose Add-ons. In the right pane, locate CoreDNS and click Edit.
                                                                                                                                                                  4. In the window that slides out from the right, set Multi AZ to Required and click Install.
                                                                                                                                                                  5. Choose Workload, click the Deployments tab, and view the CoreDNS pods. Select the kube-system namespace to view the pod distribution of the add-on.
                                                                                                                                                                  6. View that the Deployment pods of the add-on has been allocated to nodes in two AZs.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_10041.html b/docs/cce/umn/cce_bestpractice_10041.html
new file mode 100644
index 00000000..f544366a
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10041.html
@@ -0,0 +1,38 @@
+
+
+
                                                                                                                                                                  Retaining the Original IP Address of a Pod
                                                                                                                                                                  
+
                                                                                                                                                                  SNAT Overview
                                                                                                                                                                  In a CCE cluster that uses a VPC network, to enable pods to communicate with external systems, the system automatically translates the source IP addresses of the pods into the IP addresses of the nodes that are running them. This allows pods to communicate with external systems using the node IP addresses. This process is known as pod IP address masquerading or Source Network Address Translation (SNAT).
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  You have a cluster that uses the VPC network and whose version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Default Non-Masqueraded CIDR Block Settings in a CCE Cluster
                                                                                                                                                                  By default, CCE uses the following well-known private CIDR blocks as non-masqueraded CIDR blocks in each cluster:
                                                                                                                                                                  
+
                                                                                                                                                                  • 10.0.0.0/8
                                                                                                                                                                  • 172.16.0.0/12
                                                                                                                                                                  • 192.168.0.0/16
                                                                                                                                                                  
+
                                                                                                                                                                  Additionally, in a CCE cluster that uses a secondary VPC CIDR block, adding or resetting a node will automatically include the secondary CIDR block in the non-masqueraded CIDR blocks.
                                                                                                                                                                  
+
                                                                                                                                                                  This means that when a pod initiates communication from these CIDR blocks with external resources, its source IP address of the data packet remains unchanged, and it will not be replaced with the IP address of the node running the pod.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Scenarios Where the Default Non-Masqueraded CIDR Blocks Does Not Fit
                                                                                                                                                                  The default non-masqueraded CIDR block settings in CCE clusters apply to typical scenarios, but in certain specific scenarios, these default settings may not be sufficient to meet user requirements. The following shows typical examples:
                                                                                                                                                                  
+
                                                                                                                                                                  • Cross-node access to pods in a cluster
                                                                                                                                                                    When a node in a Kubernetes cluster needs to access a pod on another node, the response data packet sent from the pod is automatically subject to SNAT. This changes the source IP address from the pod IP address to the IP address of the node that runs the pod. However, this automatic IP address translation can sometimes lead to communication issues, making cross-node access impossible.
                                                                                                                                                                    
+
                                                                                                                                                                    To enable a node to access pods on other nodes, you can add the CIDR block of the subnet where the node is located to the nonMasqueradeCIDRs parameter. This will skip SNAT and allow the original IP addresses of pods on these nodes to be retained.
                                                                                                                                                                    
+
                                                                                                                                                                  • Access from other resources in the same VPC as a cluster to pods in the cluster
                                                                                                                                                                    In certain scenarios, it may be necessary to access the original IP addresses of pods on different nodes in a CCE cluster directly from other resources (such as ECSs) in the same VPC as the cluster. However, with SNAT enabled by default, the source IP addresses of the data packets are replaced with the IP addresses of the nodes that run these pods when the data packets pass through the nodes. This makes it difficult for these resources to access pods directly.
                                                                                                                                                                    
+
                                                                                                                                                                    To enable direct access from resources in the same VPC as the cluster to pods, you can add the CIDR blocks of the subnets where these resources are located to the nonMasqueradeCIDRs parameter. This will skip SNAT and ensure that the source IP addresses of the data packets remain the same as the original IP addresses of pods.
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Precautions
                                                                                                                                                                  If you have set up a security group or ACL for a cloud service that only allows access from IP addresses of nodes running pods, there is no need to perform pod IP address masquerading and configure the nonMasqueradeCIDRs parameter.
                                                                                                                                                                  
+
                                                                                                                                                                  The default setting of pod IP address masquerading (SNAT) is usually sufficient. However, if you need to retain the original IP addresses of pods in specific scenarios, you can configure the nonMasqueradeCIDRs parameter.
                                                                                                                                                                  
+
                                                                                                                                                                  Before doing so, make sure you have evaluated your application scenario and understood the potential risks of improper configuration, because it may block access within clusters. If you are unsure whether to configure this parameter, it is recommended that you keep the default settings and adjust the configuration later once the requirement is clarified.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Procedure
                                                                                                                                                                  To reserve the source IP address of a pod when the pod accesses a CIDR block, you can configure nonMasqueradeCIDRs to specify the CIDR block that does not need to be masqueraded.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console and click the name of the target cluster to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                  3. Modify the parameters under Retain the non-spoofed CIDR block of the original pod IP address. Make sure the parameter configuration complies with the following rules:
                                                                                                                                                                    • Each CIDR block must comply with the CIDR format and must be a valid IPv4 CIDR block.
                                                                                                                                                                      Example of a correct CIDR block: 192.168.1.0/24
                                                                                                                                                                      
+
                                                                                                                                                                      Example of an incorrect CIDR block: 192.168.1.1/24 (incompliant with the CIDR format)
                                                                                                                                                                      
+
                                                                                                                                                                    • The CIDR blocks you configured do not overlap with each other.
                                                                                                                                                                      Example of correct CIDR blocks: 192.168.1.0/24 and 192.168.2.0/24
                                                                                                                                                                      
+
                                                                                                                                                                      Example of incorrect CIDR blocks: 192.168.1.0/24 and 192.168.1.128/25 (The two CIDR blocks overlap.)
                                                                                                                                                                      
+
                                                                                                                                                                    • The nonMasqueradeCIDRs parameter must contain all destination CIDR blocks that you want them to use the original pod IP addresses for communications.
                                                                                                                                                                    
+
                                                                                                                                                                  4. After the modification, click Confirm configuration. The setting takes effect within 1 minute.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Parent topic: Networking
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_bulletin_0000.html b/docs/cce/umn/cce_bulletin_0000.html
index 939f2ee7..c4dfea83 100644
--- a/docs/cce/umn/cce_bulletin_0000.html
+++ b/docs/cce/umn/cce_bulletin_0000.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                    
-
                                                                                                                                                                  • Kubernetes Version Support Mechanism
                                                                                                                                                                    
+
                                                                                                                                                                  • Kubernetes Version Policy
                                                                                                                                                                    
 
                                                                                                                                                                    • 
 
                                                                                                                                                                  • CCE Console Upgrade
                                                                                                                                                                    
 
                                                                                                                                                                    • 
diff --git a/docs/cce/umn/cce_bulletin_0003.html b/docs/cce/umn/cce_bulletin_0003.html
deleted file mode 100644
index c5a5802a..00000000
--- a/docs/cce/umn/cce_bulletin_0003.html
+++ /dev/null
@@ -1,29 +0,0 @@
-
-
-
                                                                                                                                                                    Kubernetes Version Support Mechanism
                                                                                                                                                                    
-
                                                                                                                                                                    This section explains versioning in CCE, and the policies for Kubernetes version support.
                                                                                                                                                                    
-
                                                                                                                                                                    Version Description
                                                                                                                                                                    Version number: The format is x.y.z, where x.y is the major version and z is the minor version. If the version number is followed by -r, the version is a patch version, for example, v1.15.6-r1.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Version Requirements
                                                                                                                                                                     
                                                                                                                                                                    Offline: After a version is brought offline, a cluster of this version cannot be created on the CCE console and no new features will be released for the clusters of this version.
                                                                                                                                                                    
-
                                                                                                                                                                    Obsolete: CCE will no longer provide support for this version, including release of new functions, community bug fixes, vulnerability management, and upgrade.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    The specific version support policies in different scenarios are as follows:
                                                                                                                                                                    
-
                                                                                                                                                                    • Cluster creation
                                                                                                                                                                      Clusters v1.28 and v1.27 can be created using the CCE console or APIs. Clusters v1.25 and v1.23 can be created using APIs. Clusters v1.21 and earlier versions are brought offline.
                                                                                                                                                                      
-
                                                                                                                                                                    • Cluster maintenance
                                                                                                                                                                      CCE maintains clusters of four major Kubernetes versions at most, such as v1.28, v1.27, v1.25 and v1.23. For example, after v1.28 is commercially available, clusters v1.21 are obsolete.
                                                                                                                                                                      
-
                                                                                                                                                                      
-
                                                                                                                                                                    • Cluster upgrade
                                                                                                                                                                      CCE allows you to upgrade clusters of three major versions at the same time. Clusters of v1.21 and later versions can be upgraded skipping one major version at most (for example, from v1.21 directly to v1.25). Each version is maintained for one year. For example, after v1.28 is available, support for earlier versions (such as v1.21) will be removed. You are advised to upgrade your Kubernetes cluster before the maintenance period ends.
                                                                                                                                                                      • Cluster version upgrade: After the latest major version (for example, v1.28) is available, CCE allows you to upgrade clusters to the last stable version of the second-latest major version, for example, v1.27. For details, see Upgrade Overview.
                                                                                                                                                                      • Cluster patch upgrade: For existing clusters running on the live network, if there are major Kubernetes issues or vulnerabilities, CCE will perform the patch upgrade on these clusters in the background. Users are unaware of the patch upgrade. If the patch upgrade has adverse impact on user services, CCE will release a notice one week in advance.
                                                                                                                                                                      
-
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Version Release Cycle
                                                                                                                                                                    Kubernetes releases a major version in about four months. CCE will provide support to mirror the new Kubernetes version in about seven months after the version release.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Version Constraints
                                                                                                                                                                    After a cluster is upgraded, it cannot be rolled back to the source version.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Product Bulletin
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_bulletin_0026.html b/docs/cce/umn/cce_bulletin_0026.html
index cc48d1b0..f1d7c1f1 100644
--- a/docs/cce/umn/cce_bulletin_0026.html
+++ b/docs/cce/umn/cce_bulletin_0026.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                                    Kubernetes 1.21 Release Notes
                                                                                                                                                                    
+
                                                                                                                                                                    Kubernetes 1.21 (EOM) Release Notes
                                                                                                                                                                    
 
                                                                                                                                                                    This section describes the updates in CCE Kubernetes 1.21.
                                                                                                                                                                    
 
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    Kubernetes 1.21 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • CronJob is now in the stable state, and the version number changes to batch/v1.
                                                                                                                                                                    • The immutable Secret and ConfigMap have now been upgraded to the stable state. A new immutable field is added to these objects to reject changes. The rejection protects clusters from accidental updates that may cause application outages. As these resources are immutable, kubelet does not monitor or poll for changes. This reduces the load of kube-apiserver and improves scalability and performance of your clusters. For more information, see Immutable ConfigMaps.
                                                                                                                                                                    • Graceful node shutdown has been upgraded to the test state. With this update, kubelet can detect that a node is shut down and gracefully terminate the pods on the node. Prior to this update, when the node was shut down, its pod did not follow the expected termination lifecycle, which caused workload problems. Now kubelet can use systemd to detect the systems that are about to be shut down and notify the running pods to terminate them gracefully.
                                                                                                                                                                    • For a pod with multiple containers, you can use kubectl.kubernetes.io/ to pre-select containers.
                                                                                                                                                                    • PodSecurityPolicy is deprecated. For details, see https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/.
                                                                                                                                                                    • The BoundServiceAccountTokenVolume feature is in beta testing, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature will be enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                    
+
                                                                                                                                                                    • CronJob is now in the stable state, and the version number changes to batch/v1.
                                                                                                                                                                    • The immutable Secret and ConfigMap have now been upgraded to the stable state. A new immutable field is added to these objects to reject changes. The rejection protects clusters from accidental updates that may cause application outages. As these resources are immutable, kubelet does not monitor or poll for changes. This reduces the load of kube-apiserver and improves scalability and performance of your clusters. For more information, see Immutable ConfigMaps.
                                                                                                                                                                    • Graceful node shutdown has been upgraded to the test state. With this update, kubelet can detect that a node is shut down and gracefully terminate the pods on the node. Prior to this update, when the node was shut down, its pod did not follow the expected termination lifecycle, which caused workload problems. Now kubelet can use systemd to detect the systems that are about to be shut down and notify the running pods to terminate them gracefully.
                                                                                                                                                                    • For a pod with multiple containers, you can use kubectl.kubernetes.io/ to pre-select containers.
                                                                                                                                                                    • PodSecurityPolicy is deprecated. For details, see https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/.
                                                                                                                                                                    • The BoundServiceAccountTokenVolume feature is in beta testing, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature is enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                    
 
                                                                                                                                                                    Kubernetes 1.20 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                    • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. Update the timeoutSeconds field for the applications that use this feature during the upgrade. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                    • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                    • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                    • Dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                    
+
                                                                                                                                                                    • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                    • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. Update the timeoutSeconds field for the applications that use this feature during the upgrade. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                    • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                    • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                    • dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.21 and other versions, see the following documents:
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_bulletin_0027.html b/docs/cce/umn/cce_bulletin_0027.html
index 0c696e3f..ca1c56d5 100644
--- a/docs/cce/umn/cce_bulletin_0027.html
+++ b/docs/cce/umn/cce_bulletin_0027.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    Kubernetes 1.23 Release Notes
                                                                                                                                                                    
 
                                                                                                                                                                    • FlexVolume is deprecated. Use CSI.
                                                                                                                                                                    • HorizontalPodAutoscaler v2 is promoted to GA, and HorizontalPodAutoscaler API v2 is gradually stable in version 1.23. The HorizontalPodAutoscaler v2beta2 API is not recommended. Use the v2 API.
                                                                                                                                                                    • PodSecurity moves to beta, replacing the deprecated PodSecurityPolicy. PodSecurity is an admission controller that enforces pod security standards on pods in the namespace based on specific namespace labels that set the enforcement level. PodSecurity is enabled by default in version 1.23.
                                                                                                                                                                    
 
                                                                                                                                                                    Kubernetes 1.22 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • Ingresses no longer support networking.k8s.io/v1beta1 and extensions/v1beta1 APIs. If you use the API of an earlier version to manage ingresses, an application cannot be exposed to external services. Use networking.k8s.io/v1.
                                                                                                                                                                    • CustomResourceDefinitions no longer support the apiextensions.k8s.io/v1beta1 API. If you use the API of an earlier version to create a CRD, the creation will fail, which affects the controller that reconciles this CRD. Use apiextensions.k8s.io/v1.
                                                                                                                                                                    • ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings no longer support the rbac.authorization.k8s.io/v1beta1 API. If you use the API of an earlier version to manage RBAC resources, application permissions control is affected and even cannot work in the cluster. Use rbac.authorization.k8s.io/v1.
                                                                                                                                                                    • The Kubernetes release cycle is changed from four releases a year to three releases a year.
                                                                                                                                                                    • StatefulSets support minReadySeconds.
                                                                                                                                                                    • During scale-in, pods are randomly selected and deleted based on the pod UID by default (LogarithmicScaleDown). This feature enhances the randomness of the pods to be deleted and alleviates the problems caused by pod topology spread constraints. For more information, see KEP-2185 and issue 96748.
                                                                                                                                                                    • The BoundServiceAccountTokenVolume feature is stable, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature is enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                      
+
                                                                                                                                                                      • Ingresses no longer support networking.k8s.io/v1beta1 and extensions/v1beta1 APIs. If you use the API of an earlier version to manage ingresses, an application cannot be exposed to external services. Use networking.k8s.io/v1.
                                                                                                                                                                      • CustomResourceDefinitions no longer support the apiextensions.k8s.io/v1beta1 API. If you use the API of an earlier version to create a CRD, the creation will fail, which affects the controller that reconciles this CRD. Use apiextensions.k8s.io/v1.
                                                                                                                                                                      • ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings no longer support the rbac.authorization.k8s.io/v1beta1 API. If you use the API of an earlier version to manage RBAC resources, application permissions control is affected and even cannot work in the cluster. Use rbac.authorization.k8s.io/v1.
                                                                                                                                                                      • The Kubernetes release cycle is changed from four releases a year to three releases a year.
                                                                                                                                                                      • StatefulSets support minReadySeconds.
                                                                                                                                                                      • During scale-in, pods are randomly selected and deleted based on the pod UID by default (LogarithmicScaleDown). This feature enhances the randomness of the pods to be deleted and alleviates the problems caused by pod topology spread constraints. For more information, see KEP-2185 and issue 96748.
                                                                                                                                                                      • The BoundServiceAccountTokenVolume feature is stable, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature is enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.23 and other versions, see the following documents:
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bulletin_0033.html b/docs/cce/umn/cce_bulletin_0033.html
new file mode 100644
index 00000000..4f9971e0
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0033.html
@@ -0,0 +1,168 @@
+
+
+
                                                                                                                                                                    Kubernetes Version Policy
                                                                                                                                                                    
+
                                                                                                                                                                    CCE provides highly scalable, high-performance, enterprise-class Kubernetes clusters. This section describes the Kubernetes version policy of CCE clusters.
                                                                                                                                                                    
+
                                                                                                                                                                    Lifecycle of CCE Cluster Versions
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Kubernetes Version
                                                                                                                                                                    
+
                                                                                                                                                                    Status
                                                                                                                                                                    
+
                                                                                                                                                                    Community Release In
                                                                                                                                                                    
+
                                                                                                                                                                    Commercial Use of CCE Clusters
                                                                                                                                                                    
+
                                                                                                                                                                    EOS of CCE Clusters
                                                                                                                                                                    
+
                                                                                                                                                                    v1.29
                                                                                                                                                                    
+
                                                                                                                                                                    In commercial usea
                                                                                                                                                                    
+
                                                                                                                                                                    November 2023
                                                                                                                                                                    
+
                                                                                                                                                                    June 2024
                                                                                                                                                                    
+
                                                                                                                                                                    June 2026
                                                                                                                                                                    
+
                                                                                                                                                                    v1.28
                                                                                                                                                                    
+
                                                                                                                                                                    In commercial usea
                                                                                                                                                                    
+
                                                                                                                                                                    August 2023
                                                                                                                                                                    
+
                                                                                                                                                                    February 2024
                                                                                                                                                                    
+
                                                                                                                                                                    February 2026
                                                                                                                                                                    
+
                                                                                                                                                                    v1.27
                                                                                                                                                                    
+
                                                                                                                                                                    In commercial useb
                                                                                                                                                                    
+
                                                                                                                                                                    April 2023
                                                                                                                                                                    
+
                                                                                                                                                                    October 2023
                                                                                                                                                                    
+
                                                                                                                                                                    October 2025
                                                                                                                                                                    
+
                                                                                                                                                                    v1.25
                                                                                                                                                                    
+
                                                                                                                                                                    In commercial useb
                                                                                                                                                                    
+
                                                                                                                                                                    August 2022
                                                                                                                                                                    
+
                                                                                                                                                                    March 2023
                                                                                                                                                                    
+
                                                                                                                                                                    March 2025
                                                                                                                                                                    
+
                                                                                                                                                                    v1.23
                                                                                                                                                                    
+
                                                                                                                                                                    In commercial useb
                                                                                                                                                                    
+
                                                                                                                                                                    December 2021
                                                                                                                                                                    
+
                                                                                                                                                                    September 2022
                                                                                                                                                                    
+
                                                                                                                                                                    September 2024
                                                                                                                                                                    
+
                                                                                                                                                                    v1.21
                                                                                                                                                                    
+
                                                                                                                                                                    End of service (EOS)
                                                                                                                                                                    
+
                                                                                                                                                                    April 2021
                                                                                                                                                                    
+
                                                                                                                                                                    April 2022
                                                                                                                                                                    
+
                                                                                                                                                                    April 2024
                                                                                                                                                                    
+
                                                                                                                                                                    v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    EOS
                                                                                                                                                                    
+
                                                                                                                                                                    August 2020
                                                                                                                                                                    
+
                                                                                                                                                                    March 2021
                                                                                                                                                                    
+
                                                                                                                                                                    September 2023
                                                                                                                                                                    
+
                                                                                                                                                                    v1.17
                                                                                                                                                                    
+
                                                                                                                                                                    EOS
                                                                                                                                                                    
+
                                                                                                                                                                    December 2019
                                                                                                                                                                    
+
                                                                                                                                                                    July 2020
                                                                                                                                                                    
+
                                                                                                                                                                    January 2023
                                                                                                                                                                    
+
                                                                                                                                                                    v1.15
                                                                                                                                                                    
+
                                                                                                                                                                    EOS
                                                                                                                                                                    
+
                                                                                                                                                                    June 2019
                                                                                                                                                                    
+
                                                                                                                                                                    December 2019
                                                                                                                                                                    
+
                                                                                                                                                                    September 2022
                                                                                                                                                                    
+
                                                                                                                                                                    v1.13
                                                                                                                                                                    
+
                                                                                                                                                                    EOS
                                                                                                                                                                    
+
                                                                                                                                                                    December 2018
                                                                                                                                                                    
+
                                                                                                                                                                    June 2019
                                                                                                                                                                    
+
                                                                                                                                                                    March 2022
                                                                                                                                                                    
+
                                                                                                                                                                    v1.11
                                                                                                                                                                    
+
                                                                                                                                                                    EOS
                                                                                                                                                                    
+
                                                                                                                                                                    August 2018
                                                                                                                                                                    
+
                                                                                                                                                                    October 2018
                                                                                                                                                                    
+
                                                                                                                                                                    March 2021
                                                                                                                                                                    
+
                                                                                                                                                                    v1.9
                                                                                                                                                                    
+
                                                                                                                                                                    EOS
                                                                                                                                                                    
+
                                                                                                                                                                    December 2017
                                                                                                                                                                    
+
                                                                                                                                                                    March 2018
                                                                                                                                                                    
+
                                                                                                                                                                    December 2020
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    The CCE console supports clusters of the latest two commercially used versions:
                                                                                                                                                                    
+
                                                                                                                                                                    • a: Clusters created using the console or APIs
                                                                                                                                                                    • b: Clusters created only using APIs
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Phases of CCE Cluster Versions
                                                                                                                                                                    • In commercial use: The cluster version has been fully verified and is stable and reliable. You can use clusters of this version in the production environment, and the CCE SLA is valid for such clusters.
                                                                                                                                                                    • EOS: After the cluster version EOS, CCE does not support the creation of new clusters or provide technical support including new feature updates, vulnerability or issue fixes, new patches, work order guidance, and online checks for the EOS cluster version. The CCE SLA is not valid for such clusters.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    CCE Cluster Versions
                                                                                                                                                                    CCE clusters are updated according to the versions available in the Kubernetes community. This means that a CCE cluster version is made up of both the Kubernetes community version number and the CCE patch version number. The CCE cluster version is in the format for vX.Y.Z-rN, such as v1.28.2-r0.
                                                                                                                                                                    
+
                                                                                                                                                                    • A Kubernetes version is in the format of X.Y, which inherits the community version policy. The major Kubernetes version is represented by X, while the minor Kubernetes version is represented by Y. For details, see the Kubernetes version policies. 
                                                                                                                                                                    • A CCE patch version is in the format of Z-rN, for example, v1.28. New patches are released on an irregular basis for Kubernetes versions that are still in the maintenance period. If a new patch version offers new features that were not present in the previous version, the Z number will increase. If a new patch version provides bug fixes, vulnerability fixes, or scenario optimization compared to the previous version, the N number will increase. 
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Product Bulletin
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_bulletin_0058.html b/docs/cce/umn/cce_bulletin_0058.html
index 81fdc723..fa8967e5 100644
--- a/docs/cce/umn/cce_bulletin_0058.html
+++ b/docs/cce/umn/cce_bulletin_0058.html
@@ -1,51 +1,51 @@
 
 
 
                                                                                                                                                                    Kubernetes 1.25 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the changes made in Kubernetes 1.25 compared with Kubernetes 1.23.
                                                                                                                                                                    
-
                                                                                                                                                                    Indexes
                                                                                                                                                                    
+
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the changes made in Kubernetes 1.25 compared with Kubernetes 1.23.
                                                                                                                                                                    
+
                                                                                                                                                                    Indexes
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    New Features
                                                                                                                                                                    Kubernetes 1.25
                                                                                                                                                                    • Pod Security Admission is stable. PodSecurityPolicy is deprecated.
                                                                                                                                                                      PodSecurityPolicy is replaced by Pod Security Admission. For details about the migration, see Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                      
-
                                                                                                                                                                    • The ephemeral container is stable.
                                                                                                                                                                      An ephemeral container is a container that runs temporarily in an existing pod. It is useful for troubleshooting, especially when kubectl exec cannot be used to check a container that breaks down or its image lacks a debugging tool.
                                                                                                                                                                      
-
                                                                                                                                                                    • Support for cgroups v2 enters the stable phase.
                                                                                                                                                                      Kubernetes supports cgroups v2. cgroups v2 provides some improvements over cgroup v1. For details, see About cgroup v2.
                                                                                                                                                                      
-
                                                                                                                                                                    • SeccompDefault moves to beta.
                                                                                                                                                                      To enable this feature, add the startup parameter --seccomp-default=true to kubelet. In this way, seccomp is set to RuntimeDefault by default, improving system security. Clusters of v1.25 no longer support seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/annotation. Replace them with the securityContext.seccompProfile field in pods or containers. For details, see Configure a Security Context for a Pod or Container.
                                                                                                                                                                       
                                                                                                                                                                      After this feature is enabled, the system calls required by the application may be restricted by the runtime. Ensure that the debugging is performed in the test environment, so that application is not affected.
                                                                                                                                                                      
+
                                                                                                                                                                      New Features
                                                                                                                                                                      Kubernetes 1.25
                                                                                                                                                                      • Pod Security Admission is stable. PodSecurityPolicy is deprecated.
                                                                                                                                                                        PodSecurityPolicy is replaced by Pod Security Admission. For details about the migration, see Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                        
+
                                                                                                                                                                      • The ephemeral container is stable.
                                                                                                                                                                        An ephemeral container is a container that runs temporarily in an existing pod. It is useful for troubleshooting, especially when kubectl exec cannot be used to check a container that breaks down or its image lacks a debugging tool.
                                                                                                                                                                        
+
                                                                                                                                                                      • Support for cgroups v2 enters the stable phase.
                                                                                                                                                                        Kubernetes supports cgroups v2. cgroups v2 provides some improvements over cgroup v1. For details, see About cgroup v2.
                                                                                                                                                                        
+
                                                                                                                                                                      • SeccompDefault moves to beta.
                                                                                                                                                                        To enable this feature, add the startup parameter --seccomp-default=true to kubelet. In this way, seccomp is set to RuntimeDefault by default, improving system security. Clusters of v1.25 no longer support seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/annotation. Replace them with the securityContext.seccompProfile field in pods or containers. For details, see Configure a Security Context for a Pod or Container.
                                                                                                                                                                         
                                                                                                                                                                        After this feature is enabled, the system calls required by the application may be restricted by the runtime. Ensure that the debugging is performed in the test environment, so that application is not affected.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                      • The EndPort in the network policy moves to stable.
                                                                                                                                                                        EndPort in Network Policy is stable. This feature is incorporated in version 1.21. EndPort is added to NetworkPolicy. You can specify a port range.
                                                                                                                                                                        
-
                                                                                                                                                                      • Local ephemeral storage capacity isolation is stable.
                                                                                                                                                                        This feature provides support for capacity isolation of local ephemeral storage between pods, such as EmptyDir. If a pod's consumption of shared resources exceeds the limit, it will be evicted.
                                                                                                                                                                        
-
                                                                                                                                                                      • The CRD verification expression language moves to beta.
                                                                                                                                                                        This makes it possible to declare how to validate custom resources using Common Expression Language (CEL). For details, see Extend the Kubernetes API with CustomResourceDefinitions.
                                                                                                                                                                        
-
                                                                                                                                                                      • KMS v2 APIs are introduced.
                                                                                                                                                                        The KMS v2 alpha1 API is introduced to add performance, rotation, and observability improvements. This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.
                                                                                                                                                                        
-
                                                                                                                                                                      • Pod network readiness is introduced.
                                                                                                                                                                        Kubernetes 1.25 introduces Alpha support for PodHasNetwork. This status is in the status field of the pod. For details, see Pod network readiness.
                                                                                                                                                                        
-
                                                                                                                                                                      • The two features used for application rollout are stable.
                                                                                                                                                                        • In Kubernetes 1.25, minReadySeconds for StatefulSets is stable. It allows each pod to wait for an expected period of time to slow down the rollout of a StatefulSet. For details, see Minimum ready seconds.
                                                                                                                                                                        • In Kubernetes 1.25, maxSurge for DaemonSets is stable. It allows a DaemonSet workload to run multiple instances of the same pod on one node during a rollout. This minimizes DaemonSet downtime for users. DaemonSet does not allow maxSurge and hostPort to be used at the same time because two active pods cannot share the same port on the same node. For details, see Perform a Rolling Update on a DaemonSet.
                                                                                                                                                                        
-
                                                                                                                                                                      • Alpha support for running pods with user namespaces is provided.
                                                                                                                                                                        This feature maps the root user in a pod to a non-zero ID outside the container. In this way, the container runs as the root user and the node runs as a regular unprivileged user. This feature is still in the internal test phase. The UserNamespacesStatelessPodsSupport gate needs to be enabled, and the container runtime must support this function. For details, see Kubernetes 1.25: alpha support for running Pods with user namespaces.
                                                                                                                                                                        
+
                                                                                                                                                                      • The EndPort in the network policy moves to stable.
                                                                                                                                                                        EndPort in Network Policy is stable. This feature is incorporated in version 1.21. EndPort is added to NetworkPolicy. You can specify a port range.
                                                                                                                                                                        
+
                                                                                                                                                                      • Local ephemeral storage capacity isolation is stable.
                                                                                                                                                                        This feature provides support for capacity isolation of local ephemeral storage between pods, such as EmptyDir. If a pod's consumption of shared resources exceeds the limit, it will be evicted.
                                                                                                                                                                        
+
                                                                                                                                                                      • The CRD verification expression language moves to beta.
                                                                                                                                                                        This makes it possible to declare how to validate custom resources using Common Expression Language (CEL). For details, see Extend the Kubernetes API with CustomResourceDefinitions.
                                                                                                                                                                        
+
                                                                                                                                                                      • KMS v2 APIs are introduced.
                                                                                                                                                                        The KMS v2 alpha1 API is introduced to add performance, rotation, and observability improvements. This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.
                                                                                                                                                                        
+
                                                                                                                                                                      • Pod network readiness is introduced.
                                                                                                                                                                        Kubernetes 1.25 introduces Alpha support for PodHasNetwork. This status is in the status field of the pod. For details, see Pod network readiness.
                                                                                                                                                                        
+
                                                                                                                                                                      • The two features used for application rollout are stable.
                                                                                                                                                                        • In Kubernetes 1.25, minReadySeconds for StatefulSets is stable. It allows each pod to wait for an expected period of time to slow down the rollout of a StatefulSet. For details, see Minimum ready seconds.
                                                                                                                                                                        • In Kubernetes 1.25, maxSurge for DaemonSets is stable. It allows a DaemonSet workload to run multiple instances of the same pod on one node during a rollout. This minimizes DaemonSet downtime for users. DaemonSet does not allow maxSurge and hostPort to be used at the same time because two active pods cannot share the same port on the same node. For details, see Perform a Rolling Update on a DaemonSet.
                                                                                                                                                                        
+
                                                                                                                                                                      • Alpha support for running pods with user namespaces is provided.
                                                                                                                                                                        This feature maps the root user in a pod to a non-zero ID outside the container. In this way, the container runs as the root user and the node runs as a regular unprivileged user. This feature is still in the internal test phase. The UserNamespacesStatelessPodsSupport gate needs to be enabled, and the container runtime must support this function. For details, see Kubernetes 1.25: alpha support for running Pods with user namespaces.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Kubernetes 1.24
                                                                                                                                                                      • Dockershim is removed from kubelet.
                                                                                                                                                                        Dockershim was marked deprecated in Kubernetes 1.20 and officially removed from kubelet in Kubernetes 1.24. If you want to use Docker container, switch to cri-dockerd or other runtimes that support CRI, such as containerd and CRI-O.
                                                                                                                                                                        
-
                                                                                                                                                                         
                                                                                                                                                                        Check whether there are agents or applications that depend on Docker Engine. For example, if docker ps, docker run, and docker inspect are used, ensure that multiple runtimes are compatible and switch to the standard CRI.
                                                                                                                                                                        
+
                                                                                                                                                                        Kubernetes 1.24
                                                                                                                                                                        • Dockershim is removed from kubelet.
                                                                                                                                                                          Dockershim was marked deprecated in Kubernetes 1.20 and officially removed from kubelet in Kubernetes 1.24. If you want to use Docker container, switch to cri-dockerd or other runtimes that support CRI, such as containerd and CRI-O.
                                                                                                                                                                          
+
                                                                                                                                                                           
                                                                                                                                                                          Check whether there are agents or applications that depend on Docker Engine. For example, if docker ps, docker run, and docker inspect are used, ensure that multiple runtimes are compatible and switch to the standard CRI.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        • Beta APIs are disabled by default.
                                                                                                                                                                          The Kubernetes community found 90% cluster administrators did not care about the beta APIs and left them enabled. However, the beta features are not recommended because these APIs enabled in the production environment by default incur risks. Therefore, in 1.24 and later versions, beta APIs are disabled by default, but the existing beta APIs will retain the original settings.
                                                                                                                                                                          
-
                                                                                                                                                                        • OpenAPI v3 is supported.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, OpenAPI V3 is enabled by default.
                                                                                                                                                                          
-
                                                                                                                                                                        • Storage capacity tracking is stable.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, the CSIStorageCapacity API supports exposing the available storage capacity. This ensures that pods are scheduled to nodes with sufficient storage capacity, which reduces pod scheduling delay caused by volume creation and mounting failures. For details, see Storage Capacity.
                                                                                                                                                                          
-
                                                                                                                                                                        • gRPC container probe moves to beta.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, the gRPC probe goes to beta. The feature gate GRPCContainerProbe is available by default. For details about how to use this probe, see Configure Probes.
                                                                                                                                                                          
-
                                                                                                                                                                        • LegacyServiceAccountTokenNoAutoGeneration is enabled by default.
                                                                                                                                                                          LegacyServiceAccountTokenNoAutoGeneration moves to beta. By default, this feature is enabled, where no secret token is automatically generated for a service account. To use a token that never expires, create a secret to hold the token. For details, see Service account token Secrets.
                                                                                                                                                                          
-
                                                                                                                                                                        • IP address conflict is prevented.
                                                                                                                                                                          In Kubernetes 1.24, an IP address pool is soft reserved for the static IP addresses of Services. After you manually enable this function, Service IP addresses will be automatically from the IP address pool to minimize IP address conflict.
                                                                                                                                                                          
-
                                                                                                                                                                        • Clusters are compiled based on Go 1.18.
                                                                                                                                                                          Kubernetes clusters of versions later than 1.24 are compiled based on Go 1.18. By default, the SHA-1 hash algorithm, such as SHA1WithRSA and ECDSAWithSHA1, is no longer supported for certificate signature verification. Use the certificate generated by the SHA256 algorithm instead.
                                                                                                                                                                          
-
                                                                                                                                                                        • The maximum number of unavailable StatefulSet replicas is configurable.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, the maxUnavailable parameter can be configured for StatefulSets so that pods can be stopped more quickly during a rolling update.
                                                                                                                                                                          
-
                                                                                                                                                                        • Alpha support for non-graceful node shutdown is introduced.
                                                                                                                                                                          The non-graceful node shutdown is introduced as alpha in Kubernetes v1.24. A node shutdown is considered graceful only if kubelet's node shutdown manager can detect the upcoming node shutdown action. For details, see Non-graceful node shutdown handling.
                                                                                                                                                                          
+
                                                                                                                                                                        • Beta APIs are disabled by default.
                                                                                                                                                                          The Kubernetes community found 90% cluster administrators did not care about the beta APIs and left them enabled. However, the beta features are not recommended because these APIs enabled in the production environment by default incur risks. Therefore, in 1.24 and later versions, beta APIs are disabled by default, but the existing beta APIs will retain the original settings.
                                                                                                                                                                          
+
                                                                                                                                                                        • OpenAPI v3 is supported.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, OpenAPI V3 is enabled by default.
                                                                                                                                                                          
+
                                                                                                                                                                        • Storage capacity tracking is stable.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, the CSIStorageCapacity API supports exposing the available storage capacity. This ensures that pods are scheduled to nodes with sufficient storage capacity, which reduces pod scheduling delay caused by volume creation and mounting failures. For details, see Storage Capacity.
                                                                                                                                                                          
+
                                                                                                                                                                        • gRPC container probe moves to beta.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, the gRPC probe goes to beta. The feature gate GRPCContainerProbe is available by default. For details about how to use this probe, see Configure Probes.
                                                                                                                                                                          
+
                                                                                                                                                                        • LegacyServiceAccountTokenNoAutoGeneration is enabled by default.
                                                                                                                                                                          LegacyServiceAccountTokenNoAutoGeneration moves to beta. By default, this feature is enabled, where no secret token is automatically generated for a service account. To use a token that never expires, create a secret to hold the token. For details, see Service account token Secrets.
                                                                                                                                                                          
+
                                                                                                                                                                        • IP address conflict is prevented.
                                                                                                                                                                          In Kubernetes 1.24, an IP address pool is soft reserved for the static IP addresses of Services. After you manually enable this function, Service IP addresses will be automatically from the IP address pool to minimize IP address conflict.
                                                                                                                                                                          
+
                                                                                                                                                                        • Clusters are compiled based on Go 1.18.
                                                                                                                                                                          Kubernetes clusters of versions later than 1.24 are compiled based on Go 1.18. By default, the SHA-1 hash algorithm, such as SHA1WithRSA and ECDSAWithSHA1, is no longer supported for certificate signature verification. Use the certificate generated by the SHA256 algorithm instead.
                                                                                                                                                                          
+
                                                                                                                                                                        • The maximum number of unavailable StatefulSet replicas is configurable.
                                                                                                                                                                          In Kubernetes 1.24 and later versions, the maxUnavailable parameter can be configured for StatefulSets so that pods can be stopped more quickly during a rolling update.
                                                                                                                                                                          
+
                                                                                                                                                                        • Alpha support for non-graceful node shutdown is introduced.
                                                                                                                                                                          The non-graceful node shutdown is introduced as alpha in Kubernetes v1.24. A node shutdown is considered graceful only if kubelet's node shutdown manager can detect the upcoming node shutdown action. For details, see Non-graceful node shutdown handling.
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Deprecations and Removals
                                                                                                                                                                        Kubernetes 1.25
                                                                                                                                                                        • The iptables chain ownership is cleared up.
                                                                                                                                                                          Kubernetes typically creates iptables chains to ensure data packets can be sent to the destination. These iptables chains and their names are for internal use only. These chains were never intended to be part of any Kubernetes API/ABI guarantees. For details, see Kubernetes's IPTables Chains Are Not API.
                                                                                                                                                                          
-
                                                                                                                                                                          In versions later than Kubernetes 1.25, Kubelet uses IPTablesCleanup to migrate the Kubernetes-generated iptables chains used by the components outside of Kubernetes in phases so that iptables chains such as KUBE-MARK-DROP, KUBE-MARK-MASQ, and KUBE-POSTROUTING will not be created in the NAT table. For more details, see Cleaning Up IPTables Chain Ownership.
                                                                                                                                                                          
-
                                                                                                                                                                        • In-tree volume drivers from cloud service vendors are removed.
                                                                                                                                                                        
+
                                                                                                                                                                        Deprecations and Removals
                                                                                                                                                                        Kubernetes 1.25
                                                                                                                                                                        • The iptables chain ownership is cleared up.
                                                                                                                                                                          Kubernetes typically creates iptables chains to ensure data packets can be sent to the destination. These iptables chains and their names are for internal use only. These chains were never intended to be part of any Kubernetes API/ABI guarantees. For details, see Kubernetes's IPTables Chains Are Not API.
                                                                                                                                                                          
+
                                                                                                                                                                          In versions later than Kubernetes 1.25, Kubelet uses IPTablesCleanup to migrate the Kubernetes-generated iptables chains used by the components outside of Kubernetes in phases so that iptables chains such as KUBE-MARK-DROP, KUBE-MARK-MASQ, and KUBE-POSTROUTING will not be created in the NAT table. For more details, see Cleaning Up IPTables Chain Ownership.
                                                                                                                                                                          
+
                                                                                                                                                                        • In-tree volume drivers from cloud service vendors are removed.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Kubernetes 1.24
                                                                                                                                                                        
-
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, Service.Spec.LoadBalancerIP is deprecated because it cannot be used for dual-stack protocols. Instead, use custom annotations.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the --address, --insecure-bind-address, --port, and --insecure-port=0 parameters are removed from kube-apiserver.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, startup parameters --port=0 and --address are removed from kube-controller-manager and kube-scheduler.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, kube-apiserver --audit-log-version and --audit-webhook-version support only audit.k8s.io/v1. In Kubernetes 1.24, audit.k8s.io/v1[alpha|beta]1 is removed, and only audit.k8s.io/v1 can be used.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the startup parameter --network-plugin is removed from kubelet. This Docker-specific parameter is available only when the container runtime environment is Docker and it is deleted with Dockershim.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, dynamic log clearance has been discarded and removed accordingly. A log filter is introduced to the logs of all Kubernetes system components to prevent sensitive information from being leaked through logs. However, this function may block logs and therefore is discarded. For more details, see Dynamic log sanitization and KEP-1753.
                                                                                                                                                                        • VolumeSnapshot v1beta1 CRD is discarded in Kubernetes 1.20 and removed in Kubernetes 1.24. Use VolumeSnapshot v1 instead.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, service annotation tolerate-unready-endpoints discarded in Kubernetes 1.11 is replaced by Service.spec.publishNotReadyAddresses.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the metadata.clusterName field is discarded and will be deleted in the next version.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the logic for kube-proxy to listen to NodePorts is removed. If NodePorts conflict with kernel net.ipv4.ip_local_port_range, TCP connections may fail occasionally, which leads to a health check failure or service exception. Before the upgrade, ensure that cluster NodePorts do not conflict with net.ipv4.ip_local_port_range of all nodes in the cluster. For more details, see Kubernetes PR.
                                                                                                                                                                        
+
                                                                                                                                                                        Kubernetes 1.24
                                                                                                                                                                        
+
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, Service.Spec.LoadBalancerIP is deprecated because it cannot be used for dual-stack protocols. Instead, use custom annotations.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the --address, --insecure-bind-address, --port, and --insecure-port=0 parameters are removed from kube-apiserver.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, startup parameters --port=0 and --address are removed from kube-controller-manager and kube-scheduler.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, kube-apiserver --audit-log-version and --audit-webhook-version support only audit.k8s.io/v1. In Kubernetes 1.24, audit.k8s.io/v1[alpha|beta]1 is removed, and only audit.k8s.io/v1 can be used.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the startup parameter --network-plugin is removed from kubelet. This Docker-specific parameter is available only when the container runtime environment is Docker and it is deleted with Dockershim.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, dynamic log clearance has been discarded and removed accordingly. A log filter is introduced to the logs of all Kubernetes system components to prevent sensitive information from being leaked through logs. However, this function may block logs and therefore is discarded. For more details, see Dynamic log sanitization and KEP-1753.
                                                                                                                                                                        • VolumeSnapshot v1beta1 CRD is discarded in Kubernetes 1.20 and removed in Kubernetes 1.24. Use VolumeSnapshot v1 instead.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, service annotation tolerate-unready-endpoints discarded in Kubernetes 1.11 is replaced by Service.spec.publishNotReadyAddresses.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the metadata.clusterName field is discarded and will be deleted in the next version.
                                                                                                                                                                        • In Kubernetes 1.24 and later versions, the logic for kube-proxy to listen to NodePorts is removed. If NodePorts conflict with kernel net.ipv4.ip_local_port_range, TCP connections may fail occasionally, which leads to a health check failure or service exception. Before the upgrade, ensure that cluster NodePorts do not conflict with net.ipv4.ip_local_port_range of all nodes in the cluster. For more details, see Kubernetes PR.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Enhanced Kubernetes 1.25 on CCE
                                                                                                                                                                        During a version maintenance period, CCE periodically updates Kubernetes 1.25 and provides enhanced functions.
                                                                                                                                                                        
-
                                                                                                                                                                        For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                        
+
                                                                                                                                                                        Enhanced Kubernetes 1.25 on CCE
                                                                                                                                                                        During a version maintenance period, CCE periodically updates Kubernetes 1.25 and provides enhanced functions.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        References
                                                                                                                                                                        For more details about the performance comparison and function evolution between Kubernetes 1.25 and other versions, see the following documents: 
                                                                                                                                                                        
-
+
                                                                                                                                                                        References
                                                                                                                                                                        For more details about the performance comparison and function evolution between Kubernetes 1.25 and other versions, see the following documents: 
                                                                                                                                                                        
+
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bulletin_0059.html b/docs/cce/umn/cce_bulletin_0059.html
index 2331b90c..434950cb 100644
--- a/docs/cce/umn/cce_bulletin_0059.html
+++ b/docs/cce/umn/cce_bulletin_0059.html
@@ -1,65 +1,65 @@
 
 
 
                                                                                                                                                                        Kubernetes 1.27 Release Notes
                                                                                                                                                                        
-
                                                                                                                                                                        CCE allows you to create clusters of Kubernetes 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.
                                                                                                                                                                        
-
                                                                                                                                                                        Indexes
                                                                                                                                                                        
+
                                                                                                                                                                        CCE allows you to create clusters of Kubernetes 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.
                                                                                                                                                                        
+
                                                                                                                                                                        Indexes
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        New Features
                                                                                                                                                                        Kubernetes 1.27
                                                                                                                                                                        • SeccompDefault is stable.
                                                                                                                                                                          To use SeccompDefault, add the --seccomp-default command line flag using kubelet on each node. If this feature is enabled, the RuntimeDefault profile will be used for all workloads by default, instead of the Unconfined (seccomp disabled) profile.
                                                                                                                                                                          
-
                                                                                                                                                                        • Jobs' scheduling directives are configurable.
                                                                                                                                                                          This feature was introduced in Kubernetes 1.22 and is stable in Kubernetes 1.27. In most cases, you use a Job to influence where the pods will run, like all in the same AZ. This feature allows scheduling directives to be modified before a Job starts. You can use the suspend field to suspend a Job. In the suspension phase, the scheduling directives (such as the node selector, node affinity, anti-affinity, and tolerations) in the Job's pod template can be modified. For details, see Mutable Scheduling Directives.
                                                                                                                                                                          
-
                                                                                                                                                                        • Downward API hugepages are stable.
                                                                                                                                                                          In Kubernetes 1.20, requests.hugepages-<pagesize> and limits.hugepages-<pagesize> were introduced to the downward API. Requests and limits can be configured for hugepages like other resources.
                                                                                                                                                                          
-
                                                                                                                                                                        • Pod scheduling readiness moves to beta.
                                                                                                                                                                          After a pod is created, the Kubernetes scheduler selects an appropriate node to run the pod in the pending state. In practice, some pods may stay in the pending state for a long period due to insufficient resources. These pods may affect the running of other components like Cluster Autoscaler in the cluster. By specifying or deleting .spec. schedulingGates for a pod, you can control when the pod is ready for scheduling. For details, see Pod Scheduling Readiness.
                                                                                                                                                                          
-
                                                                                                                                                                        • Accessing node logs using Kubernetes APIs is supported.
                                                                                                                                                                          This function is in the alpha phase. The cluster administrator can directly query node logs to help debug malfunctioning services running on the node. To use this function, ensure that the NodeLogQuery feature gate is enabled for that node and the kubelet configuration options enableSystemLogHandler and enableSystemLogQuery are set to true.
                                                                                                                                                                          
-
                                                                                                                                                                        • ReadWriteOncePod access mode moves to beta.
                                                                                                                                                                          Kubernetes 1.22 introduced a ReadWriteOncePod access mode for PVs and PVCs. This feature has evolved into the beta phase. A volume can be mounted to a single pod in read/write mode. Use this access mode if you want to ensure that only one pod in the cluster can read that PVC or write to it. For details, see Access Modes.
                                                                                                                                                                          
-
                                                                                                                                                                        • The matchLabelKeys field in the pod topology spread constraint moves to beta.
                                                                                                                                                                          matchLabelKeys is a list of pod label keys. It is used to select a group of pods over which spreading will be calculated. With matchLabelKeys, you do not need to update pod.spec between different revisions. The controller or operator just needs to set different values to the same label key for different revisions. The scheduler will automatically determine the values based on matchLabelKeys. For details, see Pod Topology Distribution Constraints.
                                                                                                                                                                          
-
                                                                                                                                                                        • The function of efficiently labeling SELinux volumes moves to beta.
                                                                                                                                                                          By default, the container runtime recursively assigns the SELinux label to all files on all pod volumes. To speed up this process, Kubernetes uses the mount option -o context=<label> to immediately change the SELinux label of the volume. For details, see Efficient SELinux volume relabeling.
                                                                                                                                                                          
-
                                                                                                                                                                        • VolumeManager reconstruction goes to beta.
                                                                                                                                                                          After the VolumeManager is reconstructed, if the NewVolumeManagerReconstruction feature gate is enabled, mounted volumes will be obtained in a more effective way during kubelet startup.
                                                                                                                                                                          
-
                                                                                                                                                                        • Server side field validation and OpenAPI V3 are stable.
                                                                                                                                                                          OpenAPI V3 was added in Kubernetes 1.23. In Kubernetes 1.24, it moved to beta. In Kubernetes 1.27, it is stable.
                                                                                                                                                                          
-
                                                                                                                                                                        • StatefulSet start ordinal moves to beta.
                                                                                                                                                                          Kubernetes 1.26 introduced a new, alpha-level feature for StatefulSets to control the ordinal numbering of pod replicas. Since Kubernetes 1.27, this feature moves to beta. The ordinals can start from arbitrary non-negative numbers. For details, see Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration.
                                                                                                                                                                          
-
                                                                                                                                                                        • ContainerResource metric in HorizontalPodAutoscaler moves to beta.
                                                                                                                                                                          Kubernetes 1.20 introduced the ContainerResource metric in HorizontalPodAutoscaler (HPA). In Kubernetes 1.27, this feature moves to beta, and the HPAContainerMetrics feature gate is enabled by default.
                                                                                                                                                                          
-
                                                                                                                                                                        • StatefulSet PVC auto deletion moves to beta.
                                                                                                                                                                          Kubernetes 1.27 provides a new policy to control the lifecycle of PVCs of StatefulSets. This policy allows users to specify if the PVCs generated from the StatefulSet spec template should be automatically deleted or retrained when the StatefulSet is deleted or replicas in the StatefulSet are scaled down. For details, see PersistentVolumeClaim retention.
                                                                                                                                                                          
-
                                                                                                                                                                        • Volume group snapshots are introduced.
                                                                                                                                                                          Volume group snapshots are introduced as an alpha feature in Kubernetes 1.27. This feature allows users to create snapshots for multiple volumes to ensure data consistency when a fault occurs. It uses a label selector to group multiple PVCs for snapshot. This feature only supports CSI volume drivers. For details, see Kubernetes 1.27: Introducing an API for Volume Group Snapshots.
                                                                                                                                                                          
-
                                                                                                                                                                        • kubectl apply pruning is more secure and efficient.
                                                                                                                                                                          In Kubernetes 1.5, the --prune flag was introduced in kubectl apply to delete resources that are no longer needed. This allowed kubectl apply to automatically clear resources removed from the current configuration. However, the existing implementation of --prune has design defects that degrade its performance and lead to unexpected behaviors. In Kubernetes 1.27, kubectl apply provides ApplySet-based pruning, which is in the alpha phase. For details, see Declarative Management of Kubernetes Objects Using Configuration Files.
                                                                                                                                                                          
-
                                                                                                                                                                        • Conflicts during port allocation to NodePort Service can be avoided.
                                                                                                                                                                          In Kubernetes 1.27, you can enable a new feature gate ServiceNodePortStaticSubrange to use different port allocation policies for NodePort Services. This mitigates the risk of port conflicts. This feature is in the alpha phase.
                                                                                                                                                                          
-
                                                                                                                                                                        • Resizing resources assigned to pods without restarting the containers is supported.
                                                                                                                                                                          Kubernetes 1.27 allows users to resize CPU and memory resources assigned to pods without restarting the container. This feature is in the alpha phase. For details, see Kubernetes 1.27: In-place Resource Resize for Kubernetes Pods (alpha).
                                                                                                                                                                          
-
                                                                                                                                                                        • Pod startup is accelerated.
                                                                                                                                                                          A series of parameter adjustments like parallel image pulls and increased default API query limit for kubelet per second are made in Kubernetes 1.27 to accelerate pod startup. For details, see Kubernetes 1.27: updates on speeding up Pod startup.
                                                                                                                                                                          
-
                                                                                                                                                                        • KMS V2 moves to beta.
                                                                                                                                                                          The key management KMS V2 API goes to beta. This has greatly improved the performance of the KMS encryption provider. For details, see Using a KMS provider for data encryption.
                                                                                                                                                                          
+
                                                                                                                                                                          New Features
                                                                                                                                                                          Kubernetes 1.27
                                                                                                                                                                          • SeccompDefault is stable.
                                                                                                                                                                            To use SeccompDefault, add the --seccomp-default command line flag using kubelet on each node. If this feature is enabled, the RuntimeDefault profile will be used for all workloads by default, instead of the Unconfined (seccomp disabled) profile.
                                                                                                                                                                            
+
                                                                                                                                                                          • Jobs' scheduling directives are configurable.
                                                                                                                                                                            This feature was introduced in Kubernetes 1.22 and is stable in Kubernetes 1.27. In most cases, you use a Job to influence where the pods will run, like all in the same AZ. This feature allows scheduling directives to be modified before a Job starts. You can use the suspend field to suspend a Job. In the suspension phase, the scheduling directives (such as the node selector, node affinity, anti-affinity, and tolerations) in the Job's pod template can be modified. For details, see Mutable Scheduling Directives.
                                                                                                                                                                            
+
                                                                                                                                                                          • Downward API hugepages are stable.
                                                                                                                                                                            In Kubernetes 1.20, requests.hugepages-<pagesize> and limits.hugepages-<pagesize> were introduced to the downward API. Requests and limits can be configured for hugepages like other resources.
                                                                                                                                                                            
+
                                                                                                                                                                          • Pod scheduling readiness moves to beta.
                                                                                                                                                                            After a pod is created, the Kubernetes scheduler selects an appropriate node to run the pod in the pending state. In practice, some pods may stay in the pending state for a long period due to insufficient resources. These pods may affect the running of other components like Cluster Autoscaler in the cluster. By specifying or deleting .spec. schedulingGates for a pod, you can control when the pod is ready for scheduling. For details, see Pod Scheduling Readiness.
                                                                                                                                                                            
+
                                                                                                                                                                          • Accessing node logs using Kubernetes APIs is supported.
                                                                                                                                                                            This function is in the alpha phase. The cluster administrator can directly query node logs to help debug malfunctioning services running on the node. To use this function, ensure that the NodeLogQuery feature gate is enabled for that node and the kubelet configuration options enableSystemLogHandler and enableSystemLogQuery are set to true.
                                                                                                                                                                            
+
                                                                                                                                                                          • ReadWriteOncePod access mode moves to beta.
                                                                                                                                                                            Kubernetes 1.22 introduced a ReadWriteOncePod access mode for PVs and PVCs. This feature has evolved into the beta phase. A volume can be mounted to a single pod in read/write mode. Use this access mode if you want to ensure that only one pod in the cluster can read that PVC or write to it. For details, see Access Modes.
                                                                                                                                                                            
+
                                                                                                                                                                          • The matchLabelKeys field in the pod topology spread constraint moves to beta.
                                                                                                                                                                            matchLabelKeys is a list of pod label keys. It is used to select a group of pods over which spreading will be calculated. With matchLabelKeys, you do not need to update pod.spec between different revisions. The controller or operator just needs to set different values to the same label key for different revisions. The scheduler will automatically determine the values based on matchLabelKeys. For details, see Pod Topology Distribution Constraints.
                                                                                                                                                                            
+
                                                                                                                                                                          • The function of efficiently labeling SELinux volumes moves to beta.
                                                                                                                                                                            By default, the container runtime recursively assigns the SELinux label to all files on all pod volumes. To speed up this process, Kubernetes uses the mount option -o context=<label> to immediately change the SELinux label of the volume. For details, see Efficient SELinux volume relabeling.
                                                                                                                                                                            
+
                                                                                                                                                                          • VolumeManager reconstruction goes to beta.
                                                                                                                                                                            After the VolumeManager is reconstructed, if the NewVolumeManagerReconstruction feature gate is enabled, mounted volumes will be obtained in a more effective way during kubelet startup.
                                                                                                                                                                            
+
                                                                                                                                                                          • Server side field validation and OpenAPI V3 are stable.
                                                                                                                                                                            OpenAPI V3 was added in Kubernetes 1.23. In Kubernetes 1.24, it moved to beta. In Kubernetes 1.27, it is stable.
                                                                                                                                                                            
+
                                                                                                                                                                          • StatefulSet start ordinal moves to beta.
                                                                                                                                                                            Kubernetes 1.26 introduced a new, alpha-level feature for StatefulSets to control the ordinal numbering of pod replicas. Since Kubernetes 1.27, this feature moves to beta. The ordinals can start from arbitrary non-negative numbers. For details, see Kubernetes 1.27: StatefulSet Start Ordinal Simplifies Migration.
                                                                                                                                                                            
+
                                                                                                                                                                          • ContainerResource metric in HorizontalPodAutoscaler moves to beta.
                                                                                                                                                                            Kubernetes 1.20 introduced the ContainerResource metric in HorizontalPodAutoscaler (HPA). In Kubernetes 1.27, this feature moves to beta, and the HPAContainerMetrics feature gate is enabled by default.
                                                                                                                                                                            
+
                                                                                                                                                                          • StatefulSet PVC auto deletion moves to beta.
                                                                                                                                                                            Kubernetes 1.27 provides a new policy to control the lifecycle of PVCs of StatefulSets. This policy allows users to specify if the PVCs generated from the StatefulSet spec template should be automatically deleted or retained when the StatefulSet is deleted or replicas in the StatefulSet are scaled down. For details, see PersistentVolumeClaim retention.
                                                                                                                                                                            
+
                                                                                                                                                                          • Volume group snapshots are introduced.
                                                                                                                                                                            Volume group snapshots are introduced as an alpha feature in Kubernetes 1.27. This feature allows users to create snapshots for multiple volumes to ensure data consistency when a fault occurs. It uses a label selector to group multiple PVCs for snapshot. This feature only supports CSI volume drivers. For details, see Kubernetes 1.27: Introducing an API for Volume Group Snapshots.
                                                                                                                                                                            
+
                                                                                                                                                                          • kubectl apply pruning is more secure and efficient.
                                                                                                                                                                            In Kubernetes 1.5, the --prune flag was introduced in kubectl apply to delete resources that are no longer needed. This allowed kubectl apply to automatically clear resources removed from the current configuration. However, the existing implementation of --prune has design defects that degrade its performance and lead to unexpected behaviors. In Kubernetes 1.27, kubectl apply provides ApplySet-based pruning, which is in the alpha phase. For details, see Declarative Management of Kubernetes Objects Using Configuration Files.
                                                                                                                                                                            
+
                                                                                                                                                                          • Conflicts during port allocation to NodePort Service can be avoided.
                                                                                                                                                                            In Kubernetes 1.27, you can enable a new feature gate ServiceNodePortStaticSubrange to use different port allocation policies for NodePort Services. This mitigates the risk of port conflicts. This feature is in the alpha phase.
                                                                                                                                                                            
+
                                                                                                                                                                          • Resizing resources assigned to pods without restarting the containers is supported.
                                                                                                                                                                            Kubernetes 1.27 allows users to resize CPU and memory resources assigned to pods without restarting the container. This feature is in the alpha phase. For details, see Kubernetes 1.27: In-place Resource Resize for Kubernetes Pods (alpha).
                                                                                                                                                                            
+
                                                                                                                                                                          • Pod startup is accelerated.
                                                                                                                                                                            A series of parameter adjustments like parallel image pulls and increased default API query limit for kubelet per second are made in Kubernetes 1.27 to accelerate pod startup. For details, see Kubernetes 1.27: updates on speeding up Pod startup.
                                                                                                                                                                            
+
                                                                                                                                                                          • KMS V2 moves to beta.
                                                                                                                                                                            The key management KMS V2 API goes to beta. This has greatly improved the performance of the KMS encryption provider. For details, see Using a KMS provider for data encryption.
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Kubernetes 1.26
                                                                                                                                                                          
-
                                                                                                                                                                          • CRI v1alpha2 is removed.
                                                                                                                                                                            Kubernetes 1.26 does not support CRI v1alpha2 any longer. Use CRI v1 (containerd version must be later than or equal to 1.5.0). containerd 1.5.x or earlier is not supported by Kubernetes 1.26. Update the containerd version to 1.6.x or later before upgrading kubelet to 1.26.
                                                                                                                                                                             
                                                                                                                                                                            The containerd version used by CCE is 1.6.14, which meets the requirements. If the existing nodes do not meet the containerd version requirements, reset them to the latest version.
                                                                                                                                                                            
+
                                                                                                                                                                            Kubernetes 1.26
                                                                                                                                                                            
+
                                                                                                                                                                            • CRI v1alpha2 is removed.
                                                                                                                                                                              Kubernetes 1.26 does not support CRI v1alpha2 any longer. Use CRI v1 (containerd version must be later than or equal to 1.5.0). containerd 1.5.x or earlier is not supported by Kubernetes 1.26. Update the containerd version to 1.6.x or later before upgrading kubelet to 1.26.
                                                                                                                                                                               
                                                                                                                                                                              The containerd version used by CCE is 1.6.14, which meets the requirements. If the existing nodes do not meet the containerd version requirements, reset them to the latest version.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                            • Alpha API for dynamic resource allocation is added.
                                                                                                                                                                              In Kubernetes 1.26, Dynamic Resource Allocation is added to request and share resources between pods and between containers in a pod. Resources can be initialized based on parameters provided by the user. This function is still in the alpha phase. You need to enable the DynamicResourceAllocation feature gate and the resource.k8s.io/v1alpha1 API group. You need to install drivers for specific resources to be managed. For details, see Kubernetes 1.26: Alpha API for Dynamic Resource Allocation.
                                                                                                                                                                              
-
                                                                                                                                                                            • The non-graceful node shutdown feature goes to beta.
                                                                                                                                                                              In Kubernetes 1.26, the non-graceful node shutdown feature goes to beta and is enabled by default. A node shutdown can be graceful only if the kubelet's node shutdown manager can detect the upcoming node shutdown action. For details, see Non-graceful node shutdown handling.
                                                                                                                                                                              
-
                                                                                                                                                                            • Passing pod fsGroup to CSI drivers during mounting is supported.
                                                                                                                                                                              In Kubernetes 1.22, delegation of fsGroup to CSI drivers was first introduced as an alpha feature. In Kubernetes 1.25, it moved to beta. In Kubernetes 1.26, this feature enters the official release phase. For details, see Delegating volume permission and ownership change to CSI driver.
                                                                                                                                                                              
-
                                                                                                                                                                            • Pod scheduling readiness is introduced.
                                                                                                                                                                              Kubernetes 1.26 introduces a new feature schedulingGates, which enables the scheduler to detect when pod scheduling can be performed. For details, see Pod Scheduling Readiness.
                                                                                                                                                                              
-
                                                                                                                                                                            • CPU manager is officially released.
                                                                                                                                                                              The CPU manager is a part of kubelet. Since Kubernetes 1.10, it has moved to beta. The CPU manager can allocate exclusive CPUs to containers. This feature is stable in Kubernetes 1.26. For details, see Control CPU Management Policies on the Node.
                                                                                                                                                                              
-
                                                                                                                                                                            • Kubernetes traffic engineering is advanced.
                                                                                                                                                                              Internal node-local traffic optimization and EndpointSlice conditions are upgraded to the official release version. ProxyTerminatingEndpoints moves to beta.
                                                                                                                                                                              
-
                                                                                                                                                                            • Cross-namespace volume data sources are supported.
                                                                                                                                                                              This feature allows you to specify a data source that belongs to different namespaces for a PVC. This feature is in the alpha phase. For details, see Cross namespace data sources.
                                                                                                                                                                              
-
                                                                                                                                                                            • Retroactive default StorageClass assignment moves to beta.
                                                                                                                                                                              In Kubernetes 1.25, an alpha feature was introduced to change the way how a default StorageClass is allocated to a PVC. After this feature is enabled, you no longer need to create a default StorageClass and then create a PVC to assign the class. Additionally, any PVCs without a StorageClass assigned can be updated later. This feature moves to beta in Kubernetes 1.26. For details, see Retroactive default StorageClass assignment.
                                                                                                                                                                              
-
                                                                                                                                                                            • PodDisruptionBudget allows users to specify the eviction policies for unhealthy pods.
                                                                                                                                                                              You are allowed to specify unhealthy pod eviction policies for PodDisruptionBudget (PDB). This feature helps ensure node availability during node management. This feature is in the beta phase. For details, see Unhealthy Pod Eviction Policy.
                                                                                                                                                                              
-
                                                                                                                                                                            • The number of Horizontal Pod Autoscaler (HPA) can be configured.
                                                                                                                                                                              kube-controller-manager allows --concurrent-horizontal-pod-autoscaler-syncs to configure the number of worker nodes of the pod autoscaler for horizontal scaling. 
                                                                                                                                                                              
+
                                                                                                                                                                            • Alpha API for dynamic resource allocation is added.
                                                                                                                                                                              In Kubernetes 1.26, Dynamic Resource Allocation is added to request and share resources between pods and between containers in a pod. Resources can be initialized based on parameters provided by the user. This function is still in the alpha phase. You need to enable the DynamicResourceAllocation feature gate and the resource.k8s.io/v1alpha1 API group. You need to install drivers for specific resources to be managed. For details, see Kubernetes 1.26: Alpha API for Dynamic Resource Allocation.
                                                                                                                                                                              
+
                                                                                                                                                                            • The non-graceful node shutdown feature goes to beta.
                                                                                                                                                                              In Kubernetes 1.26, the non-graceful node shutdown feature goes to beta and is enabled by default. A node shutdown can be graceful only if the kubelet's node shutdown manager can detect the upcoming node shutdown action. For details, see Non-graceful node shutdown handling.
                                                                                                                                                                              
+
                                                                                                                                                                            • Passing pod fsGroup to CSI drivers during mounting is supported.
                                                                                                                                                                              In Kubernetes 1.22, delegation of fsGroup to CSI drivers was first introduced as an alpha feature. In Kubernetes 1.25, it moved to beta. In Kubernetes 1.26, this feature enters the official release phase. For details, see Delegating volume permission and ownership change to CSI driver.
                                                                                                                                                                              
+
                                                                                                                                                                            • Pod scheduling readiness is introduced.
                                                                                                                                                                              Kubernetes 1.26 introduces a new feature schedulingGates, which enables the scheduler to detect when pod scheduling can be performed. For details, see Pod Scheduling Readiness.
                                                                                                                                                                              
+
                                                                                                                                                                            • CPU manager is officially released.
                                                                                                                                                                              The CPU manager is a part of kubelet. Since Kubernetes 1.10, it has moved to beta. The CPU manager can allocate exclusive CPUs to containers. This feature is stable in Kubernetes 1.26. For details, see Control CPU Management Policies on the Node.
                                                                                                                                                                              
+
                                                                                                                                                                            • Kubernetes traffic engineering is advanced.
                                                                                                                                                                              Internal node-local traffic optimization and EndpointSlice conditions are upgraded to the official release version. ProxyTerminatingEndpoints moves to beta.
                                                                                                                                                                              
+
                                                                                                                                                                            • Cross-namespace volume data sources are supported.
                                                                                                                                                                              This feature allows you to specify a data source that belongs to different namespaces for a PVC. This feature is in the alpha phase. For details, see Cross namespace data sources.
                                                                                                                                                                              
+
                                                                                                                                                                            • Retroactive default StorageClass assignment moves to beta.
                                                                                                                                                                              In Kubernetes 1.25, an alpha feature was introduced to change the way how a default StorageClass is allocated to a PVC. After this feature is enabled, you no longer need to create a default StorageClass and then create a PVC to assign the class. Additionally, any PVCs without a StorageClass assigned can be updated later. This feature moves to beta in Kubernetes 1.26. For details, see Retroactive default StorageClass assignment.
                                                                                                                                                                              
+
                                                                                                                                                                            • PodDisruptionBudget allows users to specify the eviction policies for unhealthy pods.
                                                                                                                                                                              You are allowed to specify unhealthy pod eviction policies for PodDisruptionBudget (PDB). This feature helps ensure node availability during node management. This feature is in the beta phase. For details, see Unhealthy Pod Eviction Policy.
                                                                                                                                                                              
+
                                                                                                                                                                            • The number of Horizontal Pod Autoscaler (HPA) can be configured.
                                                                                                                                                                              kube-controller-manager allows --concurrent-horizontal-pod-autoscaler-syncs to configure the number of worker nodes of the pod autoscaler for horizontal scaling. 
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            Deprecations and Removals
                                                                                                                                                                            Kubernetes 1.27
                                                                                                                                                                            
-
                                                                                                                                                                            • In Kubernetes 1.27, the feature gates that are used for volume extension and in the General Availability (GA) status, including ExpandCSIVolumes, ExpandInUsePersistentVolumes, and ExpandPersistentVolumes are removed and can no longer be referenced in the --feature-gates flag.
                                                                                                                                                                            • The --master-service-namespace parameter is removed. This parameter specifies where to create a Service named kubernetes to represent the API server. This parameter was deprecated in Kubernetes 1.26 and is removed from Kubernetes 1.27.
                                                                                                                                                                            • The ControllerManagerLeaderMigration feature gate is removed. Leader Migration provides a mechanism for HA clusters to safely migrate "cloud specific" controllers using a resource lock shared between kube-controller-manager and cloud-controller-manager when upgrading the replicated control plane. This feature has been enabled unconditionally since its release in Kubernetes 1.24. In Kubernetes 1.27, this feature is removed.
                                                                                                                                                                            • The --enable-taint-manager parameter is removed. The feature that it supports, taint-based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed.
                                                                                                                                                                            • The --pod-eviction-timeout parameter is removed from kube-controller-manager.
                                                                                                                                                                            • The CSIMigration feature gate is removed. The CSI migration program allows smooth migration from the in-tree volume plug-ins to the out-of-tree CSI drivers. This feature was officially released in Kubernetes 1.16.
                                                                                                                                                                            • The CSIInlineVolume feature gate is removed. The feature (CSI Ephemeral Volume) allows CSI volumes to be specified directly in the pod specification for ephemeral use cases. They can be used to inject arbitrary states, such as configuration, secrets, identity, variables, or similar information, directly inside the pod using a mounted volume. This feature graduated to GA in Kubernetes 1.25 and is removed in Kubernetes 1.27.
                                                                                                                                                                            • The EphemeralContainers feature gate is removed. For Kubernetes 1.27, API support for ephemeral containers is unconditionally enabled.
                                                                                                                                                                            • The LocalStorageCapacityIsolation feature gate is removed. This feature gate (Local Ephemeral Storage Capacity Isolation) moved to GA in Kubernetes 1.25. The feature provides support for capacity isolation of local ephemeral storage between pods, such as emptyDir volumes, so that a pod can be limited in its consumption of shared resources. The kubelet will evict a pod if its consumption of local ephemeral storage exceeds the configured limit.
                                                                                                                                                                            • The NetworkPolicyEndPort feature gate is removed. In Kubernetes 1.25, endPort in NetworkPolicy moved to GA. NetworkPolicy providers that support the endPort field can be used to specify a range of ports to apply NetworkPolicy.
                                                                                                                                                                            • The StatefulSetMinReadySeconds feature gate is removed. For a pod that is part of a StatefulSet, Kubernetes marks the pod as read-only when the pod is available (and passes the check) at least within the period specified in the minReadySeconds. This feature was officially released in Kubernetes 1.25. It is locked to true and removed from Kubernetes 1.27.
                                                                                                                                                                            • The IdentifyPodOS feature gate is removed. If this feature is enabled, you can specify an OS for a pod. It has been stable since Kubernetes 1.25. This feature is removed from Kubernetes 1.27.
                                                                                                                                                                            • The DaemonSetUpdateSurge feature gate is removed. In Kubernetes 1.25, this feature was stable. It was implemented to minimize DaemonSet downtime during deployment, but it is removed from Kubernetes 1.27.
                                                                                                                                                                            • The --container-runtime parameter is removed. kubelet accepts a deprecated parameter --container-runtime, and the only valid value will be remote after the dockershim code is removed. This parameter was deprecated in 1.24 and later versions and is removed from Kubernetes 1.27.
                                                                                                                                                                            
-
                                                                                                                                                                            Kubernetes 1.26
                                                                                                                                                                            
-
                                                                                                                                                                            • HorizontalPodAutoscaler API for v2beta2 is removed.
                                                                                                                                                                              The autoscaling/v2beta2 API of HorizontalPodAutoscaler is no longer available in Kubernetes 1.26. For details, see Removed APIs by release. Use autoscaling/v2 API instead.
                                                                                                                                                                              
-
                                                                                                                                                                            • The flowcontrol.apiserver.k8s.io/v1beta1 API is removed.
                                                                                                                                                                              In Kubernetes 1.26 and later versions, the API of the flowcontrol.apiserver.k8s.io/v1beta1 version for FlowSchema and PriorityLevelConfiguration is no longer served. For details, see Removed APIs by release. The flowcontrol.apiserver.k8s.io/v1beta2 version is available in Kubernetes 1.23 and later versions, and the flowcontrol.apiserver.k8s.io/v1beta3 version is available in Kubernetes 1.26 and later versions.
                                                                                                                                                                              
-
                                                                                                                                                                            • The cloud service vendors' in-tree storage drivers are removed.
                                                                                                                                                                            • The kube-proxy userspace mode is removed.
                                                                                                                                                                              The deprecated userspace mode is no longer supported by Linux or Windows. Linux users can use Iptables or IPVS, and Windows users can use the Kernelspace mode. Errors are returned if you use --mode userspace.
                                                                                                                                                                              
-
                                                                                                                                                                              • Windows winkernel kube-proxy no longer supports Windows HNS v1 APIs.
                                                                                                                                                                              
-
                                                                                                                                                                            • --prune-whitelist flag is deprecated.
                                                                                                                                                                              The --prune-whitelist flag is deprecated and replaced by --prune-allowlist to support Inclusive Naming Initiative. This deprecated flag will be completely removed in later versions.
                                                                                                                                                                              
-
                                                                                                                                                                            • The DynamicKubeletConfig feature gate is removed.
                                                                                                                                                                              The kubelet configuration of nodes can be dynamically updated through the API. The feature gate is removed from the kubelet in Kubernetes 1.24 and removed from the API server in Kubernetes 1.26. This simplifies the code and improves stability. It is recommended that you modify the kubelet configuration file instead and then restart the kubelet. For details, see Remove DynamicKubeletConfig feature gate from the code.
                                                                                                                                                                              
-
                                                                                                                                                                            • A kube-apiserver command line parameter is removed.
                                                                                                                                                                              The --master-service-namespace parameter is deprecated. It is unused in the API Server.
                                                                                                                                                                              
-
                                                                                                                                                                            • Several kubectl run parameters are deprecated.
                                                                                                                                                                              Several unused kubectl subcommands are marked as deprecated and will be removed in later versions. These subcommands include --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, and --wait.
                                                                                                                                                                              
-
                                                                                                                                                                            • Some command line parameters related to logging are removed.
                                                                                                                                                                              Some logging-related command line parameters are removed. These parameters were deprecated in earlier versions.
                                                                                                                                                                              
+
                                                                                                                                                                              Deprecations and Removals
                                                                                                                                                                              Kubernetes 1.27
                                                                                                                                                                              
+
                                                                                                                                                                              • In Kubernetes 1.27, the feature gates that are used for volume extension and in the General Availability (GA) status, including ExpandCSIVolumes, ExpandInUsePersistentVolumes, and ExpandPersistentVolumes are removed and can no longer be referenced in the --feature-gates flag.
                                                                                                                                                                              • The --master-service-namespace parameter is removed. This parameter specifies where to create a Service named kubernetes to represent the API server. This parameter was deprecated in Kubernetes 1.26 and is removed from Kubernetes 1.27.
                                                                                                                                                                              • The ControllerManagerLeaderMigration feature gate is removed. Leader Migration provides a mechanism for HA clusters to safely migrate "cloud specific" controllers using a resource lock shared between kube-controller-manager and cloud-controller-manager when upgrading the replicated control plane. This feature has been enabled unconditionally since its release in Kubernetes 1.24. In Kubernetes 1.27, this feature is removed.
                                                                                                                                                                              • The --enable-taint-manager parameter is removed. The feature that it supports, taint-based eviction, is enabled by default and will continue to be implicitly enabled when the flag is removed.
                                                                                                                                                                              • The --pod-eviction-timeout parameter is removed from kube-controller-manager.
                                                                                                                                                                              • The CSIMigration feature gate is removed. The CSI migration program allows smooth migration from the in-tree volume plug-ins to the out-of-tree CSI drivers. This feature was officially released in Kubernetes 1.16.
                                                                                                                                                                              • The CSIInlineVolume feature gate is removed. The feature (CSI Ephemeral Volume) allows CSI volumes to be specified directly in the pod specification for ephemeral use cases. They can be used to inject arbitrary states, such as configuration, secrets, identity, variables, or similar information, directly inside the pod using a mounted volume. This feature graduated to GA in Kubernetes 1.25 and is removed in Kubernetes 1.27.
                                                                                                                                                                              • The EphemeralContainers feature gate is removed. For Kubernetes 1.27, API support for ephemeral containers is unconditionally enabled.
                                                                                                                                                                              • The LocalStorageCapacityIsolation feature gate is removed. This feature gate (Local Ephemeral Storage Capacity Isolation) moved to GA in Kubernetes 1.25. The feature provides support for capacity isolation of local ephemeral storage between pods, such as emptyDir volumes, so that a pod can be limited in its consumption of shared resources. The kubelet will evict a pod if its consumption of local ephemeral storage exceeds the configured limit.
                                                                                                                                                                              • The NetworkPolicyEndPort feature gate is removed. In Kubernetes 1.25, endPort in NetworkPolicy moved to GA. NetworkPolicy providers that support the endPort field can be used to specify a range of ports to apply NetworkPolicy.
                                                                                                                                                                              • The StatefulSetMinReadySeconds feature gate is removed. For a pod that is part of a StatefulSet, Kubernetes marks the pod as read-only when the pod is available (and passes the check) at least within the period specified in the minReadySeconds. This feature was officially released in Kubernetes 1.25. It is locked to true and removed from Kubernetes 1.27.
                                                                                                                                                                              • The IdentifyPodOS feature gate is removed. If this feature is enabled, you can specify an OS for a pod. It has been stable since Kubernetes 1.25. This feature is removed from Kubernetes 1.27.
                                                                                                                                                                              • The DaemonSetUpdateSurge feature gate is removed. In Kubernetes 1.25, this feature was stable. It was implemented to minimize DaemonSet downtime during deployment, but it is removed from Kubernetes 1.27.
                                                                                                                                                                              • The --container-runtime parameter is removed. kubelet accepts a deprecated parameter --container-runtime, and the only valid value will be remote after the dockershim code is removed. This parameter was deprecated in 1.24 and later versions and is removed from Kubernetes 1.27.
                                                                                                                                                                              
+
                                                                                                                                                                              Kubernetes 1.26
                                                                                                                                                                              
+
                                                                                                                                                                              • HorizontalPodAutoscaler API for v2beta2 is removed.
                                                                                                                                                                                The autoscaling/v2beta2 API of HorizontalPodAutoscaler is no longer available in Kubernetes 1.26. For details, see Removed APIs by release. Use autoscaling/v2 API instead.
                                                                                                                                                                                
+
                                                                                                                                                                              • The flowcontrol.apiserver.k8s.io/v1beta1 API is removed.
                                                                                                                                                                                In Kubernetes 1.26 and later versions, the API of the flowcontrol.apiserver.k8s.io/v1beta1 version for FlowSchema and PriorityLevelConfiguration is no longer served. For details, see Removed APIs by release. The flowcontrol.apiserver.k8s.io/v1beta2 version is available in Kubernetes 1.23 and later versions, and the flowcontrol.apiserver.k8s.io/v1beta3 version is available in Kubernetes 1.26 and later versions.
                                                                                                                                                                                
+
                                                                                                                                                                              • The cloud service vendors' in-tree storage drivers are removed.
                                                                                                                                                                              • The kube-proxy userspace mode is removed.
                                                                                                                                                                                The deprecated userspace mode is no longer supported by Linux or Windows. Linux users can use Iptables or IPVS, and Windows users can use the Kernelspace mode. Errors are returned if you use --mode userspace.
                                                                                                                                                                                
+
                                                                                                                                                                                • Windows winkernel kube-proxy no longer supports Windows HNS v1 APIs.
                                                                                                                                                                                
+
                                                                                                                                                                              • --prune-whitelist flag is deprecated.
                                                                                                                                                                                The --prune-whitelist flag is deprecated and replaced by --prune-allowlist to support Inclusive Naming Initiative. This deprecated flag will be completely removed in later versions.
                                                                                                                                                                                
+
                                                                                                                                                                              • The DynamicKubeletConfig feature gate is removed.
                                                                                                                                                                                The kubelet configuration of nodes can be dynamically updated through the API. The feature gate is removed from the kubelet in Kubernetes 1.24 and removed from the API server in Kubernetes 1.26. This simplifies the code and improves stability. It is recommended that you modify the kubelet configuration file instead and then restart the kubelet. For details, see Remove DynamicKubeletConfig feature gate from the code.
                                                                                                                                                                                
+
                                                                                                                                                                              • A kube-apiserver command line parameter is removed.
                                                                                                                                                                                The --master-service-namespace parameter is deprecated. It is unused in the API Server.
                                                                                                                                                                                
+
                                                                                                                                                                              • Several kubectl run parameters are deprecated.
                                                                                                                                                                                Several unused kubectl subcommands are marked as deprecated and will be removed in later versions. These subcommands include --cascade, --filename, --force, --grace-period, --kustomize, --recursive, --timeout, and --wait.
                                                                                                                                                                                
+
                                                                                                                                                                              • Some command line parameters related to logging are removed.
                                                                                                                                                                                Some logging-related command line parameters are removed. These parameters were deprecated in earlier versions.
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Enhanced Kubernetes 1.27 on CCE
                                                                                                                                                                              During a version maintenance period, CCE periodically updates Kubernetes 1.27 and provides enhanced functions.
                                                                                                                                                                              
-
                                                                                                                                                                              For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                              
+
                                                                                                                                                                              Enhanced Kubernetes 1.27 on CCE
                                                                                                                                                                              During a version maintenance period, CCE periodically updates Kubernetes 1.27 and provides enhanced functions.
                                                                                                                                                                              
+
                                                                                                                                                                              For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              References
                                                                                                                                                                              For more details about the performance comparison and function evolution between Kubernetes 1.27 and other versions, see the following documents:
                                                                                                                                                                              
-
+
                                                                                                                                                                              References
                                                                                                                                                                              For more details about the performance comparison and function evolution between Kubernetes 1.27 and other versions, see the following documents:
                                                                                                                                                                              
+
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bulletin_0061.html b/docs/cce/umn/cce_bulletin_0061.html
index b5c7f171..c6ad6f18 100644
--- a/docs/cce/umn/cce_bulletin_0061.html
+++ b/docs/cce/umn/cce_bulletin_0061.html
@@ -1,14 +1,15 @@
 
 
 
                                                                                                                                                                              CCE Console Upgrade
                                                                                                                                                                              
-
                                                                                                                                                                              Dear users,
                                                                                                                                                                              
+
                                                                                                                                                                              Released: Sep 3, 2023
                                                                                                                                                                              
+
                                                                                                                                                                              Dear users,
                                                                                                                                                                              
 
                                                                                                                                                                              We are pleased to announce that a brand-new CCE console is available. The new console is modern, visually appealing, and concise, providing a more comfortable and enjoyable user experience.
                                                                                                                                                                              
 
                                                                                                                                                                              We have optimized the UI, including the colors, fonts, and icons. This makes the entire console clearer and easier to operate. Additionally, we have added some new interaction pages to help you use your clusters more efficiently and conveniently.
                                                                                                                                                                              
 
                                                                                                                                                                              We believe that the new CCE console will improve your user experience. If you have any questions or suggestions, feel free to contact our customer service. Thank you for your support and trust.
                                                                                                                                                                              
 
                                                                                                                                                                              The upgrade involves the following:
                                                                                                                                                                              
 
 
                                                                                                                                                                              Optimized Cluster Management Page
                                                                                                                                                                              The cluster management page has been optimized:
                                                                                                                                                                              
-
                                                                                                                                                                              • New cluster classification
                                                                                                                                                                                The CCE service is upgraded. It now provides CCE standard and CCE Turbo clusters. The original CCE clusters are renamed the CCE standard clusters. This kind of cluster is not a new type.
                                                                                                                                                                                
+
                                                                                                                                                                                • New cluster classification
                                                                                                                                                                                  The CCE service is upgraded. It now provides CCE standard and CCE Turbo clusters. The original CCE clusters are renamed the CCE standard clusters. This kind of cluster is not a new cluster type.
                                                                                                                                                                                  
 
                                                                                                                                                                                • New design of the cluster panes
                                                                                                                                                                                  Cluster panes are now simpler and more practical. The button icons on the original cluster panes are canceled. All entries are labeled in words, and infrequently used buttons are hidden.
                                                                                                                                                                                  
 
                                                                                                                                                                                • New classification of cluster functions
                                                                                                                                                                                  The Resources and O&M categories in the navigation pane of the cluster console have been removed. The new categories are classified based on the Kubernetes native functions and the CCE cluster management and O&M observation functions.
                                                                                                                                                                                  
 
                                                                                                                                                                                
@@ -19,87 +20,94 @@
 
                                                                                                                                                                                Optimized Add-ons Page
                                                                                                                                                                                CCE has made the following changes to the Add-ons page:
                                                                                                                                                                                
 
                                                                                                                                                                                • The classification of CCE add-ons is now more concise, helping you quickly locate the needed add-ons.
                                                                                                                                                                                • The new add-on names and introductions will help you understand the scenarios where these add-ons can be used and provide effective usage guidance.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 1 Add-on classification and names
                                                                                                                                                                                Category
                                                                                                                                                                                
+
                                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
diff --git a/docs/cce/umn/cce_bulletin_0068.html b/docs/cce/umn/cce_bulletin_0068.html
index ee28efdf..15c7f109 100644
--- a/docs/cce/umn/cce_bulletin_0068.html
+++ b/docs/cce/umn/cce_bulletin_0068.html
@@ -1,41 +1,41 @@
 
                                                                                                                                                                                Kubernetes 1.28 Release Notes
                                                                                                                                                                                
-
                                                                                                                                                                                CCE allows you to create Kubernetes clusters 1.28. This section describes the changes made in Kubernetes 1.28.
                                                                                                                                                                                
-
                                                                                                                                                                                Indexes
                                                                                                                                                                                
+
                                                                                                                                                                                CCE allows you to create Kubernetes clusters 1.28. This section describes the changes made in Kubernetes 1.28.
                                                                                                                                                                                
+
                                                                                                                                                                                Indexes
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Important Notes
                                                                                                                                                                                • In Kubernetes 1.28, the scheduling framework is improved to reduce useless retries. The overall scheduling performance is enhanced. If a custom scheduler plugin is used in a cluster, you can perform the adaptation upgrade following instructions in GitHub.
                                                                                                                                                                                • The Ceph FS in-tree plugin has been deprecated in Kubernetes 1.28 and will be removed in Kubernetes 1.31. (The community does not plan to support CSI migration.) Use Ceph CSI driver instead.
                                                                                                                                                                                • The Ceph RBD in-tree plugin has been deprecated in Kubernetes 1.28 and will be removed in Kubernetes 1.31. (The community does not plan to support CSI migration.) Use RBD Ceph CSI driver instead.
                                                                                                                                                                                
+
                                                                                                                                                                                Important Notes
                                                                                                                                                                                • In Kubernetes 1.28, the scheduling framework is improved to reduce useless retries. The overall scheduling performance is enhanced. If a custom scheduler plugin is used in a cluster, you can perform the adaptation upgrade following instructions in GitHub.
                                                                                                                                                                                • The Ceph FS in-tree plugin has been deprecated in Kubernetes 1.28 and will be removed in Kubernetes 1.31. (The community does not plan to support CSI migration.) Use Ceph CSI driver instead.
                                                                                                                                                                                • The Ceph RBD in-tree plugin has been deprecated in Kubernetes 1.28 and will be removed in Kubernetes 1.31. (The community does not plan to support CSI migration.) Use RBD Ceph CSI driver instead.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                New and Enhanced Features
                                                                                                                                                                                Features in alpha stage are disabled by default, those in beta stage are enabled by default, and those in General Availability (GA) stage are always enabled and they cannot be disabled. The function of turning on or off the features in GA stage will be removed in later Kubernetes versions. CCE policies for new features are the same as those in the community.
                                                                                                                                                                                
-
                                                                                                                                                                                • The version skew policy is expanded to three versions.
                                                                                                                                                                                  Starting with control planes 1.28 and worker nodes 1.25, the Kubernetes skew policy expands the supported control plane and worker node skew to three versions. This enables annual minor version upgrades of nodes while staying on supported minor versions. For details, see Version Skew Policy.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Retroactive Default StorageClass moves to GA.
                                                                                                                                                                                  The retroactive default StorageClass assignment graduates to GA. This enhancement brings a significant improvement to how default StorageClasses are assigned to PersistentVolumeClaims (PVCs).
                                                                                                                                                                                  
-
                                                                                                                                                                                  The PersistentVolume (PV) controller has been modified to automatically assign a default StorageClass to any unbound PVC with storageClassName not configured. Additionally, the PVC admission validation mechanism within the API server has been adjusted to allow changing values from an unset state to an actual StorageClass name. For details, see Retroactive default StorageClass assignment.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Native sidecar containers are introduced.
                                                                                                                                                                                  The native sidecar containers are available in alpha. Kubernetes 1.28 adds restartPolicy to Init containers. This field is available when the SidecarContainers feature gate is enabled. However, there are still some problems to be solved in the native sidecar containers. Therefore, the Kubernetes community recommends only using this feature gate in short lived testing clusters at the alpha phase. For details, see Introducing native sidecar containers.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Mixed version proxy is introduced.
                                                                                                                                                                                  A new mechanism (mixed version proxy) is released to improve cluster upgrade. It is an alpha feature in Kubernetes 1.28. When a cluster undergoes an upgrade, API servers of different versions in the cluster can serve different sets (groups, versions, or resources) of built-in resources. A resource request made in this scenario may be served by any of the available API servers, potentially resulting in the request ending up at an API server that may not be aware of the requested resource. As a result, the request fails. This feature can solve this problem. (Note that CCE provides hitless upgrade. Therefore, this feature is not used in CCE clusters.) For details, see A New (alpha) Mechanism For Safer Cluster Upgrades.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Non-graceful node shutdown moves to GA.
                                                                                                                                                                                  The non-graceful node shutdown is now GA in Kubernetes 1.28. When a node was shut down and that shutdown was not detected by the Kubelet's Node Shutdown Manager, the StatefulSet pods that run on this node will stay in the terminated state and cannot be moved to a running node. If you have confirmed that the shutdown node is unrecoverable, you can add an out-of-service taint to the node. This ensures that the StatefulSet pods and VolumeAttachments on this node can be forcibly deleted and the corresponding pods will be created on a healthy node. For details, see Non-Graceful Node Shutdown Moves to GA.
                                                                                                                                                                                  
-
                                                                                                                                                                                • NodeSwap moves to beta.
                                                                                                                                                                                  Support for NodeSwap goes to beta in Kubernetes 1.28. NodeSwap is disabled by default and can be enabled using the NodeSwap feature gate. NodeSwap allows you to configure swap memory usage for Kubernetes workloads running on Linux on a per-node basis. Note that although NodeSwap has reached beta, there are still some problems to be solved and security risks to be enhanced. For details, see Beta Support for Using Swap on Linux.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Two Job-related features are added.
                                                                                                                                                                                  Two alpha features are introduced: Delayed creation of replacement pods and Backoff limit per index.
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Delayed creation of replacement pods
                                                                                                                                                                                    By default, when a pod enters the terminating state (for example, due to the preemption or eviction), Kubernetes immediately creates a replacement pod. Therefore, both pods are running concurrently.
                                                                                                                                                                                    
-
                                                                                                                                                                                    In Kubernetes 1.28, this feature can be enabled by turning on the JobPodReplacementPolicy feature gate. With this feature gate enabled, you can set the podReplacementPolicy field under spec of a Job to Failed. In this way, pods would only be replaced when they reached the failed phase, and not when they are terminating. Additionally, you can check the .status.termination field of a Job. The value of this field is the number of pods owned by the Job that are currently terminating.
                                                                                                                                                                                    
-
                                                                                                                                                                                  • Backoff limit per index
                                                                                                                                                                                    By default, pod failures for indexed Jobs are counted and restricted by the global limit of retries, specified by .spec.backoffLimit. This means that if there is a consistently failing index in a Job, pods specified by the Job will be restarted repeatedly until pod failures exhaust the limit. Once the limit is reached, the Job is marked failed and pods for other indexes in the Job may never be even started. In this case, the backoff limit per index configuration is useful.
                                                                                                                                                                                    
-
                                                                                                                                                                                    In Kubernetes 1.28, this feature can be enabled by turning on the JobBackoffLimitPerIndex feature gate of a cluster. With this feature gate enabled, .spec.backoffLimitPerIndex can be specified when an indexed Job is created. Only if the failures of pods with all indexes specified in this Job exceed the upper limit, pods specified by the Job will not be restarted.
                                                                                                                                                                                    
+
                                                                                                                                                                                    New and Enhanced Features
                                                                                                                                                                                    Features in alpha stage are disabled by default, those in beta stage are enabled by default, and those in GA stage are always enabled and they cannot be disabled. The function of turning on or off the features in GA stage will be removed in later Kubernetes versions. CCE policies for new features are the same as those in the community.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • The version skew policy is expanded to three versions.
                                                                                                                                                                                      Starting with control planes 1.28 and worker nodes 1.25, the Kubernetes skew policy expands the supported control plane and worker node skew to three versions. This enables annual minor version upgrades of nodes while staying on supported minor versions. For details, see Version Skew Policy.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Retroactive Default StorageClass moves to GA.
                                                                                                                                                                                      The retroactive default StorageClass assignment graduates to GA. This enhancement brings a significant improvement to how default StorageClasses are assigned to PersistentVolumeClaims (PVCs).
                                                                                                                                                                                      
+
                                                                                                                                                                                      The PV controller has been modified to automatically assign a default StorageClass to any unbound PVC with storageClassName not configured. Additionally, the PVC admission validation mechanism within the API server has been adjusted to allow changing values from an unset state to an actual StorageClass name. For details, see Retroactive default StorageClass assignment.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Native sidecar containers are introduced.
                                                                                                                                                                                      The native sidecar containers are available in alpha. Kubernetes 1.28 adds restartPolicy to Init containers. This field is available when the SidecarContainers feature gate is enabled. However, there are still some problems to be solved in the native sidecar containers. Therefore, the Kubernetes community recommends only using this feature gate in short lived testing clusters at the alpha phase. For details, see Introducing native sidecar containers.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Mixed version proxy is introduced.
                                                                                                                                                                                      A new mechanism (mixed version proxy) is released to improve cluster upgrade. It is an alpha feature in Kubernetes 1.28. When a cluster undergoes an upgrade, API servers of different versions in the cluster can serve different sets (groups, versions, or resources) of built-in resources. A resource request made in this scenario may be served by any of the available API servers, potentially resulting in the request ending up at an API server that may not be aware of the requested resource. As a result, the request fails. This feature can solve this problem. (Note that CCE provides hitless upgrade. Therefore, this feature is not used in CCE clusters.) For details, see A New (alpha) Mechanism For Safer Cluster Upgrades.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Non-graceful node shutdown moves to GA.
                                                                                                                                                                                      The non-graceful node shutdown is now GA in Kubernetes 1.28. When a node was shut down and that shutdown was not detected by the Kubelet's Node Shutdown Manager, the StatefulSet pods that run on this node will stay in the terminated state and cannot be moved to a running node. If you have confirmed that the shutdown node is unrecoverable, you can add an out-of-service taint to the node. This ensures that the StatefulSet pods and VolumeAttachments on this node can be forcibly deleted and the corresponding pods will be created on a healthy node. For details, see Non-Graceful Node Shutdown Moves to GA.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • NodeSwap moves to beta.
                                                                                                                                                                                      Support for NodeSwap goes to beta in Kubernetes 1.28. NodeSwap is disabled by default and can be enabled using the NodeSwap feature gate. NodeSwap allows you to configure swap memory usage for Kubernetes workloads running on Linux on a per-node basis. Note that although NodeSwap has reached beta, there are still some problems to be solved and security risks to be enhanced. For details, see Beta Support for Using Swap on Linux.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Two Job-related features are added.
                                                                                                                                                                                      Two alpha features are introduced: delayed creation of replacement pods and backoff limit per index.
                                                                                                                                                                                      
+
                                                                                                                                                                                      • Delayed creation of replacement pods
                                                                                                                                                                                        By default, when a pod enters the terminating state (for example, due to the preemption or eviction), Kubernetes immediately creates a replacement pod. Therefore, both pods are running concurrently.
                                                                                                                                                                                        
+
                                                                                                                                                                                        In Kubernetes 1.28, this feature can be enabled by turning on the JobPodReplacementPolicy feature gate. With this feature gate enabled, you can set the podReplacementPolicy field under spec of a Job to Failed. In this way, pods would only be replaced when they reached the failed phase, and not when they are terminating. Additionally, you can check the .status.termination field of a job. The value of this field is the number of pods owned by the Job that are currently terminating.
                                                                                                                                                                                        
+
                                                                                                                                                                                      • Backoff limit per index
                                                                                                                                                                                        By default, pod failures for indexed jobs are recorded and restricted by the global limit of retries, specified by .spec.backoffLimit. This means that if there is a consistently failing index in a job, pods specified by the job will be restarted repeatedly until pod failures exhaust the limit. Once the limit is reached, the Job is marked failed and pods for other indexes in the Job may never be even started.
                                                                                                                                                                                        
+
                                                                                                                                                                                        In Kubernetes 1.28, this feature can be enabled by turning on the JobBackoffLimitPerIndex feature gate of a cluster. With this feature gate enabled, .spec.backoffLimitPerIndex can be specified when an indexed Job is created. Only if the failures of pods with all indexes specified in this Job exceed the upper limit, pods specified by the Job will not be restarted.
                                                                                                                                                                                        
 
                                                                                                                                                                                      
-
                                                                                                                                                                                    • Some Common Expression Language (CEL) related features are improved.
                                                                                                                                                                                      CEL related capabilities are enhanced.
                                                                                                                                                                                      
-
                                                                                                                                                                                      • CEL used to validate CustomResourceDefinitions (CRDs) moves to beta.
                                                                                                                                                                                        This feature has been upgraded to beta since Kubernetes 1.25. By embedding CEL expressions into CRDs, developers can solve most of the CR validation use cases without using webhooks. More CEL functions, such as support for default value and CRD conversion, will be developed in later Kubernetes versions.
                                                                                                                                                                                        
-
                                                                                                                                                                                      • CEL admission control graduates to beta.
                                                                                                                                                                                        CEL admission control is customizable. With CEL expressions, you can decide whether to accept or reject requests received by kube-apiserver. CEL expressions can also serve as a substitute for admission webhooks. Kubernetes 1.28 has upgraded CEL admission control to beta and introduced new functions, such as:
                                                                                                                                                                                        
-
                                                                                                                                                                                        • ValidatingAdmissionPolicy can correctly handle the authorizer variable.
                                                                                                                                                                                        • ValidatingAdmissionPolicy can have the messageExpression field checked.
                                                                                                                                                                                        • The ValidatingAdmissionPolicy controller is added to kube-controller-manager to check the type of the CEL expression in ValidatingAdmissionPolicy and save the reason in the status field.
                                                                                                                                                                                        • CEL expressions can contain a combination of one or more variables, which can be defined in ValidatingAdmissionPolicy. These variables can be used to define other variables.
                                                                                                                                                                                        • CEL library functions can be used to parse resources specified by resource.Quantity in Kubernetes.
                                                                                                                                                                                        
+
                                                                                                                                                                                      • Some Common Expression Language (CEL) related features are improved.
                                                                                                                                                                                        CEL related capabilities are enhanced.
                                                                                                                                                                                        
+
                                                                                                                                                                                        • CEL used to validate CustomResourceDefinitions (CRDs) moves to beta.
                                                                                                                                                                                          This feature has been upgraded to beta since Kubernetes 1.25. By embedding CEL expressions into CRDs, developers can solve most of the CR validation use cases without using webhooks. More CEL functions, such as support for default value and CRD conversion, will be developed in later Kubernetes versions.
                                                                                                                                                                                          
+
                                                                                                                                                                                        • CEL admission control graduates to beta.
                                                                                                                                                                                          CEL admission control is customizable. With CEL expressions, you can decide whether to accept or reject requests received by kube-apiserver. CEL expressions can also serve as a substitute for admission webhooks. Kubernetes 1.28 has upgraded CEL admission control to beta and introduced new functions, such as:
                                                                                                                                                                                          
+
                                                                                                                                                                                          • ValidatingAdmissionPolicy can correctly handle the authorizer variable.
                                                                                                                                                                                          • ValidatingAdmissionPolicy can have the messageExpression field checked.
                                                                                                                                                                                          • The ValidatingAdmissionPolicy controller is added to kube-controller-manager to check the type of the CEL expression in ValidatingAdmissionPolicy and save the reason in the status field.
                                                                                                                                                                                          • CEL expressions can contain a combination of one or more variables, which can be defined in ValidatingAdmissionPolicy. These variables can be used to define other variables.
                                                                                                                                                                                          • CEL library functions can be used to parse resources specified by resource.Quantity in Kubernetes.
                                                                                                                                                                                          
 
                                                                                                                                                                                        
-
                                                                                                                                                                                      • Other features
                                                                                                                                                                                        • The ServiceNodePortStaticSubrange feature gate moves to beta. With this feature enabled, static port range can be reserved to avoid conflicts with dynamically allocated ports. For details, see Avoiding Collisions Assigning Ports to NodePort Services.
                                                                                                                                                                                        • The alpha feature ConsistentListFromCache is added to allow the API server to serve consistent lists from cache. Get and list requests can read data from the cache instead of etcd.
                                                                                                                                                                                        • In Kubernetes 1.28, kubelet can configure the drop-in directory (alpha). This feature allows you to add support for the --config-dir flag to kubelet so that you can specify an insert directory that overwrites the kubelet configuration in /etc/kubernetes/kubelet.conf.
                                                                                                                                                                                        • ExpandedDNSConfig moves to GA and is enabled by default. With this feature enabled, DNS configurations can be expanded.
                                                                                                                                                                                        • The alpha feature CRDValidationRatcheting is added. This feature allows CRs with failing validations to pass if a Patch or Update request does not alter any of the invalid fields.
                                                                                                                                                                                        • --concurrent-cron-job-syncs is added to kube-controller-manager to configure the number of workers for the cron job controller.
                                                                                                                                                                                        
+
                                                                                                                                                                                      • Other features
                                                                                                                                                                                        • The ServiceNodePortStaticSubrange feature gate moves to beta. With this feature enabled, static port range can be reserved to avoid conflicts with dynamically allocated ports. For details, see Avoiding Collisions Assigning Ports to NodePort Services.
                                                                                                                                                                                        • The alpha feature ConsistentListFromCache is added to allow the API server to serve consistent lists from cache. Get and list requests can read data from the cache instead of etcd.
                                                                                                                                                                                        • In Kubernetes 1.28, kubelet can configure the drop-in directory (alpha). This feature allows you to add support for the --config-dir flag to kubelet so that you can specify an insert directory that overwrites the kubelet configuration in /etc/kubernetes/kubelet.conf.
                                                                                                                                                                                        • ExpandedDNSConfig moves to GA and is enabled by default. With this feature enabled, DNS configurations can be expanded.
                                                                                                                                                                                        • The alpha feature CRDValidationRatcheting is added. This feature allows CRs with failing validations to pass if a Patch or Update request does not alter any of the invalid fields.
                                                                                                                                                                                        • --concurrent-cron-job-syncs is added to kube-controller-manager to configure the number of workers for the cron job controller.
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    API Changes and Removals
                                                                                                                                                                                    • NetworkPolicyStatus is removed. There is no status attribute in a network policy.
                                                                                                                                                                                    • annotationbatch.kubernetes.io/cronJob-scheduled-timestamp is added to Job objects to indicate the creation time of a Job.
                                                                                                                                                                                    • The podReplacementPolicy and terminating fields are added to Job APIs. With these fields specified, once a previously created pod is terminated in a Job, the Job immediately starts a new pod to replace the pod. The new fields allow you to specify whether to replace the pod immediately after the previous pod is terminated (original behavior) or replace the pod after the existing pod is completely terminated (new behavior). This is an alpha feature, and you can enable it by turning on the JobPodReplacementPolicy feature gate in your cluster.
                                                                                                                                                                                    • The BackoffLimitPerIndex field is available in a Job. Pods specified by a Job share a backoff mechanism. When backoff times of the Job reach the limit, this Job is marked as failed and resources, including indexes that are not running, are cleared up. This field allows you to configure backoff limit for a single index. For details, see Backoff limit per index.
                                                                                                                                                                                    • The ServedVersions field is added to the StorageVersion API. This change is introduced by mixed version proxy. The new field is used to indicate a version that can be provided by the API server.
                                                                                                                                                                                    • SelfSubjectReview is added to authentication.k8s.io/v1, and kubectl auth whoami goes to GA.
                                                                                                                                                                                    • LastPhaseTransitionTime is added to PersistentVolume. The new field is used to store the last time when a volume changes to a different phase.
                                                                                                                                                                                    • resizeStatus in PVC.Status is replaced by AllocatedResourceStatus. The new field indicates the statuses of the storage resize operation. The default value is an empty string.
                                                                                                                                                                                    • If hostNetwork is set to true and ports are specified for a pod, the hostport field will be automatically configured.
                                                                                                                                                                                    • StatefulSet pods have the pod index set as a pod label statefulset.kubernetes.io/pod-index.
                                                                                                                                                                                    • PodHasNetwork in the Condition field of pods has been renamed to PodReadyToStartContainers. The new field specifies that containers are ready to start after the network, volumes, and sandbox pod have been created.
                                                                                                                                                                                    • A new configuration option delayCacheUntilActive is added to KubeSchedulerConfiguration. If delayCacheUntilActive is set to true, kube-scheduler on the leader will not cache scheduling information. This reduces the memory pressure of other master nodes, but slows down the failover speed after the leader failed.
                                                                                                                                                                                    • The namespaceParamRef field is added to admissionregistration.k8s.io/v1alpha1.ValidatingAdmissionPolicy.
                                                                                                                                                                                    • The reason and fieldPath fields are added to CRD validation rules to allow you to specify reason and field path after verification failed.
                                                                                                                                                                                    • The CEL expression of ValidatingAdmissionPolicy supports namespace access via namespaceObject.
                                                                                                                                                                                    • API groups ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding are promoted to betav1.
                                                                                                                                                                                    • A ValidatingAdmissionPolicy now has its messageExpression field checked against resolved types.
                                                                                                                                                                                    
+
                                                                                                                                                                                    API Changes and Removals
                                                                                                                                                                                    • NetworkPolicyStatus is removed. There is no status attribute in a network policy.
                                                                                                                                                                                    • annotationbatch.kubernetes.io/cronJob-scheduled-timestamp is added to Job objects to indicate the creation time of a Job.
                                                                                                                                                                                    • The podReplacementPolicy and terminating fields are added to Job APIs. With these fields specified, once a previously created pod is terminated in a Job, the Job immediately starts a new pod to replace the pod. The new fields allow you to specify whether to replace the pod immediately after the previous pod is terminated (original behavior) or replace the pod after the existing pod is completely terminated (new behavior). This is an alpha feature, and you can enable it by turning on the JobPodReplacementPolicy feature gate in your cluster.
                                                                                                                                                                                    • The BackoffLimitPerIndex field is available in a Job. Pods specified by a Job share a backoff mechanism. When backoff times of the Job reach the limit, this Job is marked as failed and resources, including indexes that are not running, are cleared up. This field allows you to configure backoff limit for a single index. For details, see Backoff limit per index.
                                                                                                                                                                                    • The ServedVersions field is added to the StorageVersion API. This change is introduced by mixed version proxy. The new field is used to indicate a version that can be provided by the API server.
                                                                                                                                                                                    • SelfSubjectReview is added to authentication.k8s.io/v1, and kubectl auth whoami goes to GA.
                                                                                                                                                                                    • LastPhaseTransitionTime is added to PersistentVolume. The new field is used to store the last time when a volume changes to a different phase.
                                                                                                                                                                                    • resizeStatus in PVC.Status is replaced by AllocatedResourceStatus. The new field indicates the statuses of the storage resize operation. The default value is an empty string.
                                                                                                                                                                                    • If hostNetwork is set to true and ports are specified for a pod, the hostport field will be automatically configured.
                                                                                                                                                                                    • StatefulSet pods have the pod index set as a pod label statefulset.kubernetes.io/pod-index.
                                                                                                                                                                                    • PodHasNetwork in the Condition field of pods has been renamed to PodReadyToStartContainers. The new field specifies that containers are ready to start after the network, volumes, and sandbox pod have been created.
                                                                                                                                                                                    • A new configuration option delayCacheUntilActive is added to KubeSchedulerConfiguration. If delayCacheUntilActive is set to true, kube-scheduler on the leader will not cache scheduling information. This reduces the memory pressure of other master nodes, but slows down the failover speed after the leader failed.
                                                                                                                                                                                    • The namespaceParamRef field is added to admissionregistration.k8s.io/v1alpha1.ValidatingAdmissionPolicy.
                                                                                                                                                                                    • The reason and fieldPath fields are added to CRD validation rules to allow you to specify reason and field path after verification failed.
                                                                                                                                                                                    • The CEL expression of ValidatingAdmissionPolicy supports namespace access via namespaceObject.
                                                                                                                                                                                    • API groups ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding are promoted to betav1.
                                                                                                                                                                                    • A ValidatingAdmissionPolicy now has its messageExpression field checked against resolved types.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    Feature Gate and Command Line Parameter Changes and Removals
                                                                                                                                                                                    • –short is removed from kubelet. Therefore, the default output of kubectl version is the same as that of kubectl version –short.
                                                                                                                                                                                    • --volume-host-cidr-denylist and --volume-host-allow-local-loopback are removed from kube-controller-manager. --volume-host-cidr-denylist is a comma-separated list of CIDR ranges. Volume plugins at these IP addresses are not allowed. If --volume-host-allow-local-loopback is set to false, the local loopback IP address and the CIDR ranges specified in --volume-host-cidr-denylist are disabled.
                                                                                                                                                                                    • --azure-container-registry-config is deprecated in kubelet and will be deleted in later Kubernetes versions. Use --image-credential-provider-config and --image-credential-provider-bin-dir instead.
                                                                                                                                                                                    • --lock-object-namespace and --lock-object-name are removed from kube-scheduler. Use --leader-elect-resource-namespace and --leader-elect-resource-name or ComponentConfig instead. (--lock-object-namespace is used to define the namespace of a lock object, and --lock-object-name is used to define the name of a lock object.)
                                                                                                                                                                                    • KMS v1 is deprecated and will only receive security updates. Use KMS v2 instead. In later Kubernetes versions, use --feature-gates=KMSv1=true to configure a KMS v1 provider.
                                                                                                                                                                                    • The DelegateFSGroupToCSIDriver, DevicePlugins, KubeletCredentialProviders, MixedProtocolLBService, ServiceInternalTrafficPolicy, ServiceIPStaticSubrange, and EndpointSliceTerminatingCondition feature gates are removed.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Feature Gate and Command Line Parameter Changes and Removals
                                                                                                                                                                                    • –short is removed from kubelet. Therefore, the default output of kubectl version is the same as that of kubectl version –short.
                                                                                                                                                                                    • --volume-host-cidr-denylist and --volume-host-allow-local-loopback are removed from kube-controller-manager. --volume-host-cidr-denylist is a comma-separated list of CIDR ranges. Volume plugins at these IP addresses are not allowed. If --volume-host-allow-local-loopback is set to false, the local loopback IP address and the CIDR ranges specified in --volume-host-cidr-denylist are disabled.
                                                                                                                                                                                    • --azure-container-registry-config is deprecated in kubelet and will be deleted in later Kubernetes versions. Use --image-credential-provider-config and --image-credential-provider-bin-dir instead.
                                                                                                                                                                                    • --lock-object-namespace and --lock-object-name are removed from kube-scheduler. Use --leader-elect-resource-namespace and --leader-elect-resource-name or ComponentConfig instead. (--lock-object-namespace is used to define the namespace of a lock object, and --lock-object-name is used to define the name of a lock object.)
                                                                                                                                                                                    • KMS v1 is deprecated and will only receive security updates. Use KMS v2 instead. In later Kubernetes versions, use --feature-gates=KMSv1=true to configure a KMS v1 provider.
                                                                                                                                                                                    • The DelegateFSGroupToCSIDriver, DevicePlugins, KubeletCredentialProviders, MixedProtocolLBService, ServiceInternalTrafficPolicy, ServiceIPStaticSubrange, and EndpointSliceTerminatingCondition feature gates are removed.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    Enhanced Kubernetes 1.28 on CCE
                                                                                                                                                                                    During a version maintenance period, CCE periodically updates Kubernetes 1.28 and provides enhanced functions.
                                                                                                                                                                                    
-
                                                                                                                                                                                    For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Enhanced Kubernetes 1.28 on CCE
                                                                                                                                                                                    During a version maintenance period, CCE periodically updates Kubernetes 1.28 and provides enhanced functions.
                                                                                                                                                                                    
+
                                                                                                                                                                                    For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    References
                                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.28 and other versions, see Kubernetes v1.28 Release Notes.
                                                                                                                                                                                    
+
                                                                                                                                                                                    References
                                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.28 and other versions, see Kubernetes v1.28 Release Notes.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bulletin_0089.html b/docs/cce/umn/cce_bulletin_0089.html
new file mode 100644
index 00000000..effb5a6a
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0089.html
@@ -0,0 +1,46 @@
+
+
+
                                                                                                                                                                                    Kubernetes 1.29 Release Notes
                                                                                                                                                                                    
+
                                                                                                                                                                                    CCE allows you to create Kubernetes clusters 1.29. This section describes the changes made in Kubernetes 1.29.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Indexes
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    New and Enhanced Features
                                                                                                                                                                                    • The load balancer IP mode for Services is in the alpha state.
                                                                                                                                                                                      The load balancer IP mode for Services is promoted to alpha. Kubernetes 1.29 adds the ipMode field to the Services' status field for configuring traffic forwarding from Services within a cluster to pods. If ipMode is set to VIP, traffic delivered to a node with the destination set to the load balancer's IP address and port will be redirected to the target node by kube-proxy. If it is set to Proxy, traffic delivered to a node will be sent to the load balancer and then redirected to the target node by the load balancer. This feature addresses the issue of load balancer functions being missed due to traffic bypassing it. For details, see Load Balancer IP Mode for Services.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The nftables proxy mode is in the alpha state.
                                                                                                                                                                                      The nftables proxy mode is promoted to alpha. This feature allows kube-proxy to run in nftables mode. In this mode, kube-proxy configures packet forwarding rules using the nftables API of the kernel netfilter subsystem. For details, see nftables proxy mode.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Garbage collection for unused container images is in the alpha state.
                                                                                                                                                                                      The garbage collection for unused container images is promoted to alpha. This feature allows you to specify the maximum time a local image can be unused for each node. If the time expires, the image will be garbage collected. To configure the setting, specify the ImageMaximumGCAge field for kubelet. For details, see Garbage collection for unused container images.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • PodLifecycleSleepAction is in the alpha state.
                                                                                                                                                                                      PodLifecycleSleepAction is promoted to alpha. This feature introduces the sleep hook to the container lifecycle hooks. You can pause a container for a specified duration after it starts or before it is stopped by enabling this feature. For details, see Hook handler implementations.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • KubeletSeparateDiskGC is in the alpha state.
                                                                                                                                                                                      KubeletSeparateDiskGC is promoted to alpha. With this feature enabled, container images and containers can be garbage collected even if they are on separate file systems.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • matchLabelKeys and mismatchLabelKeys are in the alpha state.
                                                                                                                                                                                      matchLabelKeys and mismatchLabelKeys are promoted to alpha. With these features enabled, the matchLabelKeys and mismatchLabelKeys fields are added to the pod affinity and anti-affinity configurations. This allows for configurations of more affinity and anti-affinity policies between pods. For details, see matchLabelKeys and mismatchLabelKeys.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The clusterTrustBundle projected volumes are in the alpha state.
                                                                                                                                                                                      The clusterTrustBundle projected volumes are promoted to alpha. With this feature enabled, the clusterTrustBundle projected volume source injects the contents of one or more ClusterTrustBundle objects as an automatically-updating file. For details, see clusterTrustBundle projected volumes.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Pulling images based on runtime classes of pods is in the alpha state.
                                                                                                                                                                                      Pulling images based on runtime classes is promoted to alpha. With this feature enabled, the kubelet references container images by a tuple (of image name or runtime handler) rather than just the image name or digest. Your container runtime may adapt its behavior based on the selected runtime handler. Pulling images based on runtime classes will be helpful for VM based containers. For details, see Image pull per runtime class.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The PodReadyToStartContainers condition is in the beta state.
                                                                                                                                                                                      The PodReadyToStartContainers condition is promoted to beta. Kubernetes 1.29 introduces the PodReadyToStartContainers condition to the pods' status field. If it is set to true, the sandbox of a pod is ready and service containers can be created. This feature enables cluster administrators to gain a clearer and more comprehensive view of pod sandbox creation completion and container readiness. This enhanced visibility allows them to make better-informed decisions and troubleshoot issues more effectively. For details, see PodReadyToStartContainers Condition Moves to Beta.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Two Job-related features are in the beta state.
                                                                                                                                                                                      • Pod replacement policy (beta)
                                                                                                                                                                                        The pod replacement policy feature moves to beta. This feature ensures that a pod is replaced only when it reaches the Failed state, which means that status.phase becomes Failed. It does not recreate a pod when the deletion timestamp is not empty and the pod is still being deleted. This prevents two pods from occupying index and node resources concurrently.
                                                                                                                                                                                        
+
                                                                                                                                                                                      • Backoff limit per index (beta)
                                                                                                                                                                                        The backoff limit per index moves to beta. By default, pod failures for indexed jobs are counted and restricted by the global limit of retries, specified by .spec.backoffLimit. This means that if there is a consistently failing index in a job, pods specified by the job will be restarted repeatedly until pod failures exhaust the limit. Once the limit is reached, the job is marked failed and pods for other indexes in the job may never be even started. The feature allows you to complete execution of all indexes, despite some indexes failing, and to better use the computing resources by avoiding unnecessary retries of consistently failing indexes.
                                                                                                                                                                                        
+
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Native sidecar containers are in the beta state.
                                                                                                                                                                                      Native sidecar containers are promoted to beta. The restartPolicy field is added to initContainers. When this field is set to Always, the sidecar container is enabled. The sidecar container and service container are deployed in the same pod. This cannot prolong the pod lifecycle. Sidecar containers are commonly used in scenarios such as network proxy and log collection. For details, see Sidecar Containers.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The legacy ServiceAccount token cleaner is in the beta state.
                                                                                                                                                                                      Legacy ServiceAccount token cleaner is promoted to beta. It runs as part of kube-controller-manager and checks every 24 hours to see if any auto-generated legacy ServiceAccount token has not been used in a specific amount of time (one year by default, specified by --legacy-service-account-token-clean-up-period). If so, the cleaner marks those tokens as invalid and adds the kubernetes.io/legacy-token-invalid-since label whose value is the current date. If an invalid token is not used for a specific period of time (one year by default, specified by --legacy-service-account-token-clean-up-period), the cleaner deletes it. For details, see Legacy ServiceAccount Token Cleaner.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • DevicePluginCDIDevices is in the beta state.
                                                                                                                                                                                      DevicePluginCDIDevices moves to beta. With this feature enabled, plugin developers can use the CDIDevices field added to DeviceRunContainerOptions to pass CDI device names directly to CDI enabled runtimes.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • PodHostIPs is in the beta state.
                                                                                                                                                                                      The PodHostIPs feature moves to beta. With this feature enabled, Kubernetes adds the hostIPs field to Status of pods and downward API to expose node IP addresses to workloads. This field specifies the dual-stack protocol version of the host IP address. The first IP address is always the same as the host IP address.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The API Priority and Fairness feature (APF) is in the General Availability (GA) state.
                                                                                                                                                                                      APF moves to GA. APF classifies and isolates requests in a more fine-grained way. It improves max-inflight limitations. It also introduces a limited amount of queuing, so that the API server does not reject any request in cases of very brief bursts. Requests are dispatched from queues using a fair queuing technique so that, for example, a poorly-behaved controller does not cause others (even at the same priority level) to become abnormal. For details, see API Priority and Fairness.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • APIListChunking is in the GA state.
                                                                                                                                                                                      The APIListChunking feature moves to GA. This feature allows clients to perform pagination in List requests to avoid performance problems caused by returning too much data at a time.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • ServiceNodePortStaticSubrange is in the GA state.
                                                                                                                                                                                      The ServiceNodePortStaticSubrange feature moves to GA. With this feature enabled, kubelet calculates the size of reserved IP addresses based on the ranges of the NodePort Services and divides node ports into static band and dynamic band. During automatic node port assignment, dynamic band is preferentially assigned, which helps avoid port conflicts during static band assignment. For details, see ServiceNodePortStaticSubrange.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The phase transition timestamp of PersistentVolume (PV) is in the beta state.
                                                                                                                                                                                      The PV phase transition timestamp moves to beta. With this feature enabled, Kubernetes adds the lastPhaseTransitionTime field to the status field of a PV to indicate the time when the PV phase changes last time. Cluster administrators are now able to track the last time a PV transitioned to a different phase, allowing for more efficient and informed resource management. For details, see PersistentVolume Last Phase Transition Time in Kubernetes.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • ReadWriteOncePod is in the GA state.
                                                                                                                                                                                      The ReadWriteOncePod feature moves to GA. With this feature enabled, you can set the access mode to ReadWriteOncePod in a PersistentVolumeClaim (PVC) to ensure that only one pod can modify data in the volume at a time. This can prevent data conflicts or damage. For details, see ReadWriteOncePod.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • CSINodeExpandSecret is in the GA state.
                                                                                                                                                                                      The CSINodeExpandSecret feature moves to GA. This feature allows secret authentication data to be passed to a CSI driver for use when a node is added.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The Common Expression Language (CEL)-based CRD verification capability is in the GA state.
                                                                                                                                                                                      The CEL-based CRD verification capability moves to GA. With this feature enabled, you are allowed to use the CEL to define validation rules in CRDs, which are more efficient than webhook. For details, see CRD verification rules.
                                                                                                                                                                                      
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    API Changes and Removals
                                                                                                                                                                                    • The time zone of a newly created cron job cannot be configured using TZ or CRON_TZ in .spec.schedule. Use .spec.timeZone instead. Cron jobs that have been created are not affected by this change.
                                                                                                                                                                                    • The alpha API ClusterCIDR is removed.
                                                                                                                                                                                    • The startup parameter --authentication-config is added to kube-apiserver to specify the address of the AuthenticationConfiguration file. This startup parameter is mutually exclusive with the --oidc-* startup parameter.
                                                                                                                                                                                    • The API version kubescheduler.config.k8s.io/v1beta3 of KubeSchedulerConfiguration is removed. Migrate kube-scheduler configuration files to kubescheduler.config.k8s.io/v1.
                                                                                                                                                                                    • The CEL expressions are added to v1alpha1 AuthenticationConfiguration.
                                                                                                                                                                                    • The ServiceCIDR type is added. It allows you to dynamically configure the IP address range used by a cluster to allocate the Service ClusterIPs.
                                                                                                                                                                                    • The startup parameters --conntrack-udp-timeout and --conntrack-udp-timeout-stream are added to kube-proxy. They are options for configuring the kernel parameters nf_conntrack_udp_timeout and nf_conntrack_udp_timeout_stream.
                                                                                                                                                                                    • Support for CEL expressions is added to WebhookMatchCondition of v1alpha1 AuthenticationConfiguration.
                                                                                                                                                                                    • The type of PVC.spec.Resource is changed from ResourceRequirements to VolumeResourceRequirements.
                                                                                                                                                                                    • onPodConditions in PodFailurePolicyRule is marked as optional.
                                                                                                                                                                                    • The API version flowcontrol.apiserver.k8s.io/v1beta3 of FlowSchema and PriorityLevelConfiguration has been promoted to flowcontrol.apiserver.k8s.io/v1, and the following changes have been made:
                                                                                                                                                                                      • PriorityLevelConfiguration: The .spec.limited.nominalConcurrencyShares field defaults to 30 if the field is omitted. To ensure compatibility with 1.28 API servers, specifying an explicit 0 value is not allowed in the v1 version in 1.29. In 1.30, explicit 0 values will be allowed in this field in the v1 API. The flowcontrol.apiserver.k8s.io/v1beta3 APIs are deprecated and will no longer be served in 1.32.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • The kube-proxy command line document is updated. kube-proxy does not bind any socket to the IP address specified by --bind-address.
                                                                                                                                                                                    • The selectorSpread scheduler plugin is replaced by podTopologySpread.
                                                                                                                                                                                    • If CSI-Node-Driver is not running, NodeStageVolume calls will be retried.
                                                                                                                                                                                    • ValidatingAdmissionPolicy type checking now supports CRDs. To use this feature, the ValidatingAdmissionPolicy feature gate must be enabled.
                                                                                                                                                                                    • The startup parameter --nf-conntrack-tcp-be-liberal is added to kube-proxy. You can configure it by setting the kernel parameter nf_conntrack_tcp_be_liberal.
                                                                                                                                                                                    • The startup parameter --init-only is added to kube-proxy. Setting the flag makes kube-proxy init container run in the privileged mode, perform its initial configuration, and then exit.
                                                                                                                                                                                    • The fileSystem field of container is added to the response body of CRI. It specifies the file system usage of a container. Originally, the fileSystem field contains only the file system of the container images.
                                                                                                                                                                                    • All built-in cloud providers are disabled by default. If you still need to use them, you can configure the DisableCloudProviders and DisableKubeletCloudCredentialProvider feature gates to disable or enable cloud providers.
                                                                                                                                                                                    • --node-ips can be used in kubelet to configure IPv4/IPv6 dual-stack. If --cloud-provider is set to external, you are allowed to use --node-ips to configure IPv4/IPv6 dual-stack for node IP addresses. To use --node-ips, you need to enable the CloudDualStackNodeIPs feature gate.
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    Enhanced Kubernetes 1.29 on CCE
                                                                                                                                                                                    During a version maintenance period, CCE periodically updates Kubernetes 1.29 and provides enhanced functions.
                                                                                                                                                                                    
+
                                                                                                                                                                                    For details about cluster version updates, see Patch Versions.
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    References
                                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.29 and other versions, see Kubernetes v1.29 Release Notes.
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    Parent topic: Kubernetes Version Release Notes
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_faq_0000.html b/docs/cce/umn/cce_faq_0000.html
index 41b1c529..2c67746a 100644
--- a/docs/cce/umn/cce_faq_0000.html
+++ b/docs/cce/umn/cce_faq_0000.html
@@ -34,8 +34,6 @@
 
                                                                                                                                                                                    • 
 
                                                                                                                                                                                  • Permissions
                                                                                                                                                                                    
 
                                                                                                                                                                                    • 
-
                                                                                                                                                                                  • Reference
                                                                                                                                                                                    
-
                                                                                                                                                                                    • 
 
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00001.html b/docs/cce/umn/cce_faq_00001.html
index 09a74172..94c36ba7 100644
--- a/docs/cce/umn/cce_faq_00001.html
+++ b/docs/cce/umn/cce_faq_00001.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Workload Management
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Networking
                                                                                                                                                                                Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
                                                                                                                                                                                
-
                                                                                                                                                                                What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
                                                                                                                                                                                
-
                                                                                                                                                                                How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
                                                                                                                                                                                
+
                                                                                                                                                                                Networking
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00012.html b/docs/cce/umn/cce_faq_00012.html
index 4e122db4..301b6aef 100644
--- a/docs/cce/umn/cce_faq_00012.html
+++ b/docs/cce/umn/cce_faq_00012.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                Cause:
                                                                                                                                                                                The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                Delete the enable field or set it to true.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00015.html b/docs/cce/umn/cce_faq_00015.html
index 71f420f5..ec327097 100644
--- a/docs/cce/umn/cce_faq_00015.html
+++ b/docs/cce/umn/cce_faq_00015.html
@@ -102,7 +102,7 @@ spec:
 
                                                                                                                                                                                Failed create pod sandbox: rpc error: code = Unknown desc = failed to create a sandbox for pod "nginx-6dc48bf8b6-l8xrw": Error response from daemon: mkdir xxxxx: no space left on device
                                                                                                                                                                                
 
                                                                                                                                                                                Run the following command to obtain the disk space for storing images on a node:
                                                                                                                                                                                
 
                                                                                                                                                                                lvs
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                Solution 1: Clearing images
                                                                                                                                                                                
 
                                                                                                                                                                                Perform the following operations to clear unused images:
                                                                                                                                                                                • Nodes that use containerd
                                                                                                                                                                                  1. Obtain local images on the node.
                                                                                                                                                                                    crictl images -v
                                                                                                                                                                                    
 
                                                                                                                                                                                  2. Delete the images that are not required by image ID.
                                                                                                                                                                                    crictl rmi Image ID
                                                                                                                                                                                    
@@ -116,19 +116,34 @@ spec:
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution 2: Expanding the disk capacity
                                                                                                                                                                                
 
                                                                                                                                                                                To expand a disk capacity, perform the following steps:
                                                                                                                                                                                
-
                                                                                                                                                                                1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                                4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                    1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                      Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                      
+
                                                                                                                                                                                    2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                    3. Log in to the target node.
                                                                                                                                                                                    4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                      A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                        
-
                                                                                                                                                                                        Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                        
-
                                                                                                                                                                                        pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                      3. Expand the disk capacity.
                                                                                                                                                                                        Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                          
+
                                                                                                                                                                                        2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                          lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                          
+
                                                                                                                                                                                        3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                          resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
+old_desc_blocks = 12, new_desc_blocks = 24
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                          
+
                                                                                                                                                                                        
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -141,13 +156,32 @@ vda                                   8:0    0   50G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                        
-
                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                          
-
                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
-
                                                                                                                                                                                        
-
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Expand the disk capacity.
                                                                                                                                                                                  Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
+Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                    resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
+old_desc_blocks = 4, new_desc_blocks = 16
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                    
+
                                                                                                                                                                                  
+
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Check Item 5: Whether the Remote Image Repository Uses an Unknown or Insecure Certificate
                                                                                                                                                                                When a pod pulls an image from a third-party image repository that uses an unknown or insecure certificate, the image fails to be pulled from the node. The pod event list contains the event "Failed to pull the image" with the cause "x509: certificate signed by unknown authority".
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00018.html b/docs/cce/umn/cce_faq_00018.html
index 635db8fe..41d8b394 100644
--- a/docs/cce/umn/cce_faq_00018.html
+++ b/docs/cce/umn/cce_faq_00018.html
@@ -62,11 +62,11 @@
 
                                                                                                                                                                                In addition to the preceding possible causes, there are some other possible causes:
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                Check Item 1: Whether There Are Processes that Keep Running in the Container (Exit Code: 0)
                                                                                                                                                                                1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                2. View the container status.
                                                                                                                                                                                  docker ps -a | grep $podName
                                                                                                                                                                                  
 
                                                                                                                                                                                  Example:
                                                                                                                                                                                  
-
                                                                                                                                                                                  
+
                                                                                                                                                                                  
 
                                                                                                                                                                                  If no running process exists in the container, the status code Exited (0) is displayed.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
@@ -77,7 +77,7 @@
 
                                                                                                                                                                                Check Item 3: Whether the Container Disk Space Is Insufficient
                                                                                                                                                                                The following message refers to the thin pool disk that is allocated from the Docker disk selected during node creation. You can run the lvs command as user root to view the current disk usage.
                                                                                                                                                                                
 
                                                                                                                                                                                Thin Pool has 15991 free data blocks which are less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                
 
                                                                                                                                                                                Solution 1: Clearing images
                                                                                                                                                                                
 
                                                                                                                                                                                Perform the following operations to clear unused images:
                                                                                                                                                                                • Nodes that use containerd
                                                                                                                                                                                  1. Obtain local images on the node.
                                                                                                                                                                                    crictl images -v
                                                                                                                                                                                    
@@ -92,19 +92,34 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution 2: Expanding the disk capacity
                                                                                                                                                                                
 
                                                                                                                                                                                To expand a disk capacity, perform the following steps:
                                                                                                                                                                                
-
                                                                                                                                                                                1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                                4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                    1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                      Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                      
+
                                                                                                                                                                                    2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                    3. Log in to the target node.
                                                                                                                                                                                    4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                      A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                        
-
                                                                                                                                                                                        Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                        
-
                                                                                                                                                                                        pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                      3. Expand the disk capacity.
                                                                                                                                                                                        Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                          
+
                                                                                                                                                                                        2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                          lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                          
+
                                                                                                                                                                                        3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                          resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
+old_desc_blocks = 12, new_desc_blocks = 24
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                          
+
                                                                                                                                                                                        
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -117,18 +132,37 @@ vda                                   8:0    0   50G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                        
-
                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                          
-
                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
-
                                                                                                                                                                                        
-
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Expand the disk capacity.
                                                                                                                                                                                  Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
+Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                    resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
+old_desc_blocks = 4, new_desc_blocks = 16
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                    
+
                                                                                                                                                                                  
+
                                                                                                                                                                                Check Item 4: Whether the Upper Limit of Container Resources Has Been Reached
                                                                                                                                                                                If the upper limit of container resources has been reached, OOM will be displayed in the event details as well as in the log:
                                                                                                                                                                                
 
                                                                                                                                                                                cat /var/log/messages | grep 96feb0a425d6 | grep oom
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                When a workload is created, if the requested resources exceed the configured upper limit, the system OOM is triggered and the container exits unexpectedly.
                                                                                                                                                                                
 
                                                                                                                                                                                Check Item 5: Whether the Resource Limits Are Improperly Configured for the Container
                                                                                                                                                                                If the resource limits set for the container during workload creation are less than required, the container fails to be restarted.
                                                                                                                                                                                
@@ -136,7 +170,7 @@ resize2fs /dev/vgpaas/dockersys
 
                                                                                                                                                                                Check Item 6: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                  docker ps -a | grep $podName
                                                                                                                                                                                  
 
                                                                                                                                                                                3. View the logs of the corresponding container.
                                                                                                                                                                                  docker logs $containerID
                                                                                                                                                                                  
 
                                                                                                                                                                                  Rectify the fault of the workload based on logs. As shown in the following figure, container ports in the same pod conflict. As a result, the container fails to be started.
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                
 
                                                                                                                                                                                Re-create the workload and set a port number that is not used by any other pod.
                                                                                                                                                                                
@@ -150,7 +184,7 @@ resize2fs /dev/vgpaas/dockersys
 
                                                                                                                                                                                # echo -n "Content to be encoded" | base64
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Check Item 8: Whether the Container Startup Command Is Correctly Configured
                                                                                                                                                                                The error messages are as follows:
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                
 
                                                                                                                                                                                Click the workload name to go to the workload details page, click the Containers tab. Choose Lifecycle, click Startup Command, and ensure that the command is correct.
                                                                                                                                                                                
 
                                                                                                                                                                                
@@ -158,7 +192,7 @@ resize2fs /dev/vgpaas/dockersys
 
                                                                                                                                                                                1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                  docker ps -a | grep $podName
                                                                                                                                                                                  
 
                                                                                                                                                                                3. View the logs of the corresponding container.
                                                                                                                                                                                  docker logs $containerID
                                                                                                                                                                                  
 
                                                                                                                                                                                  Note: In the preceding command, containerID indicates the ID of the container that has exited.
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 3 Incorrect startup command of the container
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 3 Incorrect startup command of the container
                                                                                                                                                                                  
 
                                                                                                                                                                                  As shown in the figure above, the container fails to be started due to an incorrect startup command. For other errors, rectify the bugs based on the logs.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00020.html b/docs/cce/umn/cce_faq_00020.html
index 20793172..98d5d7cc 100644
--- a/docs/cce/umn/cce_faq_00020.html
+++ b/docs/cce/umn/cce_faq_00020.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                A node is running properly and has GPU resources. However, the following error information is displayed:
                                                                                                                                                                                
 
                                                                                                                                                                                0/9 nodes are available: 9 insufficient nvidia.com/gpu
                                                                                                                                                                                
 
                                                                                                                                                                                Analysis
                                                                                                                                                                                
-
                                                                                                                                                                                1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                  2. Check whether the NVIDIA driver is running properly.
                                                                                                                                                                                    Log in to the node where the add-on is running and view the driver installation log in the following path:
                                                                                                                                                                                    /opt/cloud/cce/nvidia/nvidia_installer.log
                                                                                                                                                                                    
 
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00037.html b/docs/cce/umn/cce_faq_00037.html
index 6973bdd1..85b6e656 100644
--- a/docs/cce/umn/cce_faq_00037.html
+++ b/docs/cce/umn/cce_faq_00037.html
@@ -4,9 +4,11 @@
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                      
+
                                                                                                                                                                                    • How Do I Expand the Storage Capacity of a Container?
                                                                                                                                                                                      
+
                                                                                                                                                                                      • 
 
                                                                                                                                                                                    • What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mounting?
                                                                                                                                                                                      
 
                                                                                                                                                                                      • 
-
                                                                                                                                                                                    • Can I Add a Node Without a Data Disk?
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Can I Create a CCE Node Without Adding a Data Disk to the Node?
                                                                                                                                                                                      
 
                                                                                                                                                                                      • 
 
                                                                                                                                                                                    • What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
                                                                                                                                                                                      
 
                                                                                                                                                                                      • 
diff --git a/docs/cce/umn/cce_faq_00039.html b/docs/cce/umn/cce_faq_00039.html
index a151115c..749f4bd3 100644
--- a/docs/cce/umn/cce_faq_00039.html
+++ b/docs/cce/umn/cce_faq_00039.html
@@ -5,11 +5,11 @@
 
                                                                                                                                                                                      Troubleshooting Process
                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                      
 
-
                                                                                                                                                                                      If the fault persists,  and contact the customer service to help you locate the fault.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Figure 1 Fault locating
                                                                                                                                                                                      
+
                                                                                                                                                                                      If the fault persists, contact the customer service to help you locate the fault.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Figure 1 Fault locating
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                      1. Log in to the management console, and choose Service List > Networking > Virtual Private Cloud. In the navigation pane on the left, choose Access Control > Security Groups to find the security group of the master node in the cluster.
                                                                                                                                                                                        The name of this security group is in the format of Cluster name-cce-control-ID.
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Click the security group. On the details page displayed, ensure that the security group rules of the master node are correct.
                                                                                                                                                                                        For details, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                        
+
                                                                                                                                                                                      3. Click the security group. On the details page displayed, ensure that the security group rules of the master node are correct.
                                                                                                                                                                                        For details, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      Check Item 2: Whether There Are Residual Listeners and Backend Server Groups on the Load Balancer
                                                                                                                                                                                      Reproducing the Problem
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00040.html b/docs/cce/umn/cce_faq_00040.html
index 7c8b0653..d04d69f2 100644
--- a/docs/cce/umn/cce_faq_00040.html
+++ b/docs/cce/umn/cce_faq_00040.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                      How Do I Retrieve Data After a Cluster Is Deleted?
                                                                                                                                                                                      
+
                                                                                                                                                                                      How Do I Retrieve Data After a CCE Cluster Is Deleted?
                                                                                                                                                                                      
 
                                                                                                                                                                                      After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00041.html b/docs/cce/umn/cce_faq_00041.html
index c12bae90..db694e27 100644
--- a/docs/cce/umn/cce_faq_00041.html
+++ b/docs/cce/umn/cce_faq_00041.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                      How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Log in to the CCE console. Click the target cluster to go to its details page.
                                                                                                                                                                                      2. In the Connection Information area, view the kubectl connection mode.
                                                                                                                                                                                      3. In the window that is displayed, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                        Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Log in to the CCE console. Click the target cluster to go to its details page.
                                                                                                                                                                                        2. In the Connection Information area, view the kubectl connection mode.
                                                                                                                                                                                        3. In the window that is displayed, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                          Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00089.html b/docs/cce/umn/cce_faq_00089.html
index cd3a4458..70c3fac2 100644
--- a/docs/cce/umn/cce_faq_00089.html
+++ b/docs/cce/umn/cce_faq_00089.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                        Can I Add a Node Without a Data Disk?
                                                                                                                                                                                        
+
                                                                                                                                                                                        Can I Create a CCE Node Without Adding a Data Disk to the Node?
                                                                                                                                                                                        
 
                                                                                                                                                                                        No. A data disk is mandatory.
                                                                                                                                                                                        
 
                                                                                                                                                                                        A data disk dedicated for kubelet and the container engine will be attached to a new node.  By default, CCE uses Logical Volume Manager (LVM) to manage data disks. With LVM, you can adjust the disk space ratio for different resources on a data disk.
                                                                                                                                                                                        
 
                                                                                                                                                                                        If the data disk is uninstalled or damaged, the container engine will malfunction and the node becomes unavailable.
                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00097.html b/docs/cce/umn/cce_faq_00097.html
index aeddf04f..7daac650 100644
--- a/docs/cce/umn/cce_faq_00097.html
+++ b/docs/cce/umn/cce_faq_00097.html
@@ -5,10 +5,10 @@
 
                                                                                                                                                                                         
                                                                                                                                                                                        • While an ECS is being accepted into a cluster, the operating system of the ECS will be reset to the standard OS image provided by CCE to ensure node stability. The CCE console prompts you to select the operating system and the login mode during the reset.
                                                                                                                                                                                        • The ECS system and data disks will be formatted while the ECS is being accepted into a cluster. Ensure that data in the disks has been backed up.
                                                                                                                                                                                        • While an ECS is being accepted into a cluster, do not perform any operation on the ECS through the ECS console.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                        • The cluster version must be 1.15 or later.
                                                                                                                                                                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                                                                                                                                                        • If a password or key has been set when the original VM node was created, reset the password or key during management. The original password or key will become invalid.
                                                                                                                                                                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                                                                                                                                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                        • ECSs and BMSs can be managed.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                        A cloud server that meets the following conditions can be accepted:
                                                                                                                                                                                        
-
                                                                                                                                                                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                                                                                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                                                                                                        • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                                                                                                        • Only cloud servers with the same specifications, AZ, and data disk configuration can be added in batches.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                        The cloud servers to be managed must meet the following requirements:
                                                                                                                                                                                        
+
                                                                                                                                                                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                                                                                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                                                                                                        • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                                                                                                        • Only cloud servers with the same data disk configurations can be added in batches.
                                                                                                                                                                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                                                                                                                                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                                                                                                                                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Procedure
                                                                                                                                                                                        View the cluster log information to locate the failure cause and rectify the fault.
                                                                                                                                                                                        
 
                                                                                                                                                                                        1. Log in to the CCE console. In the navigation pane, click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                        2. Click the record of the Failed status to view error information.
                                                                                                                                                                                        3. Rectify the fault based on the error information and accept the node into a cluster again.
                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00098.html b/docs/cce/umn/cce_faq_00098.html
index 77a4da96..6f921cff 100644
--- a/docs/cce/umn/cce_faq_00098.html
+++ b/docs/cce/umn/cce_faq_00098.html
@@ -204,7 +204,7 @@ Events:              <none>
 
                                                                                                                                                                                        Check Item 7: Whether everest Works Properly
                                                                                                                                                                                        0/1 nodes are available: 1 everest driver not found at node. This means the everest-csi-driver of everest is not started properly on the node.
                                                                                                                                                                                        
 
                                                                                                                                                                                        Check the daemon named everest-csi-driver in the kube-system namespace and check whether the pod is started properly. If not, delete the pod. The daemon will restart the pod.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Check Item 8: Thin Pool Space
                                                                                                                                                                                        A data disk dedicated for kubelet and the container engine will be attached to a new node.  If the data disk space is insufficient, the pod cannot be created.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Check Item 8: Thin Pool Space
                                                                                                                                                                                        A data disk dedicated for kubelet and the container engine will be attached to a new node. If the data disk space is insufficient, the pod cannot be created.
                                                                                                                                                                                        
 
                                                                                                                                                                                        Solution 1: Clearing images
                                                                                                                                                                                        
 
                                                                                                                                                                                        Perform the following operations to clear unused images:
                                                                                                                                                                                        • Nodes that use containerd
                                                                                                                                                                                          1. Obtain local images on the node.
                                                                                                                                                                                            crictl images -v
                                                                                                                                                                                            
 
                                                                                                                                                                                          2. Delete the images that are not required by image ID.
                                                                                                                                                                                            crictl rmi Image ID
                                                                                                                                                                                            
@@ -218,19 +218,34 @@ Events:              <none>
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Solution 2: Expanding the disk capacity
                                                                                                                                                                                        
 
                                                                                                                                                                                        To expand a disk capacity, perform the following steps:
                                                                                                                                                                                        
-
                                                                                                                                                                                        1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                        2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                        3. Log in to the target node.
                                                                                                                                                                                        4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                          A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                          
-
                                                                                                                                                                                          • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                            # lsblk
+
                                                                                                                                                                                            1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                              Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                              
+
                                                                                                                                                                                            2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                            3. Log in to the target node.
                                                                                                                                                                                            4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                              A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                              
+
                                                                                                                                                                                              Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                
-
                                                                                                                                                                                                Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                
-
                                                                                                                                                                                                pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                
-
                                                                                                                                                                                              2. Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                # lsblk
+
                                                                                                                                                                                              3. Expand the disk capacity.
                                                                                                                                                                                                Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                
+
                                                                                                                                                                                                1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                  pvresize /dev/vdb
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                  
+
                                                                                                                                                                                                2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                  lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                  resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
+old_desc_blocks = 12, new_desc_blocks = 24
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -243,13 +258,32 @@ vda                                   8:0    0   50G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                
-
                                                                                                                                                                                                • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                  pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                                  
-
                                                                                                                                                                                                • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                  pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                  
-
                                                                                                                                                                                                
-
                                                                                                                                                                                          
+
                                                                                                                                                                                        5. Expand the disk capacity.
                                                                                                                                                                                          Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                          
+
                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                                            
+
                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                            
+
                                                                                                                                                                                            Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                            
+
                                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                            
+
                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                            
+
                                                                                                                                                                                            Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
+Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                            
+
                                                                                                                                                                                          3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                          
+
                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                                            
+
                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                            
+
                                                                                                                                                                                            Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                            
+
                                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                            
+
                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                            
+
                                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                            
+
                                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                            resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                            
+
                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                            
+
                                                                                                                                                                                            Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
+old_desc_blocks = 4, new_desc_blocks = 16
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                            
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      Check Item 9: Number of Pods Scheduled onto the Node
                                                                                                                                                                                      0/1 nodes are available: 1 Too many pods. indicates excessive number of pods have been scheduled to the node.
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00107.html b/docs/cce/umn/cce_faq_00107.html
index 4dc56cc3..a332120c 100644
--- a/docs/cce/umn/cce_faq_00107.html
+++ b/docs/cce/umn/cce_faq_00107.html
@@ -8,9 +8,9 @@
 
                                                                                                                                                                                      Solution
                                                                                                                                                                                      According to the resolution rules of private domain names, the subnet DNS in the VPC must be set to the cloud DNS. You can find the details of the private network DNS service on its console.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      The customer can perform domain name resolution on the ECSs in the VPC subnet, which indicates that the preceding configuration has been completed in the subnet.
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                      However, when the domain name resolution is performed in a container, the message "bad address" is displayed, indicating that the domain name cannot be resolved.
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                      Log in to the CCE console and check the add-ons installed in the cluster.
                                                                                                                                                                                      
 
                                                                                                                                                                                      If you find that the coredns add-on does not exist in Add-ons Installed, the coredns add-on may have been incorrectly uninstalled.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Install it and add the corresponding domain name and DNS service address to resolve the domain name.
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00120.html b/docs/cce/umn/cce_faq_00120.html
index 94d146f9..9bd1c5e1 100644
--- a/docs/cce/umn/cce_faq_00120.html
+++ b/docs/cce/umn/cce_faq_00120.html
@@ -26,12 +26,12 @@
 
                                                                                                                                                                                  
 
                                                                                                                                                                                Check Item 4: Whether the Security Group Is Modified
                                                                                                                                                                                Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups and locate the security group of the cluster master node.
                                                                                                                                                                                
-
                                                                                                                                                                                The name of this security group is in the format of Cluster name-cce-control-ID. You can search for the security group by cluster name.
                                                                                                                                                                                
-
                                                                                                                                                                                Check whether the rules in the security group are modified. For details, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                
+
                                                                                                                                                                                The name of this security group is in the format of Cluster name-cce-control-ID. You can search for the security group by cluster name and -cce-control-.
                                                                                                                                                                                
+
                                                                                                                                                                                Check whether the security group rules have been modified. For details about security groups, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                
 
                                                                                                                                                                                Check Item 5: Whether the Security Group Rules Contain the Security Group Policy for the Communication Between the Master Node and the Worker Node
                                                                                                                                                                                Check whether such a security group policy exists.
                                                                                                                                                                                
 
                                                                                                                                                                                When a node is added to an existing cluster, if an extended CIDR block is added to the VPC corresponding to the subnet and the subnet is an extended CIDR block, you need to add the following three security group rules to the master node security group (the group name is in the format of Cluster name-cce-control-Random number). These rules ensure that the nodes added to the cluster are available. (This step is not required if an extended CIDR block has been added to the VPC during cluster creation.)
                                                                                                                                                                                
-
                                                                                                                                                                                For details about security, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details about security groups, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Check Item 6: Whether the Disk Is Abnormal
                                                                                                                                                                                A 100 GiB data disk dedicated for Docker is attached to the new node. If the data disk is uninstalled or damaged, the Docker service becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                
@@ -39,7 +39,7 @@
 
                                                                                                                                                                                Check Item 7: Whether Internal Components Are Normal
                                                                                                                                                                                1. Log in to the ECS where the unavailable node is located. 
                                                                                                                                                                                2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                  systemctl status kubelet
                                                                                                                                                                                  
 
                                                                                                                                                                                  If the command is successfully executed, the status of each component is displayed as active, as shown in the following figure.
                                                                                                                                                                                  
-
                                                                                                                                                                                  
+
                                                                                                                                                                                  
 
                                                                                                                                                                                  If the component status is not active, run the following commands (using the faulty component canal as an example):
                                                                                                                                                                                  
 
                                                                                                                                                                                  Run systemctl restart canal to restart the component.
                                                                                                                                                                                  
 
                                                                                                                                                                                  After restarting the component, run systemctl status canal to check the status.
                                                                                                                                                                                  
@@ -57,7 +57,7 @@
 
                                                                                                                                                                                  Check Item 9: Whether the vdb Disk on the Node Is Deleted
                                                                                                                                                                                  If the vdb disk on a node is deleted, you can refer to this topic to restore the node.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Check Item 10: Whether the Docker Service Is Normal
                                                                                                                                                                                  1. Run the following command to check whether the Docker service is running:
                                                                                                                                                                                    systemctl status docker
                                                                                                                                                                                    
-
                                                                                                                                                                                    
+
                                                                                                                                                                                    
 
                                                                                                                                                                                    If the command fails or the Docker service status is not active, locate the cause or contact technical support if necessary.
                                                                                                                                                                                    
 
                                                                                                                                                                                  2. Run the following command to check the number of containers on the node:
                                                                                                                                                                                    docker ps -a | wc -l
                                                                                                                                                                                    
 
                                                                                                                                                                                    If the command is suspended, the command execution takes a long time, or there are more than 1000 abnormal containers, check whether workloads are repeatedly created and deleted. If a large number of containers are frequently created and deleted, a large number of abnormal containers may occur and cannot be cleared in a timely manner.
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00134.html b/docs/cce/umn/cce_faq_00134.html
index 0b09ea74..354512ab 100644
--- a/docs/cce/umn/cce_faq_00134.html
+++ b/docs/cce/umn/cce_faq_00134.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                    How Do I Use Events to Fix Abnormal Workloads?
                                                                                                                                                                                    
 
                                                                                                                                                                                    If a workload is abnormal, you can check the pod events first to locate the fault and then rectify the fault.
                                                                                                                                                                                    
-
                                                                                                                                                                                    Fault Locating
                                                                                                                                                                                    
+
                                                                                                                                                                                    Fault Locating
                                                                                                                                                                                    
 
                                                                                                                                                                                    To check whether there is an abnormal pod in the workload, perform the following steps:
                                                                                                                                                                                    
 
                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                    2. Click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                                                                    3. In the upper left corner of the page, select a namespace, locate the target workload, and view its status.
                                                                                                                                                                                      • If the workload is not ready, view pod events, and determine the cause. For details, see Viewing Pod Events.
                                                                                                                                                                                      • If the workload is processing, wait patiently.
                                                                                                                                                                                      • If the workload is running, no action is required. If the workload status is normal but it cannot be accessed, check whether intra-cluster access is normal.
                                                                                                                                                                                        Log in to the CCE console or use kubectl to obtain the pod IP address. Then, log in to the node where this pod locates and run curl or use other methods to manually call the APIs. Check whether the expected result is returned.
                                                                                                                                                                                        
 
                                                                                                                                                                                        If {Container IP address}: {Port} cannot be accessed, log in to the service container and access 127.0.0.1: {Port} to locate the fault.
                                                                                                                                                                                        
@@ -33,7 +33,7 @@ Events:
 
 
                                                                                                                                                                                
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_faq_00140.html b/docs/cce/umn/cce_faq_00140.html
index 2578f1af..b26f5705 100644
--- a/docs/cce/umn/cce_faq_00140.html
+++ b/docs/cce/umn/cce_faq_00140.html
@@ -14,8 +14,8 @@
 
                                                                                                                                                                                The image is a system image added during node creation. If the image is deleted by mistake, the workload cannot be created.
                                                                                                                                                                                Solution
                                                                                                                                                                                1. Log in to the faulty node.
                                                                                                                                                                                2. Decompress the cce-pause image installation package.
                                                                                                                                                                                  tar -xzvf /opt/cloud/cce/package/node-package/pause-*.tgz
                                                                                                                                                                                  
-
                                                                                                                                                                                3. Import the image.
                                                                                                                                                                                  • Docker nodes:
                                                                                                                                                                                    docker load -i ./pause/package/image/cce-pause-3.1.tar
                                                                                                                                                                                    
-
                                                                                                                                                                                  • containerd nodes:
                                                                                                                                                                                    ctr -n k8s.io image import ./pause/package/image/cce-pause-3.1.tar
                                                                                                                                                                                    
+
                                                                                                                                                                                  • Import the image.
                                                                                                                                                                                    • Docker nodes:
                                                                                                                                                                                      docker load -i ./pause/package/image/cce-pause-*.tar
                                                                                                                                                                                      
+
                                                                                                                                                                                    • containerd nodes:
                                                                                                                                                                                      ctr -n k8s.io images import --all-platforms ./pause/package/image/cce-pause-*.tar
                                                                                                                                                                                      
 
                                                                                                                                                                                    
 
                                                                                                                                                                                  • Create a workload.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00141.html b/docs/cce/umn/cce_faq_00141.html
index c3be0559..2f5e219e 100644
--- a/docs/cce/umn/cce_faq_00141.html
+++ b/docs/cce/umn/cce_faq_00141.html
@@ -10,6 +10,8 @@
 
                                                                                                                                                                              • Security Hardening
                                                                                                                                                                                
 
                                                                                                                                                                                • 
+
                                                                                                                                                                              • Network Configuration
                                                                                                                                                                                
+
                                                                                                                                                                                • 
diff --git a/docs/cce/umn/cce_faq_00146.html b/docs/cce/umn/cce_faq_00146.html
index 5c10fe50..42c0fba3 100644
--- a/docs/cce/umn/cce_faq_00146.html
+++ b/docs/cce/umn/cce_faq_00146.html
@@ -8,7 +8,7 @@
 
 
                                                                                                                                                                              • How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                
 
                                                                                                                                                                                • 
-
                                                                                                                                                                              • How Do I Set an IPv6 Service CIDR Block?
                                                                                                                                                                                
+
                                                                                                                                                                              • How Do I Configure the IPv6 Service CIDR Block When Creating a CCE Turbo Cluster?
                                                                                                                                                                                
 
                                                                                                                                                                                • 
 
 
diff --git a/docs/cce/umn/cce_faq_00154.html b/docs/cce/umn/cce_faq_00154.html
index e0f5e00e..44f125c6 100644
--- a/docs/cce/umn/cce_faq_00154.html
+++ b/docs/cce/umn/cce_faq_00154.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                Which Resource Quotas Should I Pay Attention To When Using CCE?
                                                                                                                                                                                
 
                                                                                                                                                                                CCE restricts only the number of clusters. However, when using CCE, you may also be using other cloud services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Virtual Private Cloud (VPC), Elastic Load Balance (ELB), and SoftWare Repository for Containers (SWR).
                                                                                                                                                                                
-
                                                                                                                                                                                What Is Quota?
                                                                                                                                                                                Quotas can limit the number or amount of resources available to users, such as the maximum number of ECSs or EVS disks that can be created.
                                                                                                                                                                                
+
                                                                                                                                                                                What Is Quota?
                                                                                                                                                                                Quotas can limit the number or amount of resources available to users, such as the maximum number of ECSs or EVS disks that can be created.
                                                                                                                                                                                
 
                                                                                                                                                                                If the existing resource quota cannot meet your service requirements, you can apply for a higher quota.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00163.html b/docs/cce/umn/cce_faq_00163.html
index 7b0400e7..5c859e69 100644
--- a/docs/cce/umn/cce_faq_00163.html
+++ b/docs/cce/umn/cce_faq_00163.html
@@ -4,10 +4,14 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
 
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00186.html b/docs/cce/umn/cce_faq_00186.html
index a0374946..7747611f 100644
--- a/docs/cce/umn/cce_faq_00186.html
+++ b/docs/cce/umn/cce_faq_00186.html
@@ -10,8 +10,6 @@
 
 
                                                                                                                                                                              • What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
                                                                                                                                                                                
 
                                                                                                                                                                                • 
-
                                                                                                                                                                              • Why Cannot a Pod Be Scheduled to a Node?
                                                                                                                                                                                
-
                                                                                                                                                                                • 
 
                                                                                                                                                                              • What Is the Image Pull Policy for Containers in a CCE Cluster?
                                                                                                                                                                                
 
                                                                                                                                                                                • 
 
                                                                                                                                                                              • What Can I Do If a Layer Is Missing During Image Pull?
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00192.html b/docs/cce/umn/cce_faq_00192.html
index 526664a0..5b19f370 100644
--- a/docs/cce/umn/cce_faq_00192.html
+++ b/docs/cce/umn/cce_faq_00192.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                                • 
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Parent topic: Reference
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Network Configuration
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00195.html b/docs/cce/umn/cce_faq_00195.html
index 69e72eed..31a43613 100644
--- a/docs/cce/umn/cce_faq_00195.html
+++ b/docs/cce/umn/cce_faq_00195.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
                                                                                                                                                                                
 
                                                                                                                                                                                The following is an example resolv.conf file for a container in a workload:
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                In the preceding information:
                                                                                                                                                                                
 
                                                                                                                                                                                • nameserver: IP address of the DNS. Set this parameter to the cluster IP address of CoreDNS.
                                                                                                                                                                                • search: domain name search list, which is a common suffix of Kubernetes.
                                                                                                                                                                                • ndots: If the number of dots (.) is less than the domain name, search is preferentially used for resolution.
                                                                                                                                                                                • timeout: timeout interval.
                                                                                                                                                                                • single-request-reopen: indicates that different source ports are used to send different types of requests.
                                                                                                                                                                                
 
                                                                                                                                                                                By default, when you create a workload on the CCE console, the preceding parameters are configured as follows:
                                                                                                                                                                                
@@ -15,7 +15,7 @@
           - name: single-request-reopen
 
                                                                                                                                                                                These parameters can be optimized or modified based on service requirements.
                                                                                                                                                                                
 
                                                                                                                                                                                Scenario 1: Slow External Domain Name Resolution
                                                                                                                                                                                Optimization Solution
                                                                                                                                                                                
-
                                                                                                                                                                                1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?.
                                                                                                                                                                                2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                
+
                                                                                                                                                                                1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?
                                                                                                                                                                                2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Scenario 2: External Domain Name Resolution Timeout
                                                                                                                                                                                Optimization Solution
                                                                                                                                                                                
 
                                                                                                                                                                                1. Generally, the timeout of a Service must be greater than the value of timeout multiplied by attempts.
                                                                                                                                                                                2. If it takes more than 2s to resolve the domain name, you can set timeout to a larger value.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00197.html b/docs/cce/umn/cce_faq_00197.html
index d108f956..fda83024 100644
--- a/docs/cce/umn/cce_faq_00197.html
+++ b/docs/cce/umn/cce_faq_00197.html
@@ -1,10 +1,10 @@
 
 
-
                                                                                                                                                                                What Should I Do If Domain Name Resolution Fails?
                                                                                                                                                                                
+
                                                                                                                                                                                What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
                                                                                                                                                                                
 
                                                                                                                                                                                Check Item 1: Whether the coredns Add-on Has Been Installed
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                2. In the navigation pane, choose Add-ons and check whether the CoreDNS add-on has been installed.
                                                                                                                                                                                3. If not, install the add-on. For details, see Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Check Item 2: Whether the coredns Instance Reaches the Performance Limit
                                                                                                                                                                                CoreDNS QPS is positively correlated with the CPU usage. If the QPS is high, adjust the the coredns instance specifications based on the QPS. 
                                                                                                                                                                                
-
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                2. In the navigation tree, choose Add-ons and verify that CoreDNS is running.
                                                                                                                                                                                3. Click the coredns add-on name to view the add-on list.
                                                                                                                                                                                4. Click Monitor of the the coredns add-on to view the CPU and memory usage.
                                                                                                                                                                                  If the add-on performance reaches the bottleneck, adjust the coredns add-on specifications.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Check Item 2: Whether the coredns Instance Reaches the Performance Limit
                                                                                                                                                                                  CoreDNS QPS is positively correlated with the CPU usage. If the QPS is high, adjust the coredns instance specifications based on the QPS. 
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                  2. In the navigation tree, choose Add-ons and verify that CoreDNS is running.
                                                                                                                                                                                  3. Click the coredns add-on name to view the add-on list.
                                                                                                                                                                                  4. Click Monitor of the coredns add-on to view the CPU and memory usage.
                                                                                                                                                                                    If the add-on performance reaches the bottleneck, adjust the coredns add-on specifications.
                                                                                                                                                                                    
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Check Item 3: Whether the External Domain Name Resolution Is Slow or Times Out
                                                                                                                                                                                  If the domain name resolution failure rate is lower than 1/10000, optimize parameters by referring to How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out? or add a retry policy in the service.
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00200.html b/docs/cce/umn/cce_faq_00200.html
index 7677f33b..f75942d6 100644
--- a/docs/cce/umn/cce_faq_00200.html
+++ b/docs/cce/umn/cce_faq_00200.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                  Troubleshooting Process
                                                                                                                                                                                  The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                  
 
                                                                                                                                                                                  Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                  
 
-
                                                                                                                                                                                  Figure 1 Troubleshooting for storage volume mounting failure or mounting timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 Troubleshooting for storage volume mounting failure or mounting timeout
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Check Item 1: Whether EVS Volumes Are Mounted Across AZs
                                                                                                                                                                                  Symptom
                                                                                                                                                                                  
 
                                                                                                                                                                                  Mounting an EVS volume to a StatefulSet times out.
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00202.html b/docs/cce/umn/cce_faq_00202.html
index 4a9ede7d..c0b3ad05 100644
--- a/docs/cce/umn/cce_faq_00202.html
+++ b/docs/cce/umn/cce_faq_00202.html
@@ -16,7 +16,7 @@
 
                                                                                                                                                                                  5. 
 
                                                                                                                                                                                  Example:
                                                                                                                                                                                  
 
                                                                                                                                                                                  nodePort: 30637 indicates the exposed node port. targetPort: 80 indicates the exposed pod port. port: 123 is the exposed Service port. LoadBalancer Services also use this port to configure the ELB listener.
                                                                                                                                                                                  
-
                                                                                                                                                                                  
+
                                                                                                                                                                                  
 
                                                                                                                                                                                  After finding the node port (nodePort), access <IP address>:<port> of the node where the container is located and check whether the expected result is returned.
                                                                                                                                                                                  
 
                                                                                                                                                                                  Common issues:
                                                                                                                                                                                  
 
                                                                                                                                                                                  1. The service port is not allowed in the inbound rules of the node.
                                                                                                                                                                                  2. A custom route is incorrectly configured for the node.
                                                                                                                                                                                  3. The label of the pod does not match that of the Service (created using kubectl or API).
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00203.html b/docs/cce/umn/cce_faq_00203.html
index 89efb3da..97eccbf1 100644
--- a/docs/cce/umn/cce_faq_00203.html
+++ b/docs/cce/umn/cce_faq_00203.html
@@ -4,9 +4,9 @@
 
                                                                                                                                                                                  CCE does not return any error code when you fail to access your applications using a browser. Check your services first.
                                                                                                                                                                                  
 
                                                                                                                                                                                  404 Not Found
                                                                                                                                                                                  
 
                                                                                                                                                                                  If the error code shown in the following figure is returned, it indicates that the ELB cannot find the corresponding forwarding policy. Check the forwarding policies.
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 1 404:ALB
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 404:ALB
                                                                                                                                                                                  
 
                                                                                                                                                                                  If the error code shown in the following figure is returned, it indicates that errors occur on Nginx (your services). In this case, check your services.
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 2 404:nginx/1.**.*
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 2 404:nginx/1.**.*
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00204.html b/docs/cce/umn/cce_faq_00204.html
index f811aa29..c62aa420 100644
--- a/docs/cce/umn/cce_faq_00204.html
+++ b/docs/cce/umn/cce_faq_00204.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                  What Should I Do If a Container Fails to Access the Internet?
                                                                                                                                                                                  
 
                                                                                                                                                                                  If a container cannot access the Internet, check whether the node where the container is located can access the Internet. Then check whether the network configuration of the container is correct. For example, check whether the DNS configuration can resolve the domain name.
                                                                                                                                                                                  
 
                                                                                                                                                                                  Check Item 1: Whether the Node Can Access the Internet
                                                                                                                                                                                  1. Log in to the ECS console.
                                                                                                                                                                                  2. Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured.
                                                                                                                                                                                    The following figure shows that an EIP has been bound. If no EIP is displayed, bind an EIP to the ECS.
                                                                                                                                                                                    
-
                                                                                                                                                                                    Figure 1 Node with an EIP bound
                                                                                                                                                                                    
+
                                                                                                                                                                                    Figure 1 Node with an EIP bound
                                                                                                                                                                                    
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Check Item 2: Whether a Network ACL Has Been Configured for the Node
                                                                                                                                                                                  1. Log in to the VPC console.
                                                                                                                                                                                  2. In the navigation pane on the left, choose Access Control > Network ACLs.
                                                                                                                                                                                  3. Check whether a network ACL has been configured for the subnet where the node is located and whether external access is restricted.
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00209.html b/docs/cce/umn/cce_faq_00209.html
index ed9ea199..a770ae3a 100644
--- a/docs/cce/umn/cce_faq_00209.html
+++ b/docs/cce/umn/cce_faq_00209.html
@@ -23,7 +23,7 @@
 
                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                  If the pods are not evicted when the node is faulty, perform the following steps to locate the fault:
                                                                                                                                                                                  
 
                                                                                                                                                                                  After the following command is run, the command output shows that many pods are in the Evicted state.
                                                                                                                                                                                  
 
                                                                                                                                                                                  kubectl get pods
                                                                                                                                                                                  
-
                                                                                                                                                                                  Check results will be recorded in kubelet logs of the node. You can run the following command to search for the information:
                                                                                                                                                                                  cat /var/paas/sys/log/kubernetes/kubelet.log | grep -i Evicted -C3
                                                                                                                                                                                  
+
                                                                                                                                                                                  Check results will be recorded in kubelet logs of the node. You can run the following command to search for the information:
                                                                                                                                                                                  cat /var/log/cce/kubernetes/kubelet.log | grep -i Evicted -C3
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Troubleshooting Process
                                                                                                                                                                                  The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00215.html b/docs/cce/umn/cce_faq_00215.html
index 2bca2331..a6af96a1 100644
--- a/docs/cce/umn/cce_faq_00215.html
+++ b/docs/cce/umn/cce_faq_00215.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                    
-
                                                                                                                                                                                  • Why Does Add-on Installation Fail and Prompt "The release name is already exist"?
                                                                                                                                                                                    
+
                                                                                                                                                                                  • What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
                                                                                                                                                                                    
 
                                                                                                                                                                                    • 
 
                                                                                                                                                                                  • How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
                                                                                                                                                                                    
 
                                                                                                                                                                                    • 
diff --git a/docs/cce/umn/cce_faq_00218.html b/docs/cce/umn/cce_faq_00218.html
index dd95b3d2..0d93617e 100644
--- a/docs/cce/umn/cce_faq_00218.html
+++ b/docs/cce/umn/cce_faq_00218.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                    What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
                                                                                                                                                                                    
 
                                                                                                                                                                                    When a Service deployed on CCE attempts to upload files to OBS after receiving an access request from an offline machine, an error message is displayed, indicating that the host cannot be found. The following figure shows the error message.
                                                                                                                                                                                    
-
                                                                                                                                                                                    
+
                                                                                                                                                                                    
 
                                                                                                                                                                                    Fault Locating
                                                                                                                                                                                    After receiving the HTTP request, the Service transfers files to OBS through the proxy.
                                                                                                                                                                                    
 
                                                                                                                                                                                    If too many files are transferred, a large number of resources are consumed. Currently, the proxy is assigned 128 MiB memory. According to pressure test results, resource consumption is large, resulting in request failure.
                                                                                                                                                                                    
 
                                                                                                                                                                                    The test results show that all traffic passes through the proxy. Therefore, if the service volume is large, more resources need to be allocated.
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00224.html b/docs/cce/umn/cce_faq_00224.html
index 6ab6f9e2..55371ba1 100644
--- a/docs/cce/umn/cce_faq_00224.html
+++ b/docs/cce/umn/cce_faq_00224.html
@@ -11,13 +11,13 @@
 
                                                                                                                                                                                    
 
                                                                                                                                                                                  • After the node is reset, log in to the node and run the following command to access the container and check whether the container storage capacity has been expanded:
                                                                                                                                                                                    docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                    
 
                                                                                                                                                                                    df -h
                                                                                                                                                                                    
-
                                                                                                                                                                                    
+
                                                                                                                                                                                    
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Parent topic: Reference
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Storage
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00260.html b/docs/cce/umn/cce_faq_00260.html
index 1586781a..0c32156a 100644
--- a/docs/cce/umn/cce_faq_00260.html
+++ b/docs/cce/umn/cce_faq_00260.html
@@ -33,7 +33,8 @@ spec:
       affinity:
         podAntiAffinity:                   # Workload anti-affinity
           preferredDuringSchedulingIgnoredDuringExecution:    # Ensure that the following conditions are met:
-            - podAffinityTerm:
+            - weight: 100 # Priority that can be configured when the best-effort policy is used. The value ranges from 1 to 100. A larger value indicates a higher priority.
+              podAffinityTerm:
                 labelSelector:                       # Select the label of the pod, which is anti-affinity with the workload.
                   matchExpressions:
                     - key: app
diff --git a/docs/cce/umn/cce_faq_00262.html b/docs/cce/umn/cce_faq_00262.html
index e19369cd..c5155bb6 100644
--- a/docs/cce/umn/cce_faq_00262.html
+++ b/docs/cce/umn/cce_faq_00262.html
@@ -8,7 +8,7 @@
 
                                                                                                                                                                                Pods of different QoS classes are evicted in the following sequence:
                                                                                                                                                                                
 
                                                                                                                                                                                BestEffort -> Burstable -> Guaranteed
                                                                                                                                                                                
 
                                                                                                                                                                                • BestEffort pods: These pods have the lowest priority. They will be the first to be killed if the system runs out of memory.
                                                                                                                                                                                • Burstable pods: These pods will be killed if the system runs out of memory and no BestEffort pods exist.
                                                                                                                                                                                • Guaranteed pods: These pods will be killed if the system runs out of memory and no Burstable or BestEffort pods exist.
                                                                                                                                                                                
-
                                                                                                                                                                                 
                                                                                                                                                                                • If processes in a pod are killed because of excessive resource usage (while the node resources are still sufficient), the system tends to restart the container or create a pod.
                                                                                                                                                                                • If resources are sufficient, you can assign the QoS class of Guaranteed to all pods. In this way, more compute resources are used to improve service performance and stability, reducing troubleshooting time and costs.
                                                                                                                                                                                • To improve resource utilization, assign the QoS class of Guaranteed to service pods and Burstable or BestEffort to other pods (for example, filebeat).
                                                                                                                                                                                
+
                                                                                                                                                                                 
                                                                                                                                                                                • If a pod is killed because of excessive resource usage (while the node resources are still sufficient), the system tends to restart the pod on the same node.
                                                                                                                                                                                • If resources are sufficient, you can assign the QoS class of Guaranteed to all pods. In this way, more compute resources are used to improve service performance and stability, reducing troubleshooting time and costs.
                                                                                                                                                                                • To improve resource utilization, assign the QoS class of Guaranteed to service pods and Burstable or BestEffort to other pods (for example, filebeat).
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00263.html b/docs/cce/umn/cce_faq_00263.html
index 150c9eab..bd1a51f5 100644
--- a/docs/cce/umn/cce_faq_00263.html
+++ b/docs/cce/umn/cce_faq_00263.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                Symptom
                                                                                                                                                                                The vdb disk of a node is damaged and the node cannot be recovered after reset.
                                                                                                                                                                                
 
                                                                                                                                                                                Error Scenarios
                                                                                                                                                                                
 
                                                                                                                                                                                • On a normal node, delete the LV and VG. The node is unavailable.
                                                                                                                                                                                • Reset an abnormal node, and a syntax error is reported. The node is unavailable.
                                                                                                                                                                                  The following figure shows the details.
                                                                                                                                                                                  
-
                                                                                                                                                                                  
+
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Fault Locating
                                                                                                                                                                                If the volume group (VG) on the node is deleted or damaged and cannot be identified, you need to manually restore the VG first to prevent your data disks from being formatted by mistake during the reset.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00264.html b/docs/cce/umn/cce_faq_00264.html
index 1cda2abc..f4a43219 100644
--- a/docs/cce/umn/cce_faq_00264.html
+++ b/docs/cce/umn/cce_faq_00264.html
@@ -12,6 +12,8 @@
 
 
                                                                                                                                                                              • How Do I Configure an Access Policy for a Cluster?
                                                                                                                                                                                
 
                                                                                                                                                                                • 
+
                                                                                                                                                                              • How Do I Change the Security Group of Nodes in a Cluster in Batches?
                                                                                                                                                                                
+
                                                                                                                                                                                • 
 
 
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00265.html b/docs/cce/umn/cce_faq_00265.html
index fd02d66e..1d937836 100644
--- a/docs/cce/umn/cce_faq_00265.html
+++ b/docs/cce/umn/cce_faq_00265.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                                                                                                How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                
-
                                                                                                                                                                                CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master node and worker node, separately. The security group name of the master node is {Cluster name}-cce-control-{Random ID}, and the security group name of the worker node is {Cluster name}-cce-node-{Random ID}. If a CCE Turbo cluster is used, an additional ENI security group named {Cluster name}-cce-eni-{Random ID} will be created.
                                                                                                                                                                                
-
                                                                                                                                                                                You can log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the page displayed, choose Access Control > Security Groups in the navigation pane, locate the security group of the cluster, and modify the security group rules as required.
                                                                                                                                                                                
+
                                                                                                                                                                                CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master node and worker node, separately. The security group name of the master node is {Cluster name}-cce-control-{Random ID}, and the security group name of the worker node is {Cluster name}-cce-node-{Random ID}. If a CCE Turbo cluster is used, an additional ENI security group named {Cluster name}-cce-eni-{Random ID} will be created.
                                                                                                                                                                                
+
                                                                                                                                                                                You can modify the security group rules on the VPC console as required. (Log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the page displayed, choose Access Control > Security Groups in the navigation pane, locate the corresponding security groups, and modify their rules.)
                                                                                                                                                                                
 
                                                                                                                                                                                The default security group rules of the clusters using different networks are as follows:
                                                                                                                                                                                
-
+
 
                                                                                                                                                                                 
                                                                                                                                                                                • Modifying or deleting security group rules may affect cluster running. Exercise caution when performing this operation. If you need to modify security group rules, do not modify the rules of the port on which CCE running depends.
                                                                                                                                                                                • When adding a new security group rule to a cluster, ensure that the new rule does not conflict with the original rules. Otherwise, the original rules may become invalid, affecting the cluster running.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Security Group Rules of a Cluster Using a VPC Network
                                                                                                                                                                                Security group of a worker node
                                                                                                                                                                                
-
                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for each worker node. For details about the default ports, see Table 1.
                                                                                                                                                                                
+
                                                                                                                                                                                Security Group Rules of a Cluster Using a VPC Network
                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                
+
                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 1.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 1 Add-on classification and names
                                                                                                                                                                                Category
                                                                                                                                                                                
 
                                                                                                                                                                                New Name
                                                                                                                                                                                
+
                                                                                                                                                                                New Name
                                                                                                                                                                                
 
                                                                                                                                                                                Original Name
                                                                                                                                                                                
+
                                                                                                                                                                                Original Name
                                                                                                                                                                                
 
                                                                                                                                                                                Remarks
                                                                                                                                                                                
+
                                                                                                                                                                                Remarks
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                Scheduling and elasticity
                                                                                                                                                                                
+
                                                                                                                                                                                Scheduling and elasticity
                                                                                                                                                                                
 
                                                                                                                                                                                CCE Cluster Autoscaler
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Cluster Autoscaler
                                                                                                                                                                                
 
                                                                                                                                                                                autoscaler
                                                                                                                                                                                
+
                                                                                                                                                                                autoscaler
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                CCE Advanced HPA
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Advanced HPA
                                                                                                                                                                                
 
                                                                                                                                                                                cce-hpa-controller
                                                                                                                                                                                
+
                                                                                                                                                                                cce-hpa-controller
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Volcano Scheduler
                                                                                                                                                                                
+
                                                                                                                                                                                Volcano Scheduler
                                                                                                                                                                                
 
                                                                                                                                                                                volcano
                                                                                                                                                                                
+
                                                                                                                                                                                volcano
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Cloud native observability
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud native observability
                                                                                                                                                                                
 
                                                                                                                                                                                CCE Node Problem Detector
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Node Problem Detector
                                                                                                                                                                                
 
                                                                                                                                                                                npd
                                                                                                                                                                                
+
                                                                                                                                                                                npd
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Kubernetes Metrics Server
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud Native Cluster Monitoring
                                                                                                                                                                                
 
                                                                                                                                                                                metrics-server
                                                                                                                                                                                
+
                                                                                                                                                                                kube-prometheus-stack
                                                                                                                                                                                
 
                                                                                                                                                                                Featured open source
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Cloud native heterogeneous computing
                                                                                                                                                                                
+
                                                                                                                                                                                Kubernetes Metrics Server
                                                                                                                                                                                
 
                                                                                                                                                                                CCE AI Suite (NVIDIA GPU)
                                                                                                                                                                                
+
                                                                                                                                                                                metrics-server
                                                                                                                                                                                
 
                                                                                                                                                                                gpu-device-plugin (gpu-beta)
                                                                                                                                                                                
-
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                Featured open source
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Network
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud native heterogeneous computing
                                                                                                                                                                                
 
                                                                                                                                                                                CoreDNS
                                                                                                                                                                                
+
                                                                                                                                                                                CCE AI Suite (NVIDIA GPU)
                                                                                                                                                                                
 
                                                                                                                                                                                coredns
                                                                                                                                                                                
+
                                                                                                                                                                                gpu-device-plugin (gpu-beta)
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Storage
                                                                                                                                                                                
+
                                                                                                                                                                                Network
                                                                                                                                                                                
 
                                                                                                                                                                                CCE Container Storage (Everest)
                                                                                                                                                                                
+
                                                                                                                                                                                CoreDNS
                                                                                                                                                                                
 
                                                                                                                                                                                everest
                                                                                                                                                                                
+
                                                                                                                                                                                coredns
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                CCE Container Storage (FlexVolume)
                                                                                                                                                                                
+
                                                                                                                                                                                Storage
                                                                                                                                                                                
 
                                                                                                                                                                                storage-driver
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Container Storage (Everest)
                                                                                                                                                                                
 
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                everest
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Container Storage (FlexVolume)
                                                                                                                                                                                
+
                                                                                                                                                                                storage-driver
                                                                                                                                                                                
+
                                                                                                                                                                                CCE proprietary
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
                                                                                                                                                                                 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                                                                                                                                                                                Pending
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If Pod Scheduling Fails?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                PodsFailed to pull image
                                                                                                                                                                                
@@ -42,7 +42,7 @@ Events:
 
                                                                                                                                                                                FailedPullImage
                                                                                                                                                                                
 
                                                                                                                                                                                ImagePullBackOff
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If a Pod Fails to Pull the Image?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                PodsCreation failed
                                                                                                                                                                                
@@ -51,42 +51,42 @@ Events:
 
                                                                                                                                                                                CreateContainerError
                                                                                                                                                                                
 
                                                                                                                                                                                CrashLoopBackOff
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If Container Startup Fails?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If Container Startup Fails?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                The pod status is Evicted, and the pod keeps being evicted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Evicted
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If a Pod Fails to Be Evicted?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                The storage volume fails to be mounted to the pod.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Pending
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                The pod stays Creating.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Creating
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If a Workload Remains in the Creating State?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                The pod stays Terminating.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Terminating
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If Pods in the Terminating State Cannot Be Deleted?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If Pods in the Terminating State Cannot Be Deleted?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                The pod status is Stopped.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Stopped
                                                                                                                                                                                
 
                                                                                                                                                                                For details, see What Should I Do If a Workload Is Stopped Caused by Pod Deletion?.
                                                                                                                                                                                
+
                                                                                                                                                                                For details, see What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
                                                                                                                                                                                 
 
 
 
 
 
 
 
                                                                                                                                                                                Table 1 Default ports in the security group for a worker node that uses a VPC network
                                                                                                                                                                                Direction
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -30,7 +30,7 @@
 
-
@@ -42,9 +42,9 @@
 
-
-
@@ -69,7 +69,7 @@
 
-
@@ -80,7 +80,7 @@
 
-
@@ -91,7 +91,7 @@
 
-
@@ -114,10 +114,10 @@
 
                                                                                                                                                                                Table 1 Default ports in the security group for worker nodes that use a VPC network
                                                                                                                                                                                Direction
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Port
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Used for mutual access between worker nodes and between a worker node and a master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow access between worker nodes and between worker nodes and the master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                All ICMP ports
                                                                                                                                                                                
 
                                                                                                                                                                                Security group of the master node
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Used for the master node to access worker nodes.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow master nodes to access worker nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Container CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Used for mutual access between nodes and containers.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow containers in a cluster to access nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Used for mutual access between worker nodes.
                                                                                                                                                                                
+
                                                                                                                                                                                Access outside the security group of the worker nodes is restricted, but mutual access between instances in the security group of the worker nodes is not restricted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                
 
                                                                                                                                                                                Port that allows remote access to Linux ECSs using SSH.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow SSH access to ECSs.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Recommended
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Security group of the master node
                                                                                                                                                                                
-
                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for the master node. For details about the default ports, see Table 2.
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
+
                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for master nodes in a cluster. For details about the default ports, see Table 2.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 2 Default ports in the security group for the master node that uses a VPC network
                                                                                                                                                                                Direction
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -153,7 +153,7 @@
 
-
@@ -164,9 +164,9 @@
 
-
-
@@ -175,7 +175,7 @@
 
-
@@ -184,9 +184,9 @@
 
-
-
@@ -210,10 +210,10 @@
 
                                                                                                                                                                                Table 2 Default ports in the security group for master nodes that use a VPC network
                                                                                                                                                                                Direction
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Port
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                
 
                                                                                                                                                                                Allow kube-apiserver of the master node to listen to the worker nodes.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                
 
                                                                                                                                                                                Recommended
                                                                                                                                                                                
+
                                                                                                                                                                                Recommended
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                All
                                                                                                                                                                                
 
                                                                                                                                                                                IP addresses of this security group
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                
+
                                                                                                                                                                                Access outside the security group of the master nodes is restricted, but mutual access between instances in the security group of the master nodes is not restricted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
-
                                                                                                                                                                                Security Group Rules of a Cluster Using the Tunnel Network
                                                                                                                                                                                Security group of a worker node
                                                                                                                                                                                
-
                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for each worker node. For details about the default ports, see Table 3.
                                                                                                                                                                                
+
                                                                                                                                                                                Security Group Rules of a Cluster Using the Tunnel Network
                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                
+
                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 3.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 3 Default ports in the security group for a worker node that uses a tunnel network
                                                                                                                                                                                Direction
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -242,9 +242,9 @@
 
-
-
@@ -269,18 +269,18 @@
 
-
-
-
-
@@ -303,10 +303,10 @@
 
                                                                                                                                                                                Table 3 Default ports in the security group for worker nodes that use a tunnel network
                                                                                                                                                                                Direction
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Port
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 10250
                                                                                                                                                                                
 
                                                                                                                                                                                CIDR block of the master node
                                                                                                                                                                                
+
                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the master node to access kubelet on a worker node, for example, by running kubectl exec {pod}.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow master nodes to access kubelet on worker nodes, for example, by running kubectl exec {pod}.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                
 
                                                                                                                                                                                Port that allows remote access to Linux ECSs using SSH.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow SSH access to ECSs.
                                                                                                                                                                                
 
                                                                                                                                                                                Recommended
                                                                                                                                                                                
+
                                                                                                                                                                                Recommended
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                N/A
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                All
                                                                                                                                                                                
 
                                                                                                                                                                                IP addresses of this security group
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                
+
                                                                                                                                                                                Access outside the security group of the worker nodes is restricted, but mutual access between instances in the security group of the worker nodes is not restricted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Security group of the master node
                                                                                                                                                                                
-
                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for the master node. For details about the default ports, see Table 4.
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
+
                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for master nodes in a cluster. For details about the default ports, see Table 4.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 4 Default ports in the security group for the master node that uses a tunnel network
                                                                                                                                                                                Direction
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -353,7 +353,7 @@
 
-
@@ -364,9 +364,9 @@
 
-
-
@@ -375,7 +375,7 @@
 
-
@@ -384,9 +384,9 @@
 
-
-
@@ -410,10 +410,10 @@
 
                                                                                                                                                                                Table 4 Default ports in the security group for master nodes that use a tunnel network
                                                                                                                                                                                Direction
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Port
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                
 
                                                                                                                                                                                Allow kube-apiserver of the master node to listen to the worker nodes.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                
 
                                                                                                                                                                                Recommended
                                                                                                                                                                                
+
                                                                                                                                                                                Recommended
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                All
                                                                                                                                                                                
 
                                                                                                                                                                                IP addresses of this security group
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                
+
                                                                                                                                                                                Access outside the security group of the master nodes is restricted, but mutual access between instances in the security group of the master nodes is not restricted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
-
                                                                                                                                                                                Security Group Rules of a CCE Turbo Cluster Using the Cloud Native Network 2.0
                                                                                                                                                                                Security group of a worker node
                                                                                                                                                                                
-
                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for each worker node. For details about the default ports, see Table 5.
                                                                                                                                                                                
+
                                                                                                                                                                                Security Group Rules of a CCE Turbo Cluster Using the Cloud Native 2.0 Network
                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                
+
                                                                                                                                                                                A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 5.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 5 Default ports in the security group for a worker node
                                                                                                                                                                                Direction
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -431,9 +431,9 @@
 
-
-
@@ -458,18 +458,18 @@
 
-
-
-
-
@@ -480,7 +480,7 @@
 
-
@@ -503,10 +503,10 @@
 
                                                                                                                                                                                Table 5 Default ports in the security group for worker nodes
                                                                                                                                                                                Direction
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Port
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                TCP port 10250
                                                                                                                                                                                
 
                                                                                                                                                                                CIDR block of the master node
                                                                                                                                                                                
+
                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the master node to access kubelet on a worker node, for example, by running kubectl exec {pod}.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow master nodes to access kubelet on worker nodes, for example, by running kubectl exec {pod}.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                
 
                                                                                                                                                                                Port that allows remote access to Linux ECSs using SSH.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow SSH access to ECSs.
                                                                                                                                                                                
 
                                                                                                                                                                                Recommended
                                                                                                                                                                                
+
                                                                                                                                                                                Recommended
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                N/A
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                All
                                                                                                                                                                                
 
                                                                                                                                                                                IP addresses of this security group
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of worker nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                
+
                                                                                                                                                                                Access outside the security group of the worker nodes is restricted, but mutual access between instances in the security group of the worker nodes is not restricted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Container subnet CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all source IP addresses in the container subnet CIDR block.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow containers in a cluster to access nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Security group of the master node
                                                                                                                                                                                
-
                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for the master node. For details about the default ports, see Table 6.
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
+
                                                                                                                                                                                A security group named {Cluster name}-cce-control-{Random ID} is automatically created for master nodes in a cluster. For details about the default ports, see Table 6.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 6 Default ports in the security group for the master node
                                                                                                                                                                                Direction
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -546,7 +546,7 @@
 
-
@@ -557,9 +557,9 @@
 
-
-
@@ -568,7 +568,7 @@
 
-
@@ -577,9 +577,9 @@
 
-
-
@@ -613,7 +613,7 @@
 
                                                                                                                                                                                Table 6 Default ports in the security group for master nodes
                                                                                                                                                                                Direction
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Port
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                All IP addresses: 0.0.0.0/0
                                                                                                                                                                                
 
                                                                                                                                                                                Allow kube-apiserver of the master node to listen to the worker nodes.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                
 
                                                                                                                                                                                Recommended
                                                                                                                                                                                
+
                                                                                                                                                                                Recommended
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                All
                                                                                                                                                                                
 
                                                                                                                                                                                IP addresses of this security group
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                
+
                                                                                                                                                                                Access outside the security group of the master nodes is restricted, but mutual access between instances in the security group of the master nodes is not restricted.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Security group of an ENI
                                                                                                                                                                                
+
                                                                                                                                                                                Security group of ENI
                                                                                                                                                                                
 
                                                                                                                                                                                In a CCE Turbo cluster, an additional security group named {Cluster name}-cce-eni-{Random ID} is created. By default, containers in the cluster are bound to this security group. For details about the default ports, see Table 7.
                                                                                                                                                                                
 
 
                                                                                                                                                                                
-
-
@@ -645,7 +645,7 @@
 
-
@@ -695,9 +695,9 @@
 
-
-
-
@@ -718,42 +718,42 @@
 
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_faq_00266.html b/docs/cce/umn/cce_faq_00266.html
index edfc9860..126e6d35 100644
--- a/docs/cce/umn/cce_faq_00266.html
+++ b/docs/cce/umn/cce_faq_00266.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                A cluster is one or a group of cloud servers (also known as nodes) in the same VPC. It provides computing resource pools for running containers.
                                                                                                                                                                                As shown in Figure 1, a region may comprise of multiple VPCs. A VPC consists of one or more subnets. The subnets communicate with each other through a subnet gateway. A cluster is created in a subnet. There are three scenarios:
                                                                                                                                                                                • Different clusters are created in different VPCs.
                                                                                                                                                                                • Different clusters are created in the same subnet.
                                                                                                                                                                                • Different clusters are created in different subnets.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00275.html b/docs/cce/umn/cce_faq_00275.html
new file mode 100644
index 00000000..1d0970f1
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00275.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                Network Configuration
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_faq_00279.html b/docs/cce/umn/cce_faq_00279.html
index 3ff4a743..47d69e9c 100644
--- a/docs/cce/umn/cce_faq_00279.html
+++ b/docs/cce/umn/cce_faq_00279.html
@@ -10,7 +10,7 @@
 
 
diff --git a/docs/cce/umn/cce_faq_00284.html b/docs/cce/umn/cce_faq_00284.html
index f332780e..6f009c26 100644
--- a/docs/cce/umn/cce_faq_00284.html
+++ b/docs/cce/umn/cce_faq_00284.html
@@ -16,6 +16,8 @@
 
 
                                                                                                                                                                              • How Do I Evict All Pods on a Node?
                                                                                                                                                                                
 
                                                                                                                                                                                • 
+
                                                                                                                                                                              • Why Cannot a Pod Be Scheduled to a Node?
                                                                                                                                                                                
+
                                                                                                                                                                                • 
 
 
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00286.html b/docs/cce/umn/cce_faq_00286.html
index 14610797..74093f2c 100644
--- a/docs/cce/umn/cce_faq_00286.html
+++ b/docs/cce/umn/cce_faq_00286.html
@@ -3,8 +3,8 @@
 
                                                                                                                                                                                What Should I Do If a Node Fails to Be Accepted Because It Fails to Be Installed?
                                                                                                                                                                                
 
                                                                                                                                                                                Symptom
                                                                                                                                                                                A node fails to be accepted into a cluster.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Possible Cause
                                                                                                                                                                                Log in to the node and check the /var/paas/sys/log/baseagent/baseagent.log installation log. The following error information is displayed:
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                Possible Causes
                                                                                                                                                                                Log in to the node and check the /var/paas/sys/log/baseagent/baseagent.log installation log. The following error information is displayed:
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                Check the LVM settings of the node. It is found that the LVM logical volume is not created in /dev/vdb.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                Run the following command to manually create a logical volume:
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00292.html b/docs/cce/umn/cce_faq_00292.html
deleted file mode 100644
index db14cc36..00000000
--- a/docs/cce/umn/cce_faq_00292.html
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
-  
                                                                                                                                                                                Reference
                                                                                                                                                                                
-
-  
                                                                                                                                                                                
-
                                                                                                                                                                                
-
-
-
diff --git a/docs/cce/umn/cce_faq_00293.html b/docs/cce/umn/cce_faq_00293.html
index b398260e..7ba64cb3 100644
--- a/docs/cce/umn/cce_faq_00293.html
+++ b/docs/cce/umn/cce_faq_00293.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Parent topic: Others
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Scheduling Policies
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00296.html b/docs/cce/umn/cce_faq_00296.html
index eff0024b..d9a993d2 100644
--- a/docs/cce/umn/cce_faq_00296.html
+++ b/docs/cce/umn/cce_faq_00296.html
@@ -6,9 +6,9 @@
 
                                                                                                                                                                                Attached SCSI disk
 task jdb2/xxx blocked for more than 120 seconds.
                                                                                                                                                                                
 
                                                                                                                                                                                Example:
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Possible Cause
                                                                                                                                                                                After a PCI device is hot added to BUS 0, the Linux OS kernel will traverse all the PCI bridges mounted to BUS 0 for multiple times, and these PCI bridges cannot work properly during this period. During this period, if the PCI bridge used by the device is updated, due to a kernel defect, the device considers that the PCI bridge is abnormal, and the device enters a fault mode and cannot work normally. If the front end is writing data into the PCI configuration space for the back end to process disk I/Os, the write operation may be deleted. As a result, the back end cannot receive notifications to process new requests on the I/O ring. Finally, the front-end I/O suspension occurs.
                                                                                                                                                                                
+
                                                                                                                                                                                Possible Causes
                                                                                                                                                                                After a PCI device is hot added to BUS 0, the Linux OS kernel will traverse all the PCI bridges mounted to BUS 0 for multiple times, and these PCI bridges cannot work properly during this period. During this period, if the PCI bridge used by the device is updated, due to a kernel defect, the device considers that the PCI bridge is abnormal, and the device enters a fault mode and cannot work normally. If the front end is writing data into the PCI configuration space for the back end to process disk I/Os, the write operation may be deleted. As a result, the back end cannot receive notifications to process new requests on the I/O ring. Finally, the front-end I/O suspension occurs.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Impact
                                                                                                                                                                                CentOS Linux kernels of versions earlier than 3.10.0-1127.el7 are affected.
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00307.html b/docs/cce/umn/cce_faq_00307.html
index b4d178f8..174185cd 100644
--- a/docs/cce/umn/cce_faq_00307.html
+++ b/docs/cce/umn/cce_faq_00307.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                Problem Description
                                                                                                                                                                                When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:
                                                                                                                                                                                
 
                                                                                                                                                                                Files or directories fail to be created in the container, the file system in the container is read-only, the node is tainted disk-pressure, or the node is unavailable.
                                                                                                                                                                                
 
                                                                                                                                                                                You can run the docker info command on the node to view the used and remaining thin pool space to locate the fault. The following figure is an example.
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Possible Cause
                                                                                                                                                                                When Docker device mapper is used, although you can configure the basesize parameter to limit the size of the /home directory of a single container (to 10 GB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                                                                                                                
 
                                                                                                                                                                                In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GB, the thin pool space occupied by files keeps increasing until 10 GB when files are created in the container. The space released after file deletion will be reused only after a while. If the number of service containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                                                                                                                
@@ -12,19 +12,34 @@
 
                                                                                                                                                                                Solution
                                                                                                                                                                                When the thin pool space of a node is used up, some services can be migrated to other nodes to quickly recover services. But you are advised to use the following solutions to resolve the root cause:
                                                                                                                                                                                
 
                                                                                                                                                                                Solution 1:
                                                                                                                                                                                
 
                                                                                                                                                                                Properly plan the service distribution and data plane disk space to avoid the scenario where the number of service containers multiplied by basesize is greater than the thin pool size of the node. To expand the thin pool size, perform the following steps:
                                                                                                                                                                                
-
                                                                                                                                                                                1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                3. Log in to the target node.
                                                                                                                                                                                4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                  A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                    # lsblk
+
                                                                                                                                                                                    1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                      Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                      
+
                                                                                                                                                                                    2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                    3. Log in to the target node.
                                                                                                                                                                                    4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                      A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                   8:0    0   50G  0 disk 
 └─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
 └─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                        
-
                                                                                                                                                                                        Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                        
-
                                                                                                                                                                                        pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                        # lsblk
+
                                                                                                                                                                                      3. Expand the disk capacity.
                                                                                                                                                                                        Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                          
+
                                                                                                                                                                                        2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                          lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                          
+
                                                                                                                                                                                        3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                          resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
+
                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
+old_desc_blocks = 12, new_desc_blocks = 24
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                          
+
                                                                                                                                                                                        
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                        # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 vda                                   8:0    0   50G  0 disk 
 └─vda1                                8:1    0   50G  0 part /
@@ -37,13 +52,32 @@ vda                                   8:0    0   50G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                        
-
                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                          
-
                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                          pvresize /dev/vdb 
-lvextend -l+100%FREE -n vgpaas/dockersys
-resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
-
                                                                                                                                                                                        
-
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Expand the disk capacity.
                                                                                                                                                                                  Option 1: Add the new disk capacity to the thin pool disk.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where thinpool is located.
                                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/thinpool specifies the logical volume used by the container engine.
                                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
+Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                    pvresize /dev/vdb
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Physical volume "/dev/vdb" changed
+1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                    lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                    resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
+old_desc_blocks = 4, new_desc_blocks = 16
+The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                    
+
                                                                                                                                                                                  
+
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution 2:
                                                                                                                                                                                
 
                                                                                                                                                                                Create and delete files in service containers in the local storage (such as emptyDir and hostPath) or cloud storage directory mounted to the container. Such files do not occupy the thin pool space.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00314.html b/docs/cce/umn/cce_faq_00314.html
index 9ec7c1f5..3afa19fc 100644
--- a/docs/cce/umn/cce_faq_00314.html
+++ b/docs/cce/umn/cce_faq_00314.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                Why Are Pods Not Evenly Distributed to Nodes?
                                                                                                                                                                                
 
                                                                                                                                                                                The kube-scheduler component in Kubernetes is responsible pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                
-
                                                                                                                                                                                BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                
+
                                                                                                                                                                                BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00319.html b/docs/cce/umn/cce_faq_00319.html
index 93eb6bb2..b888e6e7 100644
--- a/docs/cce/umn/cce_faq_00319.html
+++ b/docs/cce/umn/cce_faq_00319.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                What Can I Do If a Layer Is Missing During Image Pull?
                                                                                                                                                                                
 
                                                                                                                                                                                Symptom
                                                                                                                                                                                When containerd is used as the container engine, there is a possibility that the image layer is missing when an image is pulled to a node. As a result, the workload container fails to be created.
                                                                                                                                                                                
-
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Possible Cause
                                                                                                                                                                                Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the layer is not pulled.
                                                                                                                                                                                
+
                                                                                                                                                                                Possible Causes
                                                                                                                                                                                Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the layer is not pulled.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Solution
                                                                                                                                                                                You can use either of the following methods to solve this problem:
                                                                                                                                                                                
 
                                                                                                                                                                                • Use Docker v1.11 or later to repackage the image.
                                                                                                                                                                                • Manually pull the image.
                                                                                                                                                                                  1. Log in to the node.
                                                                                                                                                                                  2. Run the following command to pull the image:
                                                                                                                                                                                    ctr -n k8s.io images pull --user u:p images
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00322.html b/docs/cce/umn/cce_faq_00322.html
index 6f928e06..fdbe3d1d 100644
--- a/docs/cce/umn/cce_faq_00322.html
+++ b/docs/cce/umn/cce_faq_00322.html
@@ -1,25 +1,25 @@
 
 
-
                                                                                                                                                                                    Why Does Add-on Installation Fail and Prompt "The release name is already exist"?
                                                                                                                                                                                    
+
                                                                                                                                                                                    What Should I Do If Installation of an Add-on Fails and "The release name is already exist" Is Displayed?
                                                                                                                                                                                    
 
                                                                                                                                                                                    Symptom
                                                                                                                                                                                    When an add-on fails to be installed, the error message "The release name is already exist" is returned.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    Possible Cause
                                                                                                                                                                                    The add-on release record remains in the Kubernetes cluster. Generally, it is because the cluster etcd has backed up and restored the add-on, or the add-on fails to be installed or deleted.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Possible Causes
                                                                                                                                                                                    The add-on release record remains in the Kubernetes cluster. Generally, it is because the cluster etcd has backed up and restored the add-on, or the add-on fails to be installed or deleted.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    Solution
                                                                                                                                                                                    Use kubectl to connect to the cluster and manually clear the Secret and Configmap corresponding to add-on release. The following uses autoscaler add-on release as an example.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    1. Connect to the cluster using kubectl, and run the following command to view the Secret list of add-on releases:
                                                                                                                                                                                      kubectl get secret -A |grep cceaddon
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                      The Secret name of an add-on release is in the format of sh.helm.release.v1.cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their Secrets at the same time.
                                                                                                                                                                                      
 
                                                                                                                                                                                    2. Run the release secret command to delete the Secrets.
                                                                                                                                                                                      Example:
                                                                                                                                                                                      
 
                                                                                                                                                                                      kubectl delete secret sh.helm.release.v1.cceaddon-autoscaler.v1 sh.helm.release.v1.cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                    3. If the add-on is created when Helm v2 is used, CCE automatically bumps the v2 release in Configmaps to v3 release in Secrets when viewing the add-ons and their details. The v2 release in the original Configmap is not deleted. Run the following command to view the ConfigMap list of add-on releases:
                                                                                                                                                                                      kubectl get configmap -A | grep cceaddon
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                      The ConfigMap name of an add-on release is in the format of cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their ConfigMaps at the same time.
                                                                                                                                                                                      
 
                                                                                                                                                                                    4. Run the release configmap command to delete the ConfigMaps.
                                                                                                                                                                                      Example:
                                                                                                                                                                                      
 
                                                                                                                                                                                      kubectl delete configmap cceaddon-autoscaler.v1 cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                       
                                                                                                                                                                                      Deleting resources in kube-system is a high-risk operation. Ensure that the command is correct before running it to prevent resources from being deleted by mistake.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                    5. On the CCE console, install add-on and then uninstall it. Ensure that the residual add-on resources are cleared. After the uninstall is complete, install the add-on again.
                                                                                                                                                                                       
                                                                                                                                                                                      When installing the add-on for the first time, you may find it abnormal after the installation due to the residual resources of the previous add-on release, which is normal. In this case, you can uninstall the add-on on the console to ensure that the residual resources are cleared and the add-on can run properly after being installed again.
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00325.html b/docs/cce/umn/cce_faq_00325.html
index 27f4a00b..99f73b6d 100644
--- a/docs/cce/umn/cce_faq_00325.html
+++ b/docs/cce/umn/cce_faq_00325.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                      What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
                                                                                                                                                                                      
 
                                                                                                                                                                                      Symptom
                                                                                                                                                                                      The namespace remains in the Deleting state. The error message "DiscoveryFailed" is displayed in status in the YAML file.
                                                                                                                                                                                      
-
                                                                                                                                                                                      
+
                                                                                                                                                                                      
 
                                                                                                                                                                                      In the preceding figure, the full error message is "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request".
                                                                                                                                                                                      
 
                                                                                                                                                                                      This indicates that the namespace deletion is blocked when kube-apiserver accesses the APIService resource object of the metrics.k8s.io/v1beta1 API.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00326.html b/docs/cce/umn/cce_faq_00326.html
index b3538b7b..cc20b108 100644
--- a/docs/cce/umn/cce_faq_00326.html
+++ b/docs/cce/umn/cce_faq_00326.html
@@ -14,7 +14,7 @@ kube-system   everest-csi-controller-56796f47cc-99dtm   1/1     Running   0
 kube-system   everest-csi-driver-dpfzl                  2/2     Running   2          12d     192.168.0.160   192.168.0.160   <none>           <none>
 kube-system   icagent-tpfpv                             1/1     Running   1          12d     192.168.0.160   192.168.0.160   <none>           <none>
 
                                                                                                                                                                                    6. Evict all pods on the node.
                                                                                                                                                                                      kubectl drain 192.168.0.160
                                                                                                                                                                                      
-
                                                                                                                                                                                      If a pod mounted with local storage or controlled by a DaemonSet set exists on the node, the message "error: unable to drain node "192.168.0.160", aborting command... " will be displayed. The eviction command does not take effect. You can add the following parameters to the end of the preceding command to forcibly evict the pod:
                                                                                                                                                                                      
+
                                                                                                                                                                                      If a pod mounted with local storage or controlled by a DaemonSet exists on the node, the message "eerror: unable to drain node "192.168.0.160" due to error: cannot delete DaemonSet-managed Pods..." will be displayed. The eviction command does not take effect. You can add the following parameters to the end of the preceding command to forcibly evict the pod:
                                                                                                                                                                                      
 
                                                                                                                                                                                      • --delete-emptydir-data: forcibly evicts pods mounted with local storage, for example, coredns.
                                                                                                                                                                                      • --ignore-daemonsets: forcibly evicts the DaemonSet pods, for example, everest-csi-driver.
                                                                                                                                                                                      
 
                                                                                                                                                                                      In the example, both types of pods exist on the node. Therefore, the eviction command is as follows:
                                                                                                                                                                                      
 
                                                                                                                                                                                      kubectl drain 192.168.0.160 --delete-emptydir-data --ignore-daemonsets
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00392.html b/docs/cce/umn/cce_faq_00392.html
new file mode 100644
index 00000000..8d2b45e5
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00392.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                                                      How Do I Change the Security Group of Nodes in a Cluster in Batches?
                                                                                                                                                                                      
+
                                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                                      Do not add more than 1000 instances to the same security group. Otherwise, the security group performance may deteriorate. 
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Procedure
                                                                                                                                                                                      1. Log in to the VPC console and select the desired region and project in the upper left corner.
                                                                                                                                                                                      2. In the navigation pane on the left, choose Access Control > Security Groups.
                                                                                                                                                                                      3. On the Security Groups page, click Manage Instance in the Operation column.
                                                                                                                                                                                      4. On the Servers tab page, click Add.
                                                                                                                                                                                        
+
                                                                                                                                                                                      5. Select the servers to be added to the security group and click OK. You can also search for servers by name, ID, private IP address, status, enterprise project, or tag.
                                                                                                                                                                                        You can change the maximum number of servers displayed on a page in the lower left corner to add a maximum of 20 servers to a security group at a time.
                                                                                                                                                                                         
                                                                                                                                                                                        After the node is added to a new security group, the original security group is retained. To remove the instance, click Manage Instance of the original security group and select the node servers to be removed.
                                                                                                                                                                                        
+
                                                                                                                                                                                        
+
                                                                                                                                                                                        
+
                                                                                                                                                                                        
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Parent topic: Security Hardening
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_faq_00394.html b/docs/cce/umn/cce_faq_00394.html
index 5425eea1..1181c3b2 100644
--- a/docs/cce/umn/cce_faq_00394.html
+++ b/docs/cce/umn/cce_faq_00394.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                      What Can I Do If a Cluster Deletion Fails Due to Residual Resources in the Security Group?
                                                                                                                                                                                      
 
                                                                                                                                                                                      When deleting a cluster, CCE obtains the cluster's resources through kube-apiserver of the cluster. If the cluster is unavailable, frozen, or hibernated, the resources may fail to be obtained, and the cluster may not be deleted.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Symptom
                                                                                                                                                                                      The cluster cannot be deleted, and the following error information is displayed:
                                                                                                                                                                                      
-
                                                                                                                                                                                      Expected HTTP response code [200 202 204 404] when accessing [DELETE https://vpc.xxx.com/v2.0/security-groups/46311976-7743-4c7c-8249-ccd293bcae91], but got 409 instead {"code":"VPC.0602","message":"{\"NeutronError\":{\"message\": \"Security Group 46311976-7743-4c7c-8249-ccd293bcae91 in use.\",\"type\":\"SecurityGroupInUse\",\"detail\":\"\"}}"}
                                                                                                                                                                                      
+
                                                                                                                                                                                      Expected HTTP response code [200 202 204 404] when accessing [DELETE https://vpc.***.com/v2.0/security-groups/46311976-7743-4c7c-8249-ccd293bcae91], but got 409 instead {"code":"VPC.0602","message":"{\"NeutronError\":{\"message\": \"Security Group 46311976-7743-4c7c-8249-ccd293bcae91 in use.\",\"type\":\"SecurityGroupInUse\",\"detail\":\"\"}}"}
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                      The cluster's security group has undeleted resources, preventing its deletion and causing the creation of the cluster to fail.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00406.html b/docs/cce/umn/cce_faq_00406.html
index 437c31f3..091e26b2 100644
--- a/docs/cce/umn/cce_faq_00406.html
+++ b/docs/cce/umn/cce_faq_00406.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                      How Do I Set an IPv6 Service CIDR Block?
                                                                                                                                                                                      
+
                                                                                                                                                                                      How Do I Configure the IPv6 Service CIDR Block When Creating a CCE Turbo Cluster?
                                                                                                                                                                                      
 
                                                                                                                                                                                      Context
                                                                                                                                                                                      To create an IPv4/IPv6 dual-stack CCE Turbo cluster, you need to set an IPv6 Service CIDR block. The default CIDR block is fc00::/112, which contains 65536 IPv6 addresses. If you need to customize a Service CIDR block, you can refer to this section.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      IPv6
                                                                                                                                                                                      IPv6 address
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00409.html b/docs/cce/umn/cce_faq_00409.html
index 7c3dc35c..70a979bd 100644
--- a/docs/cce/umn/cce_faq_00409.html
+++ b/docs/cce/umn/cce_faq_00409.html
@@ -34,7 +34,7 @@
 
                                                                                                                                                                                       NOTE: 
                                                                                                                                                                                      This issue has been resolved in Linux kernel 5.9. Since Kubernetes 1.22, kube-proxy does not modify the net.ipv4.vs.conn_reuse_mode parameter of nodes that use the kernel 5.9 or later. For details, see Don't set sysctl net.ipv4.vs.conn_reuse_mode for kernels >=5.9.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
-
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00417.html b/docs/cce/umn/cce_faq_00417.html
index 4f3634f2..9a3f2d8c 100644
--- a/docs/cce/umn/cce_faq_00417.html
+++ b/docs/cce/umn/cce_faq_00417.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                How Do I Configure an Access Policy for a Cluster?
                                                                                                                                                                                After the public API Server address is bound to the cluster, modify the security group rules of port 5443 on the master node to harden the access control policy of the cluster.
                                                                                                                                                                                
-
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                3. Select Description as the filter criterion and paste the cluster ID to search for the target security groups.
                                                                                                                                                                                4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                  2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                  3. Select Description as the filter criterion and paste the cluster ID to search for the target security groups.
                                                                                                                                                                                  4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                  5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                    
 
                                                                                                                                                                                  6. Change the source IP address that can be accessed as required. For example, if the IP address used by the client to access the API Server is 100.*.*.*, you can add an inbound rule for port 5443 and set the source IP address to 100.*.*.*.
                                                                                                                                                                                     
                                                                                                                                                                                    In addition to the client IP address, the port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh to ensure that the API Server can be accessed from within the cluster.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_faq_00429.html b/docs/cce/umn/cce_faq_00429.html
index 4cf69f34..9b7b8855 100644
--- a/docs/cce/umn/cce_faq_00429.html
+++ b/docs/cce/umn/cce_faq_00429.html
@@ -280,8 +280,8 @@
 
                                                                                                                                                                                Configuring Resource Quotas for volcano
                                                                                                                                                                                After the cluster scale is increased, the resource quotas required by volcano need to be modified based on the cluster scale.
                                                                                                                                                                                
-
                                                                                                                                                                                • If the number of nodes is less than 100, retain the default configuration. The requested CPU is 500 m, and the limit is 2000 m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                                                                                                                                                                • If the number of nodes is greater than 100, increase the requested CPU by 500 m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the CPU limit by 1500 m and the memory limit by 1000 MiB.
                                                                                                                                                                                   
                                                                                                                                                                                  Formulas for calculating the requests:
                                                                                                                                                                                  
-
                                                                                                                                                                                  • CPU request: Calculate the number of nodes multiplied by the number of pods, perform interpolation search using the product of the number of nodes in the cluster multiplied by the number of pods in Table 4, and round up the request and limit that are closest to the specifications.
                                                                                                                                                                                    For example, for 2000 nodes (20,000 pods), the product of the number of nodes multiplied by the number of pods is 40 million, which is close to 700/70,000 in the specification (Number of nodes x Number of pods = 49 million). Set the CPU request to 4000 m and the limit to 5500 m.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • If the number of nodes is less than 100, retain the default configuration. The requested CPU is 500m, and the limit is 2000m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                                                                                                                                                                    • If the number of nodes is greater than 100, increase the requested CPU by 500m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the CPU limit by 1500m and the memory limit by 1000 MiB.
                                                                                                                                                                                       
                                                                                                                                                                                      Formulas for calculating the requests:
                                                                                                                                                                                      
+
                                                                                                                                                                                      • CPU request: Calculate the number of nodes multiplied by the number of pods, perform interpolation search using the product of the number of nodes in the cluster multiplied by the number of pods in Table 4, and round up the request and limit that are closest to the specifications.
                                                                                                                                                                                        For example, for 2000 nodes (20,000 pods), the product of the number of nodes multiplied by the number of pods is 40 million, which is close to 700/70,000 in the specification (Number of nodes x Number of pods = 49 million). Set the CPU request to 4000m and the limit to 5500m.
                                                                                                                                                                                        
 
                                                                                                                                                                                      • Memory request: Allocate 2.4 GiB of memory to every 1000 nodes and 1 GiB of memory to every 10,000 pods. The memory request is the sum of the two values. (The obtained value may be different from the recommended value in Table 4. You can use either of them.)
                                                                                                                                                                                        Memory request = Number of nodes/1000 x 2.4 GiB + Number of pods/10000 x 1 GiB
                                                                                                                                                                                        
 
                                                                                                                                                                                        For example, for 2000 nodes and 20,000 pods, the memory request value is 6.8 GiB (2000/1000 x 2.4 GiB + 20000/10000 x 1 GiB).
                                                                                                                                                                                        
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00432.html b/docs/cce/umn/cce_faq_00432.html
index 1002b8d4..c632c517 100644
--- a/docs/cce/umn/cce_faq_00432.html
+++ b/docs/cce/umn/cce_faq_00432.html
@@ -19,6 +19,14 @@
 
                                                                                                                                                                                
+
+
+
+
                                                                                                                                                                                Table 7 Default ports of the ENI security group
                                                                                                                                                                                Direction
                                                                                                                                                                                
@@ -634,9 +634,9 @@
 
 
                                                                                                                                                                                All
                                                                                                                                                                                
 
                                                                                                                                                                                IP addresses of this security group
                                                                                                                                                                                
+
                                                                                                                                                                                ENI security group
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow containers in a cluster to access each other.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow traffic from all IP addresses of the VPC CIDR block.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow instances in the cluster VPC to access containers.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 5443
                                                                                                                                                                                
 
                                                                                                                                                                                CIDR block of the master node
                                                                                                                                                                                
+
                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                
 
                                                                                                                                                                                Allow kube-apiserver of the master node to listen to the worker nodes.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 5444
                                                                                                                                                                                
@@ -709,7 +709,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 6443
                                                                                                                                                                                
 
                                                                                                                                                                                CIDR block of the master node
                                                                                                                                                                                
+
                                                                                                                                                                                CIDR block of master nodes
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                None
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the storage add-on of worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 9443
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                VPC CIDR block
                                                                                                                                                                                
 
                                                                                                                                                                                Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow the network add-on of the worker nodes to access master nodes.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                All ports
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                198.19.128.0/17
                                                                                                                                                                                
 
                                                                                                                                                                                Allow a worker node to access the VPC Endpoint (VPCEP) service.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow worker nodes to access the VPC Endpoint (VPCEP) service.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                UDP port123
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                100.126.0.0/16
                                                                                                                                                                                
 
                                                                                                                                                                                Allow a worker node to access the internal NTP server.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow worker nodes to access the internal NTP server.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 443
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                100.126.0.0/16
                                                                                                                                                                                
 
                                                                                                                                                                                Allow a worker node to access OBS over internal networks to pull the installation package.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow worker nodes to access OBS over internal networks to pull the installation package.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                TCP port 6443
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                100.126.0.0/16
                                                                                                                                                                                
 
                                                                                                                                                                                Allow a worker node to report that the worker node is installed.
                                                                                                                                                                                
+
                                                                                                                                                                                Allow worker nodes to report that the worker nodes are installed.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
 
 
 
                                                                                                                                                                                If the IPVS service forwarding mode is used in CCE clusters of 1.19.16-r0 or later, the value of net.ipv4.vs.conn_reuse_mode varies with the kernel versions of node OSs.
                                                                                                                                                                                • For a node running EulerOS 2.5, if the kernel version is earlier than 4.1, kube-proxy will keep net.ipv4.vs.conn_reuse_mode at 1. This results in Problem 2, which is, there is a 1-second latency in the high-concurrency scenarios.
                                                                                                                                                                                • For a node running EulerOS 2.9, if the kernel version is too early, kube-proxy will set net.ipv4.vs.conn_reuse_mode to 0. This results in Problem 1. To resolve this problem, upgrade the kernel version. For details, see Rectification Plan.
                                                                                                                                                                                • For a node running HCE OS 2.0 or Ubuntu 22.04, the kernel version is later than 5.9. The problem has been resolved.
                                                                                                                                                                                
+
                                                                                                                                                                                If the IPVS service forwarding mode is used in CCE clusters of 1.19.16-r0 or later, the value of net.ipv4.vs.conn_reuse_mode varies with the kernel versions of node OSs.
                                                                                                                                                                                • For a node running EulerOS 2.5, if the kernel version is earlier than 4.1, kube-proxy will keep net.ipv4.vs.conn_reuse_mode at 1. This results in Problem 2, which is, there is a 1-second latency in the high-concurrency scenarios.
                                                                                                                                                                                • For a node running EulerOS 2.9, if the kernel version is too early, kube-proxy will set net.ipv4.vs.conn_reuse_mode to 0. This results in Problem 1. To resolve this problem, upgrade the kernel version. For details, see Rectification Plan.
                                                                                                                                                                                • For a node running HCE OS 2.0 or Ubuntu 22.04, if the kernel version is later than 5.9, the problem has been resolved.
                                                                                                                                                                                
 
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
 
 
                                                                                                                                                                                Failed to Obtain the Key Pair Used for Logging In to a Node Pool
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                {"error":{"message":"encrypted key id [***] is invalid.","code":"Ecs.0912"}}
                                                                                                                                                                                
+
                                                                                                                                                                                The possible causes are as follows:
                                                                                                                                                                                
+
                                                                                                                                                                                • The KMS key ID entered during node pool creation does not exist.
                                                                                                                                                                                • The KMS key ID entered during node pool creation is the key of another user, but the user has not authorized you.
                                                                                                                                                                                
+
                                                                                                                                                                                Invalid KMS Key ID
                                                                                                                                                                                
+
                                                                                                                                                                                
 
 
                                                                                                                                                                                
 
                                                                                                                                                                                
@@ -30,6 +38,13 @@
 
                                                                                                                                                                                Solution:
                                                                                                                                                                                
 
                                                                                                                                                                                • If the scale-out fails due to the first cause, you can create a key pair and then create a node pool which can be logged in to using this key pair.
                                                                                                                                                                                • If the scale-out fails due to the second cause, only the user who created the private key pair can scale out the node pool. You can use another key pair when creating a new node pool.
                                                                                                                                                                                
 
+
                                                                                                                                                                                Invalid KMS Key ID
                                                                                                                                                                                When a node pool fails to be expanded, the reported event contains Ecs.0912.
                                                                                                                                                                                
+
                                                                                                                                                                                {"error":{"message":"encrypted key id [***] is invalid.","code":"Ecs.0912"}}
                                                                                                                                                                                
+
                                                                                                                                                                                The possible causes are as follows:
                                                                                                                                                                                
+
                                                                                                                                                                                • The KMS key ID entered during node pool creation does not exist.
                                                                                                                                                                                • The KMS key ID entered during node pool creation is the key of another user, but the user has not authorized you.
                                                                                                                                                                                
+
                                                                                                                                                                                Solution:
                                                                                                                                                                                
+
                                                                                                                                                                                • If the scale-out fails due to the first cause, ensure that the entered key ID exists.
                                                                                                                                                                                • If the scale-out fails due to second cause, use the ID of the shared key that has been authorized to you.
                                                                                                                                                                                
+
                                                                                                                                                                                
 
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00440.html b/docs/cce/umn/cce_faq_00440.html
new file mode 100644
index 00000000..ec4d99fd
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00440.html
@@ -0,0 +1,60 @@
+
+
+
                                                                                                                                                                                What Should I Do If a Node Pool Is Abnormal?
                                                                                                                                                                                
+
                                                                                                                                                                                Fault Locating
                                                                                                                                                                                Locate the fault based on the status of the abnormal node pool, as shown in Table 1.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 1 Node pool exceptions
                                                                                                                                                                                Abnormal Node Pool Status
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Solution
                                                                                                                                                                                
+
                                                                                                                                                                                Error
                                                                                                                                                                                
+
                                                                                                                                                                                The node pool cannot be deleted.
                                                                                                                                                                                
+
                                                                                                                                                                                Delete the node pool again. If the node pool still cannot be deleted, submit a service ticket and delete the node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                QuotaInsufficient
                                                                                                                                                                                
+
                                                                                                                                                                                The node pool cannot be scaled out due to insufficient quota.
                                                                                                                                                                                
+
                                                                                                                                                                                Submit a service ticket and increase the quota.
                                                                                                                                                                                
+
                                                                                                                                                                                SoldOut
                                                                                                                                                                                
+
                                                                                                                                                                                The underlying resources are insufficient.
                                                                                                                                                                                
+
                                                                                                                                                                                Update the node pool configuration and select other available resources.
                                                                                                                                                                                
+
                                                                                                                                                                                ConfigurationInvalid
                                                                                                                                                                                
+
                                                                                                                                                                                The ECS group does not exist (ServerGroupNotExists).
                                                                                                                                                                                
+
                                                                                                                                                                                The ECS group to which the node pool belongs is not present. This may be because you manually deleted the ECS group.
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, and click the name of the target node pool. Click the Overview tab, click Expand, and check the ECS group to which the node pool belongs.
                                                                                                                                                                                2. Log in to the ECS console. In the navigation pane, choose Elastic Cloud Server > ECS Group and see if the target ECS group is present.
                                                                                                                                                                                3. If the ECS group is not present, log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, locate the row containing the target node pool, and click Update. In the Advanced Settings area, unbind or change the ECS group.
                                                                                                                                                                                
+
                                                                                                                                                                                InstanceAboveServerGroup
                                                                                                                                                                                
+
                                                                                                                                                                                The number of ECSs in the ECS group exceeds the upper limit.
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, and click the name of the target node pool. Click the Overview tab, click Expand, and check the ECS group to which the node pool belongs.
                                                                                                                                                                                2. Log in to the ECS console, choose Elastic Cloud Server > ECS Group in the navigation pane, and check the quota of the target ECS group.
                                                                                                                                                                                3. If the quota is insufficient, log in to the CCE console. In the navigation pane, choose Nodes, click the Node Pools tab, locate the row containing the target node pool, and click Update. In the Advanced Settings area, unbind or change the ECS group.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Node Pool
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00443.html b/docs/cce/umn/cce_faq_00443.html
new file mode 100644
index 00000000..65e77960
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00443.html
@@ -0,0 +1,64 @@
+
+
+
                                                                                                                                                                                How Do I Modify ECS Configurations When an ECS Cannot Be Managed by a Node Pool?
                                                                                                                                                                                
+
                                                                                                                                                                                If an ECS cannot be managed by a node pool due to the reasons listed in this section, you can modify the configuration to manage the ECS.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Cause
                                                                                                                                                                                
+
                                                                                                                                                                                Solution
                                                                                                                                                                                
+
                                                                                                                                                                                Reference
                                                                                                                                                                                
+
                                                                                                                                                                                Inconsistent flavors
                                                                                                                                                                                
+
                                                                                                                                                                                Change the ECS flavor to that contained in the node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                Modifying the Flavor of an ECS
                                                                                                                                                                                
+
                                                                                                                                                                                Different data disk configuration
                                                                                                                                                                                
+
                                                                                                                                                                                Change the data disk configuration of the ECS to be the same as that of the node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                Changing Data Disk Configuration of an ECS
                                                                                                                                                                                
+
                                                                                                                                                                                Different ECS groups
                                                                                                                                                                                
+
                                                                                                                                                                                Change the ECS group of the ECS to be the same as that of the node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                Change the ECS Group of an ECS
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Modifying the Flavor of an ECS
                                                                                                                                                                                 
                                                                                                                                                                                The flavor of the ECS to be managed must be changed to that contained in the target node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                2. Click the name of the target ECS. On the page displayed, click Stop in the upper right corner. After the ECS is stopped, choose More > Modify Specifications in the Operation column.
                                                                                                                                                                                3. On the Modify ECS Specifications page, select the needed flavor and submit the application.
                                                                                                                                                                                4. Go back to the ECS list page and start the ECS.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Changing Data Disk Configuration of an ECS
                                                                                                                                                                                 
                                                                                                                                                                                The number, space, and type of data disks of the ECS to be managed must be the same as those of data disks in the node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Data Disk Number
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                2. Click the name of the target ECS to access the ECS details page.
                                                                                                                                                                                3. Click the Disks tab.
                                                                                                                                                                                  • If there are fewer data disks on the node to be managed than the number of data disks configured for the target node pool, you need to add more disks.
                                                                                                                                                                                    
+
                                                                                                                                                                                  • If there are more data disks on the node to be managed than the number of data disks configured for the target node pool, you need to remove some disks.
                                                                                                                                                                                    Click Detach on the right of the EVS disk to be removed.
                                                                                                                                                                                    
+
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                Data Disk Space
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                2. Click the name of the target ECS to access the ECS details page.
                                                                                                                                                                                3. Click the Disks tab and click Expand Capacity on the right of the EVS disk to be expanded.
                                                                                                                                                                                4. Configure New Capacity following instructions.
                                                                                                                                                                                5. Click Next and submit the order following instructions.
                                                                                                                                                                                
+
                                                                                                                                                                                Data Disk Type
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                2. Click the name of the target ECS to access the ECS details page.
                                                                                                                                                                                3. Click the Disks tab and click Modify Specifications on the right of the right of the EVS disk to be expanded.
                                                                                                                                                                                4. Configure Disk Type following instructions.
                                                                                                                                                                                5. Click Submit.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Change the ECS Group of an ECS
                                                                                                                                                                                 
                                                                                                                                                                                The ECS group of the ECS to be managed must be the same as that of the target node pool.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                2. In the navigation pane, choose Elastic Cloud Server > ECS Group.
                                                                                                                                                                                3. Locate the row containing the target ECS group and click Add ECS in the Operation column.
                                                                                                                                                                                4. In the dialog box displayed, select the ECS to be added.
                                                                                                                                                                                5. Click OK to add the ECS to the ECS group.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Node Pool
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_productdesc_0000.html b/docs/cce/umn/cce_productdesc_0000.html
index 45a02ac2..660c0342 100644
--- a/docs/cce/umn/cce_productdesc_0000.html
+++ b/docs/cce/umn/cce_productdesc_0000.html
@@ -14,7 +14,7 @@
 
 
                                                                                                                                                                              • Application Scenarios
                                                                                                                                                                                
 
                                                                                                                                                                                • 
-
                                                                                                                                                                              • Constraints
                                                                                                                                                                                
+
                                                                                                                                                                              • Notes and Constraints
                                                                                                                                                                                
 
                                                                                                                                                                                • 
 
                                                                                                                                                                              • Permissions
                                                                                                                                                                                
 
                                                                                                                                                                                • 
diff --git a/docs/cce/umn/cce_productdesc_0001.html b/docs/cce/umn/cce_productdesc_0001.html
index e0f5d36b..009ee11d 100644
--- a/docs/cce/umn/cce_productdesc_0001.html
+++ b/docs/cce/umn/cce_productdesc_0001.html
@@ -4,44 +4,44 @@
 
                                                                                                                                                                                Why CCE?
                                                                                                                                                                                CCE is a one-stop platform integrating compute (ECS), networking (VPC, EIP, and ELB), storage (EVS, OBS, and SFS), and many other services. Multi-AZ, multi-region disaster recovery ensures high availability of Kubernetes clusters.
                                                                                                                                                                                
 
                                                                                                                                                                                For more information, see Product Advantages and Application Scenarios.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                CCE Cluster Types
                                                                                                                                                                                CCE provides CCE standard clusters and CCE Turbo clusters.
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Cluster Types
                                                                                                                                                                                There are multiple CCE products.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Category
                                                                                                                                                                                
+
                                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -63,14 +63,14 @@
 
-
-
-
diff --git a/docs/cce/umn/cce_productdesc_0002.html b/docs/cce/umn/cce_productdesc_0002.html
index 405c6f09..15ac2d47 100644
--- a/docs/cce/umn/cce_productdesc_0002.html
+++ b/docs/cce/umn/cce_productdesc_0002.html
@@ -33,7 +33,7 @@
 
@@ -414,7 +414,7 @@
 
                                                                                                                                                                                • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                                                                                                                                                                • RoleBinding: defines the relationship between users and roles.
                                                                                                                                                                                • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                                                                                                                                                                • ClusterRoleBinding: defines the relationship between users and cluster roles.
                                                                                                                                                                                Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. See the following figure.
                                                                                                                                                                                Figure 1 Role binding
                                                                                                                                                                                
-
                                                                                                                                                                                On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                                                                                                • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                                                                                                • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                                                                                                • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                                                                                                • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                                                                                • drainage-editor: drain a node.
                                                                                                                                                                                • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                                                                                
+
                                                                                                                                                                                On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                                                                                                • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                                                                                                • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                                                                                                • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                                                                                                • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                                                                                • drainage-editor: drain a node.
                                                                                                                                                                                • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant the permissions to add, delete, modify, and obtain global resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) in namespaces for refined permission control.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0003.html b/docs/cce/umn/cce_productdesc_0003.html
index 6dda3920..e9f0514e 100644
--- a/docs/cce/umn/cce_productdesc_0003.html
+++ b/docs/cce/umn/cce_productdesc_0003.html
@@ -1,13 +1,13 @@
 
                                                                                                                                                                                Product Advantages
                                                                                                                                                                                
-
                                                                                                                                                                                Why CCE?
                                                                                                                                                                                CCE is a container service built on Docker and Kubernetes. A wealth of features enables you to run container clusters at scale. CCE eases containerization thanks to its reliability, performance, and open source engagement.
                                                                                                                                                                                
+
                                                                                                                                                                                Why CCE?
                                                                                                                                                                                CCE is a container service built on Docker and Kubernetes. A wealth of features enable you to run container clusters at scale. CCE eases containerization thanks to its reliability, performance, and open source engagement.
                                                                                                                                                                                
 
                                                                                                                                                                                Easy to Use
                                                                                                                                                                                
 
                                                                                                                                                                                • Creating a Kubernetes cluster is as easy as a few clicks on the web console. You can deploy and manage VMs and BMSs together.
                                                                                                                                                                                • CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                • You can resize clusters and workloads by setting auto scaling policies. In-the-moment load spikes are no longer headaches.
                                                                                                                                                                                • The console walks you through the steps to upgrade Kubernetes clusters.
                                                                                                                                                                                • CCE supports turnkey Helm charts.
                                                                                                                                                                                
 
                                                                                                                                                                                High Performance
                                                                                                                                                                                
 
                                                                                                                                                                                • CCE draws on years of field experience in compute, networking, storage, and heterogeneous infrastructure and provides you high-performance cluster services. You can concurrently launch containers at scale.
                                                                                                                                                                                • AI computing is 3x to 5x better with NUMA BMSs and high-speed InfiniBand network cards.
                                                                                                                                                                                
 
                                                                                                                                                                                Highly Available and Secure
                                                                                                                                                                                
-
                                                                                                                                                                                • HA: Three master nodes in different AZs for your cluster control plane. Multi-active DR for your nodes and workloads. All these ensure service continuity when one of the nodes is down or an AZ gets hit by natural disasters.
                                                                                                                                                                                  Figure 1 High-availability setup of clusters
                                                                                                                                                                                  
+
                                                                                                                                                                                  • HA: Three master nodes in different AZs for your cluster control plane. Multi-active DR for your nodes and workloads. All these ensure service continuity when one of the nodes is down or an AZ gets hit by natural disasters.
                                                                                                                                                                                    Figure 1 High-availability setup of clusters
                                                                                                                                                                                    
 
                                                                                                                                                                                  • Secure: Integrating IAM and Kubernetes RBAC, CCE clusters are under your full control. You can set different RBAC permissions for IAM users on the console.
                                                                                                                                                                                  
 
                                                                                                                                                                                  Open and Compatible
                                                                                                                                                                                  
 
                                                                                                                                                                                  • CCE runs on Docker that automates container deployment, discovery, scheduling, and scaling.
                                                                                                                                                                                  • CCE is compatible with native Kubernetes APIs and kubectl. Updates from Kubernetes and Docker communities are regularly incorporated into CCE.
                                                                                                                                                                                  
@@ -25,8 +25,8 @@
 
 
                                                                                                                                                                                
-
@@ -35,8 +35,8 @@
 
-
                                                                                                                                                                                Category
                                                                                                                                                                                
 
                                                                                                                                                                                Subcategory
                                                                                                                                                                                
+
                                                                                                                                                                                Subcategory
                                                                                                                                                                                
 
                                                                                                                                                                                CCE Standard
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Standard
                                                                                                                                                                                
 
                                                                                                                                                                                CCE Turbo
                                                                                                                                                                                
+
                                                                                                                                                                                CCE Turbo
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                Positioning
                                                                                                                                                                                
+
                                                                                                                                                                                Positioning
                                                                                                                                                                                
 
                                                                                                                                                                                -
                                                                                                                                                                                
+
                                                                                                                                                                                -
                                                                                                                                                                                
 
                                                                                                                                                                                Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                                                                                                                
+
                                                                                                                                                                                Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                                                                                                                
 
                                                                                                                                                                                Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                                
+
                                                                                                                                                                                Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Application scenario
                                                                                                                                                                                
+
                                                                                                                                                                                Application scenario
                                                                                                                                                                                
 
                                                                                                                                                                                -
                                                                                                                                                                                
+
                                                                                                                                                                                -
                                                                                                                                                                                
 
                                                                                                                                                                                For users who expect to use container clusters to manage applications, obtain elastic computing resources, and enable simplified management on computing, network, and storage resources
                                                                                                                                                                                
+
                                                                                                                                                                                For users who expect to use container clusters to manage applications, obtain elastic computing resources, and enable simplified management on computing, network, and storage resources
                                                                                                                                                                                
 
                                                                                                                                                                                For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                                                                
+
                                                                                                                                                                                For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Specification difference
                                                                                                                                                                                
+
                                                                                                                                                                                Specification difference
                                                                                                                                                                                
 
                                                                                                                                                                                Network model
                                                                                                                                                                                
+
                                                                                                                                                                                Network model
                                                                                                                                                                                
 
                                                                                                                                                                                Cloud-native network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud-native network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                                
 
                                                                                                                                                                                • Tunnel network
                                                                                                                                                                                • Virtual Private Cloud (VPC) network
                                                                                                                                                                                
 
                                                                                                                                                                                Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                                
 
                                                                                                                                                                                Max networking scale: 2,000 nodes
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                Runs common containers, isolated by cgroups.
                                                                                                                                                                                
 
                                                                                                                                                                                • Physical machine: runs Kata containers, allowing VM-level isolation.
                                                                                                                                                                                • Runs common containers, isolated by cgroups.
                                                                                                                                                                                
+
                                                                                                                                                                                • Physical machine: runs secure containers, allowing VM-level isolation.
                                                                                                                                                                                • Runs common containers, isolated by cgroups.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                Edge infrastructure management
                                                                                                                                                                                
 
                                                                                                                                                                                None
                                                                                                                                                                                
+
                                                                                                                                                                                Not supported
                                                                                                                                                                                
 
                                                                                                                                                                                Supports management of Intelligent EdgeSite (IES).
                                                                                                                                                                                
+
                                                                                                                                                                                Supports management of CloudPond edge sites.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                Users granted permissions of this policy must also be granted permissions of the following policies:
                                                                                                                                                                                
 
                                                                                                                                                                                Global service project: OBS Buckets Viewer and OBS Administrator
                                                                                                                                                                                
 
                                                                                                                                                                                Region-specific projects: Tenant Guest, Server Administrator, ELB Administrator, SFS Administrator, SWR Admin, and APM FullAccess
                                                                                                                                                                                
-
                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                • If you are assigned with both CCE Administrator and NAT Gateway Administrator permissions, you can use NAT Gateway functions for clusters.
                                                                                                                                                                                • If an IAM user is required to grant cluster namespace permissions to other users or user groups, the user must have the IAM read-only permission.
                                                                                                                                                                                
+
                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                • If you are assigned with both CCE Administrator and NAT Gateway Administrator permissions, you can use NAT Gateway functions for clusters.
                                                                                                                                                                                • If an IAM user is required to grant cluster namespace permissions to other users or user groups, the user must have the IAM read-only permission.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                		
 
                                                                                                                                                                                
 
 
 
 
 
                                                                                                                                                                                You have to handle all the complexity in deploying and managing Kubernetes clusters. Cluster upgrades are often a heavy burden to O&M personnel.
                                                                                                                                                                                
 
                                                                                                                                                                                Easy to manage and use clusters
                                                                                                                                                                                
-
                                                                                                                                                                                You can create and update a Kubernetes container cluster in a few clicks. No need to set up Docker or Kubernetes environments. CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                
+
                                                                                                                                                                                Easy to manage and use clusters
                                                                                                                                                                                
+
                                                                                                                                                                                You can create and update a Kubernetes container cluster in a few clicks. There is no need to set up Docker or Kubernetes environments. CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                
 
                                                                                                                                                                                CCE supports turnkey Helm charts.
                                                                                                                                                                                
 
                                                                                                                                                                                Using CCE is as simple as choosing a cluster and the workloads that you want to run in the cluster. CCE takes care of cluster management and you focus on app development.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                You have to assess service loads and cluster health before resizing a Kubernetes cluster.
                                                                                                                                                                                
 
                                                                                                                                                                                Managed scaling service
                                                                                                                                                                                
-
                                                                                                                                                                                CCE auto scales clusters and workloads according to resource metrics and scaling policies.
                                                                                                                                                                                
+
                                                                                                                                                                                Flexible cluster and workload scaling
                                                                                                                                                                                
+
                                                                                                                                                                                CCE can automatically resize clusters and workloads as resource usage changes. Combined use of auto scaling policies can flexibly scale clusters and workloads to meet fluctuating demands.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                Reliability
                                                                                                                                                                                
@@ -69,8 +69,8 @@
 
 
                                                                                                                                                                                Why Containers?
                                                                                                                                                                                Docker is written in the Go language designed by Google. It provides operating-system-level virtualization. Linux Control Groups (cgroups), namespaces, and UnionFS (for example, AUFS) isolate each software process. A Docker container packages everything needed to run a software process. Containers are independent from each other and from the host.
                                                                                                                                                                                
 
                                                                                                                                                                                Docker has moved forward to enhance container isolation. Containers have their own file systems. They cannot see each other's processes or network interfaces. This simplifies container creation and management.
                                                                                                                                                                                
-
                                                                                                                                                                                VMs use a hypervisor to virtualize and allocate hardware resources (such as memory, CPU, network, and disk) of a host machine. A complete operating system runs on a VM. Each VM needs to run its own system processes. On the contrary, a container does not require hardware resource virtualization. It runs an application process directly in the the host machine OS kernel. No resource overheads are incurred by running system processes. Therefore, Docker is lighter and faster than VMs.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 2 Comparison between Docker containers and VMs
                                                                                                                                                                                
+
                                                                                                                                                                                VMs use a hypervisor to virtualize and allocate hardware resources (such as memory, CPU, network, and disk) of a host machine. A complete operating system runs on a VM. Each VM needs to run its own system processes. On the contrary, a container does not require hardware resource virtualization. It runs an application process directly in the host machine OS kernel. No resource overheads are incurred by running system processes. Therefore, Docker is lighter and faster than VMs.
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 2 Comparison between Docker containers and VMs
                                                                                                                                                                                
 
                                                                                                                                                                                To sum up, Docker containers have many advantages over VMs.
                                                                                                                                                                                
 
                                                                                                                                                                                Resource use
                                                                                                                                                                                
 
                                                                                                                                                                                Containers have no overheads for virtualizing hardware and running a complete OS. They are faster than VMs in execution and file storage, while having no memory loss.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_productdesc_0005.html b/docs/cce/umn/cce_productdesc_0005.html
index 69670b04..07179063 100644
--- a/docs/cce/umn/cce_productdesc_0005.html
+++ b/docs/cce/umn/cce_productdesc_0005.html
@@ -1,57 +1,56 @@
 
 
-
                                                                                                                                                                                Constraints
                                                                                                                                                                                
+
                                                                                                                                                                                Notes and Constraints
                                                                                                                                                                                
 
                                                                                                                                                                                This section describes the notes and constraints on using CCE.
                                                                                                                                                                                
-
                                                                                                                                                                                Clusters and Nodes
                                                                                                                                                                                • After a cluster is created, the following items cannot be changed:
                                                                                                                                                                                  • Number of master nodes: For example, a non-HA cluster (with one master node) cannot be changed to an HA cluster (with three master nodes).
                                                                                                                                                                                  • AZ where a master node is deployed
                                                                                                                                                                                  • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings.
                                                                                                                                                                                  • Network model: For example, a container tunnel network cannot be changed to a VPC network.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Clusters and Nodes
                                                                                                                                                                                  • After a cluster is created, the following items cannot be changed:
                                                                                                                                                                                    • Number of master nodes: For example, a non-HA cluster (with one master node) cannot be changed to an HA cluster (with three master nodes).
                                                                                                                                                                                    • AZ where a master node is deployed
                                                                                                                                                                                    • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings
                                                                                                                                                                                    • Network model: For example, a container tunnel network cannot be changed to a VPC network.
                                                                                                                                                                                    
 
                                                                                                                                                                                  • CCE underlying resources such as ECS nodes are limited by quota and their inventory. It is possible that only some nodes are created during cluster creation, cluster scaling, or auto scaling.
                                                                                                                                                                                  • ECS node specifications: CPU ≥ 2 cores, memory ≥ 4 GiB
                                                                                                                                                                                  • To access a CCE cluster through a VPN, ensure that the VPN CIDR block does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                  • Ubuntu 22.04 does not support the tunnel network model.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  Networks
                                                                                                                                                                                  • By default, a NodePort Service is accessed within a VPC. To access a NodePort Service through the Internet, bind an EIP to the node in the cluster beforehand.
                                                                                                                                                                                  • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                    • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                                    • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                    
-
                                                                                                                                                                                  • Constraints on network policies:
                                                                                                                                                                                    • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                                                                                                                                                      • Ingress: All versions support this type.
                                                                                                                                                                                      • Egress: Only the following OSs and cluster versions support egress rules.
-
                                                                                                                                                                                        OS
                                                                                                                                                                                        
+
                                                                                                                                                                                        Networks
                                                                                                                                                                                        • By default, a NodePort Service is accessed within a VPC. To access a NodePort Service through the Internet, bind an EIP to the node in the cluster beforehand.
                                                                                                                                                                                        • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                          • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                                          • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                          
+
                                                                                                                                                                                        • Constraints on network policies:
                                                                                                                                                                                          • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                                                                                                                                                            • Ingress: All versions support this type.
                                                                                                                                                                                            • Egress: Only the following OSs and cluster versions support egress rules.
+
                                                                                                                                                                                              
-
-
-
-
-
-
-
-
                                                                                                                                                                                              OS
                                                                                                                                                                                              
 
                                                                                                                                                                                              Cluster Version
                                                                                                                                                                                              
+
                                                                                                                                                                                              Cluster Version
                                                                                                                                                                                              
 
                                                                                                                                                                                              Verified Kernel Version
                                                                                                                                                                                              
+
                                                                                                                                                                                              Verified Kernel Version
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              EulerOS 2.5
                                                                                                                                                                                              
+
                                                                                                                                                                                              EulerOS 2.9
                                                                                                                                                                                              
 
                                                                                                                                                                                              v1.23 or later
                                                                                                                                                                                              
+
                                                                                                                                                                                              v1.23 or later
                                                                                                                                                                                              
 
                                                                                                                                                                                              3.10.0-862.14.1.5.h591.eulerosv2r7.x86_64
                                                                                                                                                                                              
-
                                                                                                                                                                                              3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                              
+
                                                                                                                                                                                              4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                                                                                                                                                              
+
                                                                                                                                                                                              4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                              
+
                                                                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              EulerOS 2.9
                                                                                                                                                                                              
+
                                                                                                                                                                                              HCE OS 2.0
                                                                                                                                                                                              
 
                                                                                                                                                                                              v1.23 or later
                                                                                                                                                                                              
+
                                                                                                                                                                                              v1.25 or later
                                                                                                                                                                                              
 
                                                                                                                                                                                              4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                                                                                                                                                              
-
                                                                                                                                                                                              4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                              
-
                                                                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                                                                              
+
                                                                                                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                                                                              
                                                                                                                                                                                               		
 
                                                                                                                                                                                              
                                                                                                                                                                                               
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            
-
                                                                                                                                                                                          • Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                          • If upgrade to a cluster version that supports egress rules is performed in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                          
+
                                                                                                                                                                                        • Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                        • If upgrade to a cluster version that supports egress rules is performed in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                        
 
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Storage Volumes
                                                                                                                                                                                        • Constraints on EVS volumes:
                                                                                                                                                                                          • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                                          • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS disks attached, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                                            For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS disks attached, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Storage Volumes
                                                                                                                                                                                            • Constraints on EVS volumes:
                                                                                                                                                                                              • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                                              • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                                                For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                                
 
                                                                                                                                                                                              
-
                                                                                                                                                                                            • Constraints on SFS volumes:
                                                                                                                                                                                              • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                                                • If multiple PVCs/PVs use the same underlying SFS or SFS Turbo file system, when you attempt to mount these PVCs/PVs to the same pod, all PVCs cannot be mounted to the pod and the pod startup fails. This is because the volumeHandle values of these PVs are the same.
                                                                                                                                                                                                • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                                                • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                                                
+
                                                                                                                                                                                              • Constraints on SFS volumes:
                                                                                                                                                                                                • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                                                  • Do not mount all PVCs/PVs that use the same underlying SFS or SFS Turbo file system to a pod. This leads to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle values of these PVs.
                                                                                                                                                                                                  • The persistentVolumeReclaimPolicy parameter in the PVs is suggested to be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                                                  • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                • SFS volumes are available only in certain regions.
                                                                                                                                                                                                
-
                                                                                                                                                                                              • Constraints on OBS volumes:
                                                                                                                                                                                                • Kata containers do not support OBS volumes.
                                                                                                                                                                                                • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                                                                                                • CCE allows parallel file systems to be mounted using OBS SDKs or PVCs. If PVC mounting is used, the obsfs tool provided by OBS must be used. An obsfs resident process is generated each time an object storage volume generated from the parallel file system is mounted to a node, as shown in the following figure.
                                                                                                                                                                                                  Figure 1 obsfs resident process
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, an obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                   
                                                                                                                                                                                                  • An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to a parallel file system, the node will be unavailable. Control the number of pods mounted to a parallel file system on a single node.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                • Constraints on OBS volumes:
                                                                                                                                                                                                  • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                                                                                                  • CCE allows parallel file systems to be mounted using OBS SDKs or PVCs. If PVC mounting is used, the obsfs tool provided by OBS must be used. An obsfs resident process is generated each time an object storage volume generated from the parallel file system is mounted to a node, as shown in the following figure.
                                                                                                                                                                                                    Figure 1 obsfs resident process
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, an obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    • An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to a parallel file system, the node will be unavailable. Control the number of pods mounted to a parallel file system on a single node.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                • Constraints on local PVs:
                                                                                                                                                                                                  • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                                                  • Deleting, removing, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                                                  • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                  • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                • Constraints on local EVs:
                                                                                                                                                                                                  • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 1.2.29 or later.
                                                                                                                                                                                                  • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                  • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                • Constraints on snapshots and backups:
                                                                                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being queried or set.
                                                                                                                                                                                                  • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                                                                                  • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the Flexvolume storage class whose name is ssd, sas, or sata.
                                                                                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                                                                  • A PVC with the xfs file system type can generate snapshots. The file system type of the disk associated with the PVC created using one of these snapshots remains xfs.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                • Kata containers do not support OBS volumes.
                                                                                                                                                                                                
+
                                                                                                                                                                                              • Restrictions on using local PVs:
                                                                                                                                                                                                • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                                                • Removing, deleting, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                                                • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                                                
+
                                                                                                                                                                                              • Restrictions on using local EVs:
                                                                                                                                                                                                • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                                                                • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                                                
+
                                                                                                                                                                                              • Constraints on snapshots and backups:
                                                                                                                                                                                                • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                                                                                • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being queried or set.
                                                                                                                                                                                                • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                                                                                • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the Flexvolume storage class whose name is ssd, sas, or sata.
                                                                                                                                                                                                • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                                                                • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Add-ons
                                                                                                                                                                                            CCE uses Helm charts to deploy add-ons. To modify or upgrade an add-on, perform operations on the Add-ons page or use open add-on management APIs. Do not directly modify add-on resources on the backend. Otherwise, add-on exceptions or other unexpected problems may occur.
                                                                                                                                                                                            
@@ -88,109 +87,114 @@
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                  
+
                                                                                                                                                                                  Cluster Capacity Limit
                                                                                                                                                                                  The capacity of a cluster is made up of various resource types, including container groups (pods), cloud storage instances (persistent volumes), and Services. Additionally, the size of these resource objects can also impact the cluster capacity.
                                                                                                                                                                                  
+
                                                                                                                                                                                  For example:
                                                                                                                                                                                  
+
                                                                                                                                                                                  • If there are too many pods, the maximum number of pods will decrease within a certain performance range.
                                                                                                                                                                                  • As the number of pods approaches the upper limit, the upper limits of other resource types in the cluster will decrease accordingly.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Since clusters in actual application environments contain multiple resource types, it is possible that the number of resources for a single type may not reach its upper limit. It is important to monitor cluster usage regularly and plan and manage the cluster effectively to ensure the best performance of all resources. If the current specifications do not meet your requirements, you can scale out the cluster to ensure stability.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
 
                                                                                                                                                                                  Dependent Underlying Cloud Resources
                                                                                                                                                                                  
-
                                                                                                                                                                                  Category
                                                                                                                                                                                  
+
                                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_productdesc_0007.html b/docs/cce/umn/cce_productdesc_0007.html
index db899ea4..c7e5b342 100644
--- a/docs/cce/umn/cce_productdesc_0007.html
+++ b/docs/cce/umn/cce_productdesc_0007.html
@@ -1,9 +1,9 @@
 
                                                                                                                                                                                  Containerized Application Management
                                                                                                                                                                                  
-
                                                                                                                                                                                  Application Scenarios
                                                                                                                                                                                  In CCE, you can run clusters with x86 and Arm nodes. Create and manage Kubernetes clusters. Deploy containerized applications in them. All done in CCE.
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Containerized web applications: CCE clusters interconnect with middleware (such as GaussDB and Redis) and support HA DR, auto scaling, public network release, and gray upgrade, helping you quickly deploy web service applications.
                                                                                                                                                                                  • Middleware deployment platform: CCE clusters can be used as middleware deployment platforms to implement stateful applications with StatefulSets and PVCs. In addition, load balancers can be used to expose middleware services.
                                                                                                                                                                                  • Jobs and cron jobs: Job and cron job applications can be containerized to reduce the dependency on the host system. Global resource scheduling secures the resource usage during task running and improves the overall resource usage in the cluster.
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 1 CCE cluster
                                                                                                                                                                                  
+
                                                                                                                                                                                  Application Scenario
                                                                                                                                                                                  In CCE, you can run clusters with x86 and Arm nodes. Create and manage Kubernetes clusters. Deploy containerized applications in them. All done in CCE.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Containerized web applications: CCE clusters interconnect with middleware such as GaussDB and Redis and support HA DR, auto scaling, public network release, and gray upgrade, helping you quickly deploy web service applications.
                                                                                                                                                                                  • Middleware deployment platform: CCE clusters can be used as middleware deployment platforms to implement stateful applications with StatefulSets and PVCs. In addition, load balancers can be used to expose middleware services.
                                                                                                                                                                                  • Jobs and cron jobs: Job and cron job applications can be containerized to reduce the dependency on the host system. Global resource scheduling secures the resource usage during task running and improves the overall resource usage in the cluster.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 CCE cluster
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Benefits
                                                                                                                                                                                  Containerization requires less resources to deploy application. Services are not uninterrupted during upgrades.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
@@ -11,7 +11,7 @@
 
                                                                                                                                                                                • Application upgrade
                                                                                                                                                                                  Upgrades your apps in replace or rolling mode (by proportion or by number of pods), or rolls back the upgrades.
                                                                                                                                                                                  
 
                                                                                                                                                                                • Auto scaling
                                                                                                                                                                                  Auto scales your nodes and workloads according to the policies you set.
                                                                                                                                                                                  
 
                                                                                                                                                                                  • 
-
                                                                                                                                                                                  Figure 2 Workload
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 2 Workload
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0008.html b/docs/cce/umn/cce_productdesc_0008.html
index 4ff8e14c..5b718629 100644
--- a/docs/cce/umn/cce_productdesc_0008.html
+++ b/docs/cce/umn/cce_productdesc_0008.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                  Related Services
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 1 Relationships between CCE and other services
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 Relationships between CCE and other services
                                                                                                                                                                                  
 
                                                                                                                                                                                  Relationships Between CCE and Other Services
                                                                                                                                                                                  
 
                                                                                                                                                                                  Category
                                                                                                                                                                                  
 
                                                                                                                                                                                  Item
                                                                                                                                                                                  
+
                                                                                                                                                                                  Item
                                                                                                                                                                                  
 
                                                                                                                                                                                  Constraints on Common Users
                                                                                                                                                                                  
+
                                                                                                                                                                                  Constraints on Common Users
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Compute
                                                                                                                                                                                  
+
                                                                                                                                                                                  Compute
                                                                                                                                                                                  
 
                                                                                                                                                                                  Pods
                                                                                                                                                                                  
+
                                                                                                                                                                                  Pods
                                                                                                                                                                                  
 
                                                                                                                                                                                  1000
                                                                                                                                                                                  
+
                                                                                                                                                                                  1000
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Cores
                                                                                                                                                                                  
+
                                                                                                                                                                                  Cores
                                                                                                                                                                                  
 
                                                                                                                                                                                  8000
                                                                                                                                                                                  
+
                                                                                                                                                                                  8000
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  RAM capacity (MB)
                                                                                                                                                                                  
+
                                                                                                                                                                                  RAM capacity (MB)
                                                                                                                                                                                  
 
                                                                                                                                                                                  16,384,000
                                                                                                                                                                                  
+
                                                                                                                                                                                  16,384,000
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Networking
                                                                                                                                                                                  
+
                                                                                                                                                                                  Networking
                                                                                                                                                                                  
 
                                                                                                                                                                                  VPCs per account
                                                                                                                                                                                  
+
                                                                                                                                                                                  VPCs per account
                                                                                                                                                                                  
 
                                                                                                                                                                                  5
                                                                                                                                                                                  
+
                                                                                                                                                                                  5
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Subnets per account
                                                                                                                                                                                  
+
                                                                                                                                                                                  Subnets per account
                                                                                                                                                                                  
 
                                                                                                                                                                                  100
                                                                                                                                                                                  
+
                                                                                                                                                                                  100
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Security groups per account
                                                                                                                                                                                  
+
                                                                                                                                                                                  Security groups per account
                                                                                                                                                                                  
 
                                                                                                                                                                                  100
                                                                                                                                                                                  
+
                                                                                                                                                                                  100
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Security group rules per account
                                                                                                                                                                                  
+
                                                                                                                                                                                  Security group rules per account
                                                                                                                                                                                  
 
                                                                                                                                                                                  5000
                                                                                                                                                                                  
+
                                                                                                                                                                                  5000
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Routes per route table
                                                                                                                                                                                  
+
                                                                                                                                                                                  Routes per route table
                                                                                                                                                                                  
 
                                                                                                                                                                                  100
                                                                                                                                                                                  
+
                                                                                                                                                                                  100
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Routes per VPC
                                                                                                                                                                                  
+
                                                                                                                                                                                  Routes per VPC
                                                                                                                                                                                  
 
                                                                                                                                                                                  100
                                                                                                                                                                                  
+
                                                                                                                                                                                  100
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  VPC peering connections per region
                                                                                                                                                                                  
+
                                                                                                                                                                                  VPC peering connections per region
                                                                                                                                                                                  
 
                                                                                                                                                                                  50
                                                                                                                                                                                  
+
                                                                                                                                                                                  50
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Network ACLs per account
                                                                                                                                                                                  
+
                                                                                                                                                                                  Network ACLs per account
                                                                                                                                                                                  
 
                                                                                                                                                                                  200
                                                                                                                                                                                  
+
                                                                                                                                                                                  200
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Layer 2 connection gateways per account
                                                                                                                                                                                  
+
                                                                                                                                                                                  Layer 2 connection gateways per account
                                                                                                                                                                                  
 
                                                                                                                                                                                  5
                                                                                                                                                                                  
+
                                                                                                                                                                                  5
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Load balancing
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load balancing
                                                                                                                                                                                  
 
                                                                                                                                                                                  Elastic load balancers
                                                                                                                                                                                  
+
                                                                                                                                                                                  Elastic load balancers
                                                                                                                                                                                  
 
                                                                                                                                                                                  50
                                                                                                                                                                                  
+
                                                                                                                                                                                  50
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Load balancer listeners
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load balancer listeners
                                                                                                                                                                                  
 
                                                                                                                                                                                  100
                                                                                                                                                                                  
+
                                                                                                                                                                                  100
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Load balancer certificates
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load balancer certificates
                                                                                                                                                                                  
 
                                                                                                                                                                                  120
                                                                                                                                                                                  
+
                                                                                                                                                                                  120
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Load balancer forwarding policies
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load balancer forwarding policies
                                                                                                                                                                                  
 
                                                                                                                                                                                  500
                                                                                                                                                                                  
+
                                                                                                                                                                                  500
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Load balancer backend host group
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load balancer backend host group
                                                                                                                                                                                  
 
                                                                                                                                                                                  500
                                                                                                                                                                                  
+
                                                                                                                                                                                  500
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Load balancer backend server
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load balancer backend server
                                                                                                                                                                                  
 
                                                                                                                                                                                  500
                                                                                                                                                                                  
+
                                                                                                                                                                                  500
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  
                                                                                                                                                                                   
 
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0012.html b/docs/cce/umn/cce_productdesc_0012.html
index 20cb0af5..4849e57d 100644
--- a/docs/cce/umn/cce_productdesc_0012.html
+++ b/docs/cce/umn/cce_productdesc_0012.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                  Regions and AZs
                                                                                                                                                                                  Definition
                                                                                                                                                                                  A region and availability zone (AZ) identify the location of a data center. You can create resources in a specific region and AZ.
                                                                                                                                                                                  
 
                                                                                                                                                                                  • Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common domains. A dedicated region provides services of the same type only or for specific domains.
                                                                                                                                                                                  • An AZ contains one or more physical data centers. Each AZ has independent cooling, fire extinguishing, moisture-proof, and electricity facilities. Within an AZ, computing, network, storage, and other resources are logically divided into multiple clusters. AZs in a region are interconnected through high-speed optic fibers. This is helpful if you will deploy systems across AZs to achieve higher availability.
                                                                                                                                                                                  
-
                                                                                                                                                                                  Cloud services are available in many regions around the world. You can select a region and AZ as needed.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Cloud services are now available in many regions around the world. You can select whichever region and AZ work best for you.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  How to Select a Region?
                                                                                                                                                                                  When selecting a region, consider the following factors:
                                                                                                                                                                                  • Location
                                                                                                                                                                                    Select a region close to you or your target users to reduce network latency and improve access rate.
                                                                                                                                                                                    
 
                                                                                                                                                                                  
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                  Selecting an AZ
                                                                                                                                                                                  When deploying resources, consider your applications' requirements on disaster recovery (DR) and network latency.
                                                                                                                                                                                  
 
                                                                                                                                                                                  • For high DR capability, deploy resources in different AZs within the same region.
                                                                                                                                                                                  • For lower network latency, deploy resources in the same AZ.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  Regions and Endpoints
                                                                                                                                                                                  When using an API to access resources, you must specify a region and endpoint. For more information about regions and endpoints, see Regions and Endpoints.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Regions and Endpoints
                                                                                                                                                                                  When using an API to access resources, you must specify a region and endpoint. For more information about regions and endpoints, see Regions and Endpoints.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0017.html b/docs/cce/umn/cce_productdesc_0017.html
index 2e38198e..12bf22d8 100644
--- a/docs/cce/umn/cce_productdesc_0017.html
+++ b/docs/cce/umn/cce_productdesc_0017.html
@@ -11,7 +11,7 @@
 
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Related Services
                                                                                                                                                                                  Software Repository for Container (SWR), Object Storage Service (OBS), Virtual Private Network (VPN)
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 1 How DevOps works
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 How DevOps works
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0018.html b/docs/cce/umn/cce_productdesc_0018.html
index e21ca097..f6797603 100644
--- a/docs/cce/umn/cce_productdesc_0018.html
+++ b/docs/cce/umn/cce_productdesc_0018.html
@@ -15,8 +15,8 @@
 
                                                                                                                                                                                • Lower costs
                                                                                                                                                                                  Cloud resource pools, backed by auto scaling, can respond to load spikes in time. Manual operations are no longer needed and you can save big.
                                                                                                                                                                                  
 
                                                                                                                                                                                  • 
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  Related Services
                                                                                                                                                                                  Elastic Cloud Server (ECS), Direct Connect (DC), Virtual Private Network (VPN), SoftWare Repository for Container (SWR)
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 1 How hybrid cloud works
                                                                                                                                                                                  
+
                                                                                                                                                                                  Related Services
                                                                                                                                                                                  Elastic Cloud Server (ECS), Virtual Private Network (VPN), SoftWare Repository for Container (SWR)
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 How hybrid cloud works
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0021.html b/docs/cce/umn/cce_productdesc_0021.html
index f95c572c..1b894157 100644
--- a/docs/cce/umn/cce_productdesc_0021.html
+++ b/docs/cce/umn/cce_productdesc_0021.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                  Auto Scaling in Seconds
                                                                                                                                                                                  
-
                                                                                                                                                                                  Application Scenarios
                                                                                                                                                                                  • Shopping apps and websites, especially during promotions
                                                                                                                                                                                  • Live streaming, where service loads often fluctuate
                                                                                                                                                                                  • Games, where many players may go online in certain time periods
                                                                                                                                                                                  
+
                                                                                                                                                                                  Application Scenarios
                                                                                                                                                                                  • Shopping apps and websites, especially during promotions and flash sales
                                                                                                                                                                                  • Live streaming, where service loads often fluctuate
                                                                                                                                                                                  • Games, where many players may go online in certain time periods
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Benefits
                                                                                                                                                                                  CCE auto adjusts capacity to cope with service surges according to the policies you set. CCE adds or reduces cloud servers and containers to scale your cluster and workloads. Your applications will always have the right resources at the right time.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
@@ -11,8 +11,8 @@
 
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Related Services
                                                                                                                                                                                  Add-ons: autoscaler and cce-hpa-controller
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Auto scaling for workloads: HPA (Horizontal Pod Autoscaling)
                                                                                                                                                                                  • Auto scaling for clusters: CA (Cluster AutoScaling)
                                                                                                                                                                                  
-
                                                                                                                                                                                  Figure 1 How auto scaling works
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Auto scaling for workloads: CronHPA (CronHorizontalPodAutoscaler) + HPA (Horizontal Pod Autoscaling)
                                                                                                                                                                                  • Auto scaling for clusters: CA (Cluster AutoScaling)
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 1 How auto scaling works
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_qs_0008.html b/docs/cce/umn/cce_qs_0008.html
index 1def3762..0da3f8d8 100644
--- a/docs/cce/umn/cce_qs_0008.html
+++ b/docs/cce/umn/cce_qs_0008.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                  Creating a Kubernetes Cluster
                                                                                                                                                                                  
 
                                                                                                                                                                                  Context
                                                                                                                                                                                  This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  Creating a Cluster
                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                    • If you have no clusters, click Create CCE Standard Cluster under CCE Standard Cluster on the wizard page.
                                                                                                                                                                                    • If your have CCE clusters, choose Clusters in the navigation pane, click Create Cluster and select the CCE standard cluster.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Creating a Cluster
                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                      • If you have no clusters, click Create CCE Standard Cluster on the wizard page.
                                                                                                                                                                                      • If your have CCE clusters, choose Clusters in the navigation pane, click Create Cluster and select the CCE standard cluster.
                                                                                                                                                                                      
 
                                                                                                                                                                                    2. On the page displayed, configure parameters following instructions.
                                                                                                                                                                                      In this example, a majority of parameters retain default values. Only mandatory parameters are described. For details, see Table 1.
 
                                                                                                                                                                                  Table 1 Relationships between CCE and other services
                                                                                                                                                                                  Service
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  
@@ -65,7 +65,7 @@
 
                                                                                                                                                                                  Table 1 Parameters for creating a cluster
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
-
                                                                                                                                                                                • Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
                                                                                                                                                                                • Click Next: Add-on Configuration.
                                                                                                                                                                                • Click Next: Confirm configuration. After confirming the information, click Submit.
                                                                                                                                                                                  It takes about 6 to 10 minutes to create a cluster.
                                                                                                                                                                                  
+
                                                                                                                                                                                • Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
                                                                                                                                                                                • Click Next: Add-on Configuration.
                                                                                                                                                                                • Click Next: Confirm configuration. After confirming the information, click Submit.
                                                                                                                                                                                  It takes about 6 to 10 minutes to create a cluster.
                                                                                                                                                                                  
 
                                                                                                                                                                                  The created cluster will be displayed on the Clusters page, and the number of nodes in the cluster is 0.
                                                                                                                                                                                  
 
                                                                                                                                                                                  • 
 
diff --git a/docs/cce/umn/en-us_image_0000001460905374.png b/docs/cce/umn/en-us_image_0000001460905374.png
deleted file mode 100644
index 50d2b8fd..00000000
Binary files a/docs/cce/umn/en-us_image_0000001460905374.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001461224886.png b/docs/cce/umn/en-us_image_0000001461224886.png
deleted file mode 100644
index 7dd07163..00000000
Binary files a/docs/cce/umn/en-us_image_0000001461224886.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001697958210.png b/docs/cce/umn/en-us_image_0000001697958210.png
deleted file mode 100644
index 31a8dd75..00000000
Binary files a/docs/cce/umn/en-us_image_0000001697958210.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001702936020.png b/docs/cce/umn/en-us_image_0000001702936020.png
deleted file mode 100644
index 6dd1e58d..00000000
Binary files a/docs/cce/umn/en-us_image_0000001702936020.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001797870921.png b/docs/cce/umn/en-us_image_0000001797870921.png
deleted file mode 100644
index 0ee4bb10..00000000
Binary files a/docs/cce/umn/en-us_image_0000001797870921.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001851584036.png b/docs/cce/umn/en-us_image_0000001851584036.png
new file mode 100644
index 00000000..b295b34e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001851584036.png differ
diff --git a/docs/cce/umn/en-us_image_0000001725939365.png b/docs/cce/umn/en-us_image_0000001851584048.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001725939365.png
rename to docs/cce/umn/en-us_image_0000001851584048.png
diff --git a/docs/cce/umn/en-us_image_0000001678179938.png b/docs/cce/umn/en-us_image_0000001851742760.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001678179938.png
rename to docs/cce/umn/en-us_image_0000001851742760.png
diff --git a/docs/cce/umn/en-us_image_0000001851742792.png b/docs/cce/umn/en-us_image_0000001851742792.png
new file mode 100644
index 00000000..d51eb976
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001851742792.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851744368.png b/docs/cce/umn/en-us_image_0000001851744368.png
deleted file mode 100644
index f81efeed..00000000
Binary files a/docs/cce/umn/en-us_image_0000001851744368.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001851745496.png b/docs/cce/umn/en-us_image_0000001851745496.png
deleted file mode 100644
index f57b6c81..00000000
Binary files a/docs/cce/umn/en-us_image_0000001851745496.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001851745612.png b/docs/cce/umn/en-us_image_0000001851745612.png
deleted file mode 100644
index 74beeed4..00000000
Binary files a/docs/cce/umn/en-us_image_0000001851745612.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001851746504.png b/docs/cce/umn/en-us_image_0000001851746504.png
deleted file mode 100644
index e1b6ec8d..00000000
Binary files a/docs/cce/umn/en-us_image_0000001851746504.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001851746508.png b/docs/cce/umn/en-us_image_0000001851746508.png
deleted file mode 100644
index 1909444d..00000000
Binary files a/docs/cce/umn/en-us_image_0000001851746508.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001725939361.png b/docs/cce/umn/en-us_image_0000001897903417.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001725939361.png
rename to docs/cce/umn/en-us_image_0000001897903417.png
diff --git a/docs/cce/umn/en-us_image_0000001726059253.png b/docs/cce/umn/en-us_image_0000001897903549.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001726059253.png
rename to docs/cce/umn/en-us_image_0000001897903549.png
diff --git a/docs/cce/umn/en-us_image_0000001897906145.png b/docs/cce/umn/en-us_image_0000001897906145.png
deleted file mode 100644
index d4ef410c..00000000
Binary files a/docs/cce/umn/en-us_image_0000001897906145.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001897907185.png b/docs/cce/umn/en-us_image_0000001897907185.png
deleted file mode 100644
index 1909444d..00000000
Binary files a/docs/cce/umn/en-us_image_0000001897907185.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001678020222.png b/docs/cce/umn/en-us_image_0000001898022949.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001678020222.png
rename to docs/cce/umn/en-us_image_0000001898022949.png
diff --git a/docs/cce/umn/en-us_image_0000001678020242.png b/docs/cce/umn/en-us_image_0000001898023049.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001678020242.png
rename to docs/cce/umn/en-us_image_0000001898023049.png
diff --git a/docs/cce/umn/en-us_image_0000001898023829.png b/docs/cce/umn/en-us_image_0000001898023829.png
deleted file mode 100644
index f1403c1d..00000000
Binary files a/docs/cce/umn/en-us_image_0000001898023829.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001898024541.png b/docs/cce/umn/en-us_image_0000001898024541.png
deleted file mode 100644
index d9e8cde1..00000000
Binary files a/docs/cce/umn/en-us_image_0000001898024541.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001898024545.png b/docs/cce/umn/en-us_image_0000001898024545.png
deleted file mode 100644
index 4d11dcf6..00000000
Binary files a/docs/cce/umn/en-us_image_0000001898024545.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001898025573.png b/docs/cce/umn/en-us_image_0000001898025573.png
deleted file mode 100644
index fac664f9..00000000
Binary files a/docs/cce/umn/en-us_image_0000001898025573.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001911555737.png b/docs/cce/umn/en-us_image_0000001911555737.png
deleted file mode 100644
index b90edb1a..00000000
Binary files a/docs/cce/umn/en-us_image_0000001911555737.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001851743660.png b/docs/cce/umn/en-us_image_0000001950314864.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743660.png
rename to docs/cce/umn/en-us_image_0000001950314864.png
diff --git a/docs/cce/umn/en-us_image_0000001851743900.png b/docs/cce/umn/en-us_image_0000001950314996.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743900.png
rename to docs/cce/umn/en-us_image_0000001950314996.png
diff --git a/docs/cce/umn/en-us_image_0000001851743916.png b/docs/cce/umn/en-us_image_0000001950315008.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743916.png
rename to docs/cce/umn/en-us_image_0000001950315008.png
diff --git a/docs/cce/umn/en-us_image_0000001898024113.png b/docs/cce/umn/en-us_image_0000001950315012.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024113.png
rename to docs/cce/umn/en-us_image_0000001950315012.png
diff --git a/docs/cce/umn/en-us_image_0000001851585068.png b/docs/cce/umn/en-us_image_0000001950315060.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585068.png
rename to docs/cce/umn/en-us_image_0000001950315060.png
diff --git a/docs/cce/umn/en-us_image_0000001898023989.png b/docs/cce/umn/en-us_image_0000001950315068.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898023989.png
rename to docs/cce/umn/en-us_image_0000001950315068.png
diff --git a/docs/cce/umn/en-us_image_0000001898024121.png b/docs/cce/umn/en-us_image_0000001950315204.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024121.png
rename to docs/cce/umn/en-us_image_0000001950315204.png
diff --git a/docs/cce/umn/en-us_image_0000001851745196.png b/docs/cce/umn/en-us_image_0000001950315240.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745196.png
rename to docs/cce/umn/en-us_image_0000001950315240.png
diff --git a/docs/cce/umn/en-us_image_0000001851585272.png b/docs/cce/umn/en-us_image_0000001950315260.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585272.png
rename to docs/cce/umn/en-us_image_0000001950315260.png
diff --git a/docs/cce/umn/en-us_image_0000001898024285.png b/docs/cce/umn/en-us_image_0000001950315436.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024285.png
rename to docs/cce/umn/en-us_image_0000001950315436.png
diff --git a/docs/cce/umn/en-us_image_0000001851585384.png b/docs/cce/umn/en-us_image_0000001950315440.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585384.png
rename to docs/cce/umn/en-us_image_0000001950315440.png
diff --git a/docs/cce/umn/en-us_image_0000001851744112.png b/docs/cce/umn/en-us_image_0000001950315444.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744112.png
rename to docs/cce/umn/en-us_image_0000001950315444.png
diff --git a/docs/cce/umn/en-us_image_0000001851744176.png b/docs/cce/umn/en-us_image_0000001950315452.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744176.png
rename to docs/cce/umn/en-us_image_0000001950315452.png
diff --git a/docs/cce/umn/en-us_image_0000001851585416.png b/docs/cce/umn/en-us_image_0000001950315456.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585416.png
rename to docs/cce/umn/en-us_image_0000001950315456.png
diff --git a/docs/cce/umn/en-us_image_0000001898024333.png b/docs/cce/umn/en-us_image_0000001950315464.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024333.png
rename to docs/cce/umn/en-us_image_0000001950315464.png
diff --git a/docs/cce/umn/en-us_image_0000001851585432.png b/docs/cce/umn/en-us_image_0000001950315472.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585432.png
rename to docs/cce/umn/en-us_image_0000001950315472.png
diff --git a/docs/cce/umn/en-us_image_0000001851585496.png b/docs/cce/umn/en-us_image_0000001950315604.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585496.png
rename to docs/cce/umn/en-us_image_0000001950315604.png
diff --git a/docs/cce/umn/en-us_image_0000001851743732.jpg b/docs/cce/umn/en-us_image_0000001950315632.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743732.jpg
rename to docs/cce/umn/en-us_image_0000001950315632.jpg
diff --git a/docs/cce/umn/en-us_image_0000001851585032.png b/docs/cce/umn/en-us_image_0000001950315720.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585032.png
rename to docs/cce/umn/en-us_image_0000001950315720.png
diff --git a/docs/cce/umn/en-us_image_0000001897904433.png b/docs/cce/umn/en-us_image_0000001950315760.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904433.png
rename to docs/cce/umn/en-us_image_0000001950315760.png
diff --git a/docs/cce/umn/en-us_image_0000001897905125.png b/docs/cce/umn/en-us_image_0000001950315780.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905125.png
rename to docs/cce/umn/en-us_image_0000001950315780.png
diff --git a/docs/cce/umn/en-us_image_0000001851743812.png b/docs/cce/umn/en-us_image_0000001950315800.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743812.png
rename to docs/cce/umn/en-us_image_0000001950315800.png
diff --git a/docs/cce/umn/en-us_image_0000001950315828.png b/docs/cce/umn/en-us_image_0000001950315828.png
new file mode 100644
index 00000000..e046d35c
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001950315828.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851744516.png b/docs/cce/umn/en-us_image_0000001950315836.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744516.png
rename to docs/cce/umn/en-us_image_0000001950315836.png
diff --git a/docs/cce/umn/en-us_image_0000001897905033.png b/docs/cce/umn/en-us_image_0000001950315840.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905033.png
rename to docs/cce/umn/en-us_image_0000001950315840.png
diff --git a/docs/cce/umn/en-us_image_0000001851585668.png b/docs/cce/umn/en-us_image_0000001950315844.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585668.png
rename to docs/cce/umn/en-us_image_0000001950315844.png
diff --git a/docs/cce/umn/en-us_image_0000001851585672.png b/docs/cce/umn/en-us_image_0000001950315848.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585672.png
rename to docs/cce/umn/en-us_image_0000001950315848.png
diff --git a/docs/cce/umn/en-us_image_0000001851743836.png b/docs/cce/umn/en-us_image_0000001950315856.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743836.png
rename to docs/cce/umn/en-us_image_0000001950315856.png
diff --git a/docs/cce/umn/en-us_image_0000001897904393.png b/docs/cce/umn/en-us_image_0000001950315912.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904393.png
rename to docs/cce/umn/en-us_image_0000001950315912.png
diff --git a/docs/cce/umn/en-us_image_0000001851744412.png b/docs/cce/umn/en-us_image_0000001950315916.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744412.png
rename to docs/cce/umn/en-us_image_0000001950315916.png
diff --git a/docs/cce/umn/en-us_image_0000001897905209.png b/docs/cce/umn/en-us_image_0000001950315932.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905209.png
rename to docs/cce/umn/en-us_image_0000001950315932.png
diff --git a/docs/cce/umn/en-us_image_0000001898024613.png b/docs/cce/umn/en-us_image_0000001950315972.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024613.png
rename to docs/cce/umn/en-us_image_0000001950315972.png
diff --git a/docs/cce/umn/en-us_image_0000001851743880.png b/docs/cce/umn/en-us_image_0000001950315976.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743880.png
rename to docs/cce/umn/en-us_image_0000001950315976.png
diff --git a/docs/cce/umn/en-us_image_0000001851743860.png b/docs/cce/umn/en-us_image_0000001950316012.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743860.png
rename to docs/cce/umn/en-us_image_0000001950316012.png
diff --git a/docs/cce/umn/en-us_image_0000001851743848.png b/docs/cce/umn/en-us_image_0000001950316024.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743848.png
rename to docs/cce/umn/en-us_image_0000001950316024.png
diff --git a/docs/cce/umn/en-us_image_0000001898024033.png b/docs/cce/umn/en-us_image_0000001950316032.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024033.png
rename to docs/cce/umn/en-us_image_0000001950316032.png
diff --git a/docs/cce/umn/en-us_image_0000001851743828.png b/docs/cce/umn/en-us_image_0000001950316040.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743828.png
rename to docs/cce/umn/en-us_image_0000001950316040.png
diff --git a/docs/cce/umn/en-us_image_0000001897904517.png b/docs/cce/umn/en-us_image_0000001950316048.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904517.png
rename to docs/cce/umn/en-us_image_0000001950316048.png
diff --git a/docs/cce/umn/en-us_image_0000001898024145.png b/docs/cce/umn/en-us_image_0000001950316056.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024145.png
rename to docs/cce/umn/en-us_image_0000001950316056.png
diff --git a/docs/cce/umn/en-us_image_0000001898024249.png b/docs/cce/umn/en-us_image_0000001950316060.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024249.png
rename to docs/cce/umn/en-us_image_0000001950316060.png
diff --git a/docs/cce/umn/en-us_image_0000001851744088.png b/docs/cce/umn/en-us_image_0000001950316068.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744088.png
rename to docs/cce/umn/en-us_image_0000001950316068.png
diff --git a/docs/cce/umn/en-us_image_0000001851744004.png b/docs/cce/umn/en-us_image_0000001950316192.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744004.png
rename to docs/cce/umn/en-us_image_0000001950316192.png
diff --git a/docs/cce/umn/en-us_image_0000001851585280.png b/docs/cce/umn/en-us_image_0000001950316248.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585280.png
rename to docs/cce/umn/en-us_image_0000001950316248.png
diff --git a/docs/cce/umn/en-us_image_0000001950316540.png b/docs/cce/umn/en-us_image_0000001950316540.png
new file mode 100644
index 00000000..b201d81d
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001950316540.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851586420.png b/docs/cce/umn/en-us_image_0000001950316596.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586420.png
rename to docs/cce/umn/en-us_image_0000001950316596.png
diff --git a/docs/cce/umn/en-us_image_0000001851745096.png b/docs/cce/umn/en-us_image_0000001950316608.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745096.png
rename to docs/cce/umn/en-us_image_0000001950316608.png
diff --git a/docs/cce/umn/en-us_image_0000001898024157.png b/docs/cce/umn/en-us_image_0000001950316676.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024157.png
rename to docs/cce/umn/en-us_image_0000001950316676.png
diff --git a/docs/cce/umn/en-us_image_0000001898025401.png b/docs/cce/umn/en-us_image_0000001950316688.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025401.png
rename to docs/cce/umn/en-us_image_0000001950316688.png
diff --git a/docs/cce/umn/en-us_image_0000001897906057.png b/docs/cce/umn/en-us_image_0000001950316840.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906057.png
rename to docs/cce/umn/en-us_image_0000001950316840.png
diff --git a/docs/cce/umn/en-us_image_0000001851745400.png b/docs/cce/umn/en-us_image_0000001950316852.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745400.png
rename to docs/cce/umn/en-us_image_0000001950316852.png
diff --git a/docs/cce/umn/en-us_image_0000001897906149.png b/docs/cce/umn/en-us_image_0000001950316872.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906149.png
rename to docs/cce/umn/en-us_image_0000001950316872.png
diff --git a/docs/cce/umn/en-us_image_0000001851745492.png b/docs/cce/umn/en-us_image_0000001950316876.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745492.png
rename to docs/cce/umn/en-us_image_0000001950316876.png
diff --git a/docs/cce/umn/en-us_image_0000001851586708.png b/docs/cce/umn/en-us_image_0000001950316896.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586708.png
rename to docs/cce/umn/en-us_image_0000001950316896.png
diff --git a/docs/cce/umn/en-us_image_0000001897906125.png b/docs/cce/umn/en-us_image_0000001950317032.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906125.png
rename to docs/cce/umn/en-us_image_0000001950317032.png
diff --git a/docs/cce/umn/en-us_image_0000001863378970.png b/docs/cce/umn/en-us_image_0000001950317048.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001863378970.png
rename to docs/cce/umn/en-us_image_0000001950317048.png
diff --git a/docs/cce/umn/en-us_image_0000001897906233.png b/docs/cce/umn/en-us_image_0000001950317060.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906233.png
rename to docs/cce/umn/en-us_image_0000001950317060.png
diff --git a/docs/cce/umn/en-us_image_0000001897906237.png b/docs/cce/umn/en-us_image_0000001950317068.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906237.png
rename to docs/cce/umn/en-us_image_0000001950317068.png
diff --git a/docs/cce/umn/en-us_image_0000001851745580.png b/docs/cce/umn/en-us_image_0000001950317072.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745580.png
rename to docs/cce/umn/en-us_image_0000001950317072.png
diff --git a/docs/cce/umn/en-us_image_0000001898025681.png b/docs/cce/umn/en-us_image_0000001950317076.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025681.png
rename to docs/cce/umn/en-us_image_0000001950317076.png
diff --git a/docs/cce/umn/en-us_image_0000001867802022.png b/docs/cce/umn/en-us_image_0000001950317180.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001867802022.png
rename to docs/cce/umn/en-us_image_0000001950317180.png
diff --git a/docs/cce/umn/en-us_image_0000001851586988.png b/docs/cce/umn/en-us_image_0000001950317192.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586988.png
rename to docs/cce/umn/en-us_image_0000001950317192.png
diff --git a/docs/cce/umn/en-us_image_0000001851745504.png b/docs/cce/umn/en-us_image_0000001950317212.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745504.png
rename to docs/cce/umn/en-us_image_0000001950317212.png
diff --git a/docs/cce/umn/en-us_image_0000001950317216.png b/docs/cce/umn/en-us_image_0000001950317216.png
new file mode 100644
index 00000000..aadd477b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001950317216.png differ
diff --git a/docs/cce/umn/en-us_image_0000001898026057.png b/docs/cce/umn/en-us_image_0000001950317236.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026057.png
rename to docs/cce/umn/en-us_image_0000001950317236.png
diff --git a/docs/cce/umn/en-us_image_0000001851745808.png b/docs/cce/umn/en-us_image_0000001950317252.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745808.png
rename to docs/cce/umn/en-us_image_0000001950317252.png
diff --git a/docs/cce/umn/en-us_image_0000001898026001.png b/docs/cce/umn/en-us_image_0000001950317256.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026001.png
rename to docs/cce/umn/en-us_image_0000001950317256.png
diff --git a/docs/cce/umn/en-us_image_0000001851745632.png b/docs/cce/umn/en-us_image_0000001950317280.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745632.png
rename to docs/cce/umn/en-us_image_0000001950317280.png
diff --git a/docs/cce/umn/en-us_image_0000001851587144.png b/docs/cce/umn/en-us_image_0000001950317284.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587144.png
rename to docs/cce/umn/en-us_image_0000001950317284.png
diff --git a/docs/cce/umn/en-us_image_0000001851587788.png b/docs/cce/umn/en-us_image_0000001950317344.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587788.png
rename to docs/cce/umn/en-us_image_0000001950317344.png
diff --git a/docs/cce/umn/en-us_image_0000001851587784.png b/docs/cce/umn/en-us_image_0000001950317352.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587784.png
rename to docs/cce/umn/en-us_image_0000001950317352.png
diff --git a/docs/cce/umn/en-us_image_0000001897906717.png b/docs/cce/umn/en-us_image_0000001950317380.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906717.png
rename to docs/cce/umn/en-us_image_0000001950317380.png
diff --git a/docs/cce/umn/en-us_image_0000001851587340.png b/docs/cce/umn/en-us_image_0000001950317392.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587340.png
rename to docs/cce/umn/en-us_image_0000001950317392.png
diff --git a/docs/cce/umn/en-us_image_0000001898026021.png b/docs/cce/umn/en-us_image_0000001950317396.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026021.png
rename to docs/cce/umn/en-us_image_0000001950317396.png
diff --git a/docs/cce/umn/en-us_image_0000001851746056.png b/docs/cce/umn/en-us_image_0000001950317428.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851746056.png
rename to docs/cce/umn/en-us_image_0000001950317428.png
diff --git a/docs/cce/umn/en-us_image_0000001897906729.png b/docs/cce/umn/en-us_image_0000001950317436.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906729.png
rename to docs/cce/umn/en-us_image_0000001950317436.png
diff --git a/docs/cce/umn/en-us_image_0000001897906417.png b/docs/cce/umn/en-us_image_0000001950317472.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906417.png
rename to docs/cce/umn/en-us_image_0000001950317472.png
diff --git a/docs/cce/umn/en-us_image_0000001898023913.gif b/docs/cce/umn/en-us_image_0000001981274401.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898023913.gif
rename to docs/cce/umn/en-us_image_0000001981274401.gif
diff --git a/docs/cce/umn/en-us_image_0000001851743740.gif b/docs/cce/umn/en-us_image_0000001981274409.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743740.gif
rename to docs/cce/umn/en-us_image_0000001981274409.gif
diff --git a/docs/cce/umn/en-us_image_0000001898023873.png b/docs/cce/umn/en-us_image_0000001981274417.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898023873.png
rename to docs/cce/umn/en-us_image_0000001981274417.png
diff --git a/docs/cce/umn/en-us_image_0000001851743884.png b/docs/cce/umn/en-us_image_0000001981274513.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743884.png
rename to docs/cce/umn/en-us_image_0000001981274513.png
diff --git a/docs/cce/umn/en-us_image_0000001851585188.png b/docs/cce/umn/en-us_image_0000001981274533.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585188.png
rename to docs/cce/umn/en-us_image_0000001981274533.png
diff --git a/docs/cce/umn/en-us_image_0000001851743708.png b/docs/cce/umn/en-us_image_0000001981274553.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743708.png
rename to docs/cce/umn/en-us_image_0000001981274553.png
diff --git a/docs/cce/umn/en-us_image_0000001851585080.png b/docs/cce/umn/en-us_image_0000001981274593.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585080.png
rename to docs/cce/umn/en-us_image_0000001981274593.png
diff --git a/docs/cce/umn/en-us_image_0000001851743816.png b/docs/cce/umn/en-us_image_0000001981274597.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743816.png
rename to docs/cce/umn/en-us_image_0000001981274597.png
diff --git a/docs/cce/umn/en-us_image_0000001898024061.png b/docs/cce/umn/en-us_image_0000001981274613.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024061.png
rename to docs/cce/umn/en-us_image_0000001981274613.png
diff --git a/docs/cce/umn/en-us_image_0000001851743956.png b/docs/cce/umn/en-us_image_0000001981274745.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743956.png
rename to docs/cce/umn/en-us_image_0000001981274745.png
diff --git a/docs/cce/umn/en-us_image_0000001851744104.png b/docs/cce/umn/en-us_image_0000001981274973.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744104.png
rename to docs/cce/umn/en-us_image_0000001981274973.png
diff --git a/docs/cce/umn/en-us_image_0000001897904777.png b/docs/cce/umn/en-us_image_0000001981274977.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904777.png
rename to docs/cce/umn/en-us_image_0000001981274977.png
diff --git a/docs/cce/umn/en-us_image_0000001981274989.png b/docs/cce/umn/en-us_image_0000001981274989.png
new file mode 100644
index 00000000..b74022b5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001981274989.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851585464.png b/docs/cce/umn/en-us_image_0000001981275001.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585464.png
rename to docs/cce/umn/en-us_image_0000001981275001.png
diff --git a/docs/cce/umn/en-us_image_0000001898023841.png b/docs/cce/umn/en-us_image_0000001981275029.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898023841.png
rename to docs/cce/umn/en-us_image_0000001981275029.png
diff --git a/docs/cce/umn/en-us_image_0000001851585440.png b/docs/cce/umn/en-us_image_0000001981275053.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585440.png
rename to docs/cce/umn/en-us_image_0000001981275053.png
diff --git a/docs/cce/umn/en-us_image_0000001851584908.png b/docs/cce/umn/en-us_image_0000001981275113.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851584908.png
rename to docs/cce/umn/en-us_image_0000001981275113.png
diff --git a/docs/cce/umn/en-us_image_0000001851744224.png b/docs/cce/umn/en-us_image_0000001981275141.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744224.png
rename to docs/cce/umn/en-us_image_0000001981275141.png
diff --git a/docs/cce/umn/en-us_image_0000001851585004.jpg b/docs/cce/umn/en-us_image_0000001981275157.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585004.jpg
rename to docs/cce/umn/en-us_image_0000001981275157.jpg
diff --git a/docs/cce/umn/en-us_image_0000001897904309.jpg b/docs/cce/umn/en-us_image_0000001981275177.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904309.jpg
rename to docs/cce/umn/en-us_image_0000001981275177.jpg
diff --git a/docs/cce/umn/en-us_image_0000001851743664.png b/docs/cce/umn/en-us_image_0000001981275205.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743664.png
rename to docs/cce/umn/en-us_image_0000001981275205.png
diff --git a/docs/cce/umn/en-us_image_0000001898024017.png b/docs/cce/umn/en-us_image_0000001981275249.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024017.png
rename to docs/cce/umn/en-us_image_0000001981275249.png
diff --git a/docs/cce/umn/en-us_image_0000001851585112.png b/docs/cce/umn/en-us_image_0000001981275269.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585112.png
rename to docs/cce/umn/en-us_image_0000001981275269.png
diff --git a/docs/cce/umn/en-us_image_0000001851585148.png b/docs/cce/umn/en-us_image_0000001981275337.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585148.png
rename to docs/cce/umn/en-us_image_0000001981275337.png
diff --git a/docs/cce/umn/en-us_image_0000001897905025.png b/docs/cce/umn/en-us_image_0000001981275361.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905025.png
rename to docs/cce/umn/en-us_image_0000001981275361.png
diff --git a/docs/cce/umn/en-us_image_0000001898024565.png b/docs/cce/umn/en-us_image_0000001981275365.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024565.png
rename to docs/cce/umn/en-us_image_0000001981275365.png
diff --git a/docs/cce/umn/en-us_image_0000001851585232.jpg b/docs/cce/umn/en-us_image_0000001981275417.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585232.jpg
rename to docs/cce/umn/en-us_image_0000001981275417.jpg
diff --git a/docs/cce/umn/en-us_image_0000001981275425.png b/docs/cce/umn/en-us_image_0000001981275425.png
new file mode 100644
index 00000000..c00668eb
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001981275425.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851585808.png b/docs/cce/umn/en-us_image_0000001981275437.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585808.png
rename to docs/cce/umn/en-us_image_0000001981275437.png
diff --git a/docs/cce/umn/en-us_image_0000001898024049.png b/docs/cce/umn/en-us_image_0000001981275445.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024049.png
rename to docs/cce/umn/en-us_image_0000001981275445.png
diff --git a/docs/cce/umn/en-us_image_0000001897905069.png b/docs/cce/umn/en-us_image_0000001981275449.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905069.png
rename to docs/cce/umn/en-us_image_0000001981275449.png
diff --git a/docs/cce/umn/en-us_image_0000001851585812.png b/docs/cce/umn/en-us_image_0000001981275457.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585812.png
rename to docs/cce/umn/en-us_image_0000001981275457.png
diff --git a/docs/cce/umn/en-us_image_0000001851585700.png b/docs/cce/umn/en-us_image_0000001981275489.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585700.png
rename to docs/cce/umn/en-us_image_0000001981275489.png
diff --git a/docs/cce/umn/en-us_image_0000001897905113.png b/docs/cce/umn/en-us_image_0000001981275513.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905113.png
rename to docs/cce/umn/en-us_image_0000001981275513.png
diff --git a/docs/cce/umn/en-us_image_0000001851743868.png b/docs/cce/umn/en-us_image_0000001981275577.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743868.png
rename to docs/cce/umn/en-us_image_0000001981275577.png
diff --git a/docs/cce/umn/en-us_image_0000001898024041.png b/docs/cce/umn/en-us_image_0000001981275593.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024041.png
rename to docs/cce/umn/en-us_image_0000001981275593.png
diff --git a/docs/cce/umn/en-us_image_0000001898024289.png b/docs/cce/umn/en-us_image_0000001981275621.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024289.png
rename to docs/cce/umn/en-us_image_0000001981275621.png
diff --git a/docs/cce/umn/en-us_image_0000001898024237.png b/docs/cce/umn/en-us_image_0000001981275677.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024237.png
rename to docs/cce/umn/en-us_image_0000001981275677.png
diff --git a/docs/cce/umn/en-us_image_0000001898025121.png b/docs/cce/umn/en-us_image_0000001981276081.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025121.png
rename to docs/cce/umn/en-us_image_0000001981276081.png
diff --git a/docs/cce/umn/en-us_image_0000001851586336.png b/docs/cce/umn/en-us_image_0000001981276109.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586336.png
rename to docs/cce/umn/en-us_image_0000001981276109.png
diff --git a/docs/cce/umn/en-us_image_0000001897905733.png b/docs/cce/umn/en-us_image_0000001981276145.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905733.png
rename to docs/cce/umn/en-us_image_0000001981276145.png
diff --git a/docs/cce/umn/en-us_image_0000001897905601.png b/docs/cce/umn/en-us_image_0000001981276157.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905601.png
rename to docs/cce/umn/en-us_image_0000001981276157.png
diff --git a/docs/cce/umn/en-us_image_0000001851744964.png b/docs/cce/umn/en-us_image_0000001981276161.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744964.png
rename to docs/cce/umn/en-us_image_0000001981276161.png
diff --git a/docs/cce/umn/en-us_image_0000001851586476.png b/docs/cce/umn/en-us_image_0000001981276233.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586476.png
rename to docs/cce/umn/en-us_image_0000001981276233.png
diff --git a/docs/cce/umn/en-us_image_0000001851745256.png b/docs/cce/umn/en-us_image_0000001981276257.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745256.png
rename to docs/cce/umn/en-us_image_0000001981276257.png
diff --git a/docs/cce/umn/en-us_image_0000001851586520.png b/docs/cce/umn/en-us_image_0000001981276261.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586520.png
rename to docs/cce/umn/en-us_image_0000001981276261.png
diff --git a/docs/cce/umn/en-us_image_0000001851745260.png b/docs/cce/umn/en-us_image_0000001981276265.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745260.png
rename to docs/cce/umn/en-us_image_0000001981276265.png
diff --git a/docs/cce/umn/en-us_image_0000001898025441.png b/docs/cce/umn/en-us_image_0000001981276269.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025441.png
rename to docs/cce/umn/en-us_image_0000001981276269.png
diff --git a/docs/cce/umn/en-us_image_0000001851586264.png b/docs/cce/umn/en-us_image_0000001981276281.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586264.png
rename to docs/cce/umn/en-us_image_0000001981276281.png
diff --git a/docs/cce/umn/en-us_image_0000001909237081.png b/docs/cce/umn/en-us_image_0000001981276293.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001909237081.png
rename to docs/cce/umn/en-us_image_0000001981276293.png
diff --git a/docs/cce/umn/en-us_image_0000001851586680.png b/docs/cce/umn/en-us_image_0000001981276309.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586680.png
rename to docs/cce/umn/en-us_image_0000001981276309.png
diff --git a/docs/cce/umn/en-us_image_0000001897906097.png b/docs/cce/umn/en-us_image_0000001981276393.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906097.png
rename to docs/cce/umn/en-us_image_0000001981276393.png
diff --git a/docs/cce/umn/en-us_image_0000001898025577.png b/docs/cce/umn/en-us_image_0000001981276397.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025577.png
rename to docs/cce/umn/en-us_image_0000001981276397.png
diff --git a/docs/cce/umn/en-us_image_0000001898025669.png b/docs/cce/umn/en-us_image_0000001981276405.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025669.png
rename to docs/cce/umn/en-us_image_0000001981276405.png
diff --git a/docs/cce/umn/en-us_image_0000001981276409.png b/docs/cce/umn/en-us_image_0000001981276409.png
new file mode 100644
index 00000000..49cebe81
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001981276409.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981276429.png b/docs/cce/umn/en-us_image_0000001981276429.png
new file mode 100644
index 00000000..b34a43f7
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001981276429.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851745436.png b/docs/cce/umn/en-us_image_0000001981276441.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745436.png
rename to docs/cce/umn/en-us_image_0000001981276441.png
diff --git a/docs/cce/umn/en-us_image_0000001897906253.png b/docs/cce/umn/en-us_image_0000001981276581.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906253.png
rename to docs/cce/umn/en-us_image_0000001981276581.png
diff --git a/docs/cce/umn/en-us_image_0000001898025749.png b/docs/cce/umn/en-us_image_0000001981276601.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025749.png
rename to docs/cce/umn/en-us_image_0000001981276601.png
diff --git a/docs/cce/umn/en-us_image_0000001851745568.png b/docs/cce/umn/en-us_image_0000001981276605.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745568.png
rename to docs/cce/umn/en-us_image_0000001981276605.png
diff --git a/docs/cce/umn/en-us_image_0000001897906037.png b/docs/cce/umn/en-us_image_0000001981276629.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906037.png
rename to docs/cce/umn/en-us_image_0000001981276629.png
diff --git a/docs/cce/umn/en-us_image_0000001851745844.png b/docs/cce/umn/en-us_image_0000001981276633.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745844.png
rename to docs/cce/umn/en-us_image_0000001981276633.png
diff --git a/docs/cce/umn/en-us_image_0000001851745864.png b/docs/cce/umn/en-us_image_0000001981276729.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745864.png
rename to docs/cce/umn/en-us_image_0000001981276729.png
diff --git a/docs/cce/umn/en-us_image_0000001851586992.png b/docs/cce/umn/en-us_image_0000001981276741.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586992.png
rename to docs/cce/umn/en-us_image_0000001981276741.png
diff --git a/docs/cce/umn/en-us_image_0000001897906185.png b/docs/cce/umn/en-us_image_0000001981276749.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906185.png
rename to docs/cce/umn/en-us_image_0000001981276749.png
diff --git a/docs/cce/umn/en-us_image_0000001851587156.png b/docs/cce/umn/en-us_image_0000001981276785.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587156.png
rename to docs/cce/umn/en-us_image_0000001981276785.png
diff --git a/docs/cce/umn/en-us_image_0000001851746444.png b/docs/cce/umn/en-us_image_0000001981276797.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851746444.png
rename to docs/cce/umn/en-us_image_0000001981276797.png
diff --git a/docs/cce/umn/en-us_image_0000001897906365.png b/docs/cce/umn/en-us_image_0000001981276817.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906365.png
rename to docs/cce/umn/en-us_image_0000001981276817.png
diff --git a/docs/cce/umn/en-us_image_0000001897906293.png b/docs/cce/umn/en-us_image_0000001981276821.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906293.png
rename to docs/cce/umn/en-us_image_0000001981276821.png
diff --git a/docs/cce/umn/en-us_image_0000001898026705.png b/docs/cce/umn/en-us_image_0000001981276877.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026705.png
rename to docs/cce/umn/en-us_image_0000001981276877.png
diff --git a/docs/cce/umn/en-us_image_0000001851587796.png b/docs/cce/umn/en-us_image_0000001981276889.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587796.png
rename to docs/cce/umn/en-us_image_0000001981276889.png
diff --git a/docs/cce/umn/en-us_image_0000001851587344.png b/docs/cce/umn/en-us_image_0000001981276941.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587344.png
rename to docs/cce/umn/en-us_image_0000001981276941.png
diff --git a/docs/cce/umn/en-us_image_0000001851587336.png b/docs/cce/umn/en-us_image_0000001981276965.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587336.png
rename to docs/cce/umn/en-us_image_0000001981276965.png
diff --git a/docs/cce/umn/en-us_image_0000001851746060.png b/docs/cce/umn/en-us_image_0000001981276973.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851746060.png
rename to docs/cce/umn/en-us_image_0000001981276973.png
diff --git a/docs/cce/umn/en-us_image_0000001851587348.png b/docs/cce/umn/en-us_image_0000001981276977.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587348.png
rename to docs/cce/umn/en-us_image_0000001981276977.png
diff --git a/docs/cce/umn/en-us_image_0000001851745744.png b/docs/cce/umn/en-us_image_0000001981277009.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745744.png
rename to docs/cce/umn/en-us_image_0000001981277009.png
diff --git a/docs/cce/umn/en-us_image_0000001851587044.png b/docs/cce/umn/en-us_image_0000001981277029.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587044.png
rename to docs/cce/umn/en-us_image_0000001981277029.png
diff --git a/docs/cce/umn/en-us_image_0000001898025961.png b/docs/cce/umn/en-us_image_0000001981277037.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025961.png
rename to docs/cce/umn/en-us_image_0000001981277037.png
diff --git a/docs/cce/umn/en-us_image_0000001851585000.gif b/docs/cce/umn/en-us_image_0000001981434241.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585000.gif
rename to docs/cce/umn/en-us_image_0000001981434241.gif
diff --git a/docs/cce/umn/en-us_image_0000001851585156.png b/docs/cce/umn/en-us_image_0000001981434361.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585156.png
rename to docs/cce/umn/en-us_image_0000001981434361.png
diff --git a/docs/cce/umn/en-us_image_0000001851585168.png b/docs/cce/umn/en-us_image_0000001981434369.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585168.png
rename to docs/cce/umn/en-us_image_0000001981434369.png
diff --git a/docs/cce/umn/en-us_image_0000001897904561.png b/docs/cce/umn/en-us_image_0000001981434377.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904561.png
rename to docs/cce/umn/en-us_image_0000001981434377.png
diff --git a/docs/cce/umn/en-us_image_0000001851585200.png b/docs/cce/umn/en-us_image_0000001981434389.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585200.png
rename to docs/cce/umn/en-us_image_0000001981434389.png
diff --git a/docs/cce/umn/en-us_image_0000001897904609.png b/docs/cce/umn/en-us_image_0000001981434421.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904609.png
rename to docs/cce/umn/en-us_image_0000001981434421.png
diff --git a/docs/cce/umn/en-us_image_0000001851585064.png b/docs/cce/umn/en-us_image_0000001981434437.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585064.png
rename to docs/cce/umn/en-us_image_0000001981434437.png
diff --git a/docs/cce/umn/en-us_image_0000001851743820.png b/docs/cce/umn/en-us_image_0000001981434457.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851743820.png
rename to docs/cce/umn/en-us_image_0000001981434457.png
diff --git a/docs/cce/umn/en-us_image_0000001897904533.png b/docs/cce/umn/en-us_image_0000001981434473.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904533.png
rename to docs/cce/umn/en-us_image_0000001981434473.png
diff --git a/docs/cce/umn/en-us_image_0000001851585204.png b/docs/cce/umn/en-us_image_0000001981434585.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585204.png
rename to docs/cce/umn/en-us_image_0000001981434585.png
diff --git a/docs/cce/umn/en-us_image_0000001851744000.png b/docs/cce/umn/en-us_image_0000001981434645.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744000.png
rename to docs/cce/umn/en-us_image_0000001981434645.png
diff --git a/docs/cce/umn/en-us_image_0000001897904773.png b/docs/cce/umn/en-us_image_0000001981434829.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904773.png
rename to docs/cce/umn/en-us_image_0000001981434829.png
diff --git a/docs/cce/umn/en-us_image_0000001898024381.png b/docs/cce/umn/en-us_image_0000001981434893.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024381.png
rename to docs/cce/umn/en-us_image_0000001981434893.png
diff --git a/docs/cce/umn/en-us_image_0000001851585500.png b/docs/cce/umn/en-us_image_0000001981434997.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585500.png
rename to docs/cce/umn/en-us_image_0000001981434997.png
diff --git a/docs/cce/umn/en-us_image_0000001851585104.png b/docs/cce/umn/en-us_image_0000001981435093.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585104.png
rename to docs/cce/umn/en-us_image_0000001981435093.png
diff --git a/docs/cce/umn/en-us_image_0000001851585136.png b/docs/cce/umn/en-us_image_0000001981435165.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585136.png
rename to docs/cce/umn/en-us_image_0000001981435165.png
diff --git a/docs/cce/umn/en-us_image_0000001897905169.png b/docs/cce/umn/en-us_image_0000001981435213.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905169.png
rename to docs/cce/umn/en-us_image_0000001981435213.png
diff --git a/docs/cce/umn/en-us_image_0000001851744500.png b/docs/cce/umn/en-us_image_0000001981435221.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744500.png
rename to docs/cce/umn/en-us_image_0000001981435221.png
diff --git a/docs/cce/umn/en-us_image_0000001898024709.png b/docs/cce/umn/en-us_image_0000001981435225.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024709.png
rename to docs/cce/umn/en-us_image_0000001981435225.png
diff --git a/docs/cce/umn/en-us_image_0000001851585684.png b/docs/cce/umn/en-us_image_0000001981435269.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851585684.png
rename to docs/cce/umn/en-us_image_0000001981435269.png
diff --git a/docs/cce/umn/en-us_image_0000001898024625.png b/docs/cce/umn/en-us_image_0000001981435329.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898024625.png
rename to docs/cce/umn/en-us_image_0000001981435329.png
diff --git a/docs/cce/umn/en-us_image_0000001897904509.png b/docs/cce/umn/en-us_image_0000001981435425.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904509.png
rename to docs/cce/umn/en-us_image_0000001981435425.png
diff --git a/docs/cce/umn/en-us_image_0000001897904725.png b/docs/cce/umn/en-us_image_0000001981435441.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897904725.png
rename to docs/cce/umn/en-us_image_0000001981435441.png
diff --git a/docs/cce/umn/en-us_image_0000001851744076.png b/docs/cce/umn/en-us_image_0000001981435457.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851744076.png
rename to docs/cce/umn/en-us_image_0000001981435457.png
diff --git a/docs/cce/umn/en-us_image_0000001851586224.png b/docs/cce/umn/en-us_image_0000001981435969.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586224.png
rename to docs/cce/umn/en-us_image_0000001981435969.png
diff --git a/docs/cce/umn/en-us_image_0000001851586240.png b/docs/cce/umn/en-us_image_0000001981436009.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586240.png
rename to docs/cce/umn/en-us_image_0000001981436009.png
diff --git a/docs/cce/umn/en-us_image_0000001897905605.png b/docs/cce/umn/en-us_image_0000001981436029.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905605.png
rename to docs/cce/umn/en-us_image_0000001981436029.png
diff --git a/docs/cce/umn/en-us_image_0000001851745204.png b/docs/cce/umn/en-us_image_0000001981436085.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745204.png
rename to docs/cce/umn/en-us_image_0000001981436085.png
diff --git a/docs/cce/umn/en-us_image_0000001851586460.png b/docs/cce/umn/en-us_image_0000001981436089.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586460.png
rename to docs/cce/umn/en-us_image_0000001981436089.png
diff --git a/docs/cce/umn/en-us_image_0000001851586516.png b/docs/cce/umn/en-us_image_0000001981436113.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586516.png
rename to docs/cce/umn/en-us_image_0000001981436113.png
diff --git a/docs/cce/umn/en-us_image_0000001981436137.png b/docs/cce/umn/en-us_image_0000001981436137.png
new file mode 100644
index 00000000..4e0fb1be
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001981436137.png differ
diff --git a/docs/cce/umn/en-us_image_0000001898025173.png b/docs/cce/umn/en-us_image_0000001981436181.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025173.png
rename to docs/cce/umn/en-us_image_0000001981436181.png
diff --git a/docs/cce/umn/en-us_image_0000001852319184.png b/docs/cce/umn/en-us_image_0000001981436201.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001852319184.png
rename to docs/cce/umn/en-us_image_0000001981436201.png
diff --git a/docs/cce/umn/en-us_image_0000001851745380.png b/docs/cce/umn/en-us_image_0000001981436237.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745380.png
rename to docs/cce/umn/en-us_image_0000001981436237.png
diff --git a/docs/cce/umn/en-us_image_0000001981436241.png b/docs/cce/umn/en-us_image_0000001981436241.png
new file mode 100644
index 00000000..8a476969
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001981436241.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851586648.png b/docs/cce/umn/en-us_image_0000001981436293.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586648.png
rename to docs/cce/umn/en-us_image_0000001981436293.png
diff --git a/docs/cce/umn/en-us_image_0000001897906049.png b/docs/cce/umn/en-us_image_0000001981436297.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906049.png
rename to docs/cce/umn/en-us_image_0000001981436297.png
diff --git a/docs/cce/umn/en-us_image_0000001851586668.png b/docs/cce/umn/en-us_image_0000001981436301.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586668.png
rename to docs/cce/umn/en-us_image_0000001981436301.png
diff --git a/docs/cce/umn/en-us_image_0000001897906165.jpg b/docs/cce/umn/en-us_image_0000001981436333.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906165.jpg
rename to docs/cce/umn/en-us_image_0000001981436333.jpg
diff --git a/docs/cce/umn/en-us_image_0000001897905793.png b/docs/cce/umn/en-us_image_0000001981436361.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905793.png
rename to docs/cce/umn/en-us_image_0000001981436361.png
diff --git a/docs/cce/umn/en-us_image_0000001897905921.png b/docs/cce/umn/en-us_image_0000001981436409.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897905921.png
rename to docs/cce/umn/en-us_image_0000001981436409.png
diff --git a/docs/cce/umn/en-us_image_0000001898025781.png b/docs/cce/umn/en-us_image_0000001981436441.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025781.png
rename to docs/cce/umn/en-us_image_0000001981436441.png
diff --git a/docs/cce/umn/en-us_image_0000001897906213.png b/docs/cce/umn/en-us_image_0000001981436449.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906213.png
rename to docs/cce/umn/en-us_image_0000001981436449.png
diff --git a/docs/cce/umn/en-us_image_0000001897906225.png b/docs/cce/umn/en-us_image_0000001981436461.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906225.png
rename to docs/cce/umn/en-us_image_0000001981436461.png
diff --git a/docs/cce/umn/en-us_image_0000001898025705.png b/docs/cce/umn/en-us_image_0000001981436605.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025705.png
rename to docs/cce/umn/en-us_image_0000001981436605.png
diff --git a/docs/cce/umn/en-us_image_0000001851745528.png b/docs/cce/umn/en-us_image_0000001981436609.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745528.png
rename to docs/cce/umn/en-us_image_0000001981436609.png
diff --git a/docs/cce/umn/en-us_image_0000001902829161.png b/docs/cce/umn/en-us_image_0000001981436641.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001902829161.png
rename to docs/cce/umn/en-us_image_0000001981436641.png
diff --git a/docs/cce/umn/en-us_image_0000001851586944.png b/docs/cce/umn/en-us_image_0000001981436649.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851586944.png
rename to docs/cce/umn/en-us_image_0000001981436649.png
diff --git a/docs/cce/umn/en-us_image_0000001851745852.png b/docs/cce/umn/en-us_image_0000001981436653.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745852.png
rename to docs/cce/umn/en-us_image_0000001981436653.png
diff --git a/docs/cce/umn/en-us_image_0000001898026645.png b/docs/cce/umn/en-us_image_0000001981436657.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026645.png
rename to docs/cce/umn/en-us_image_0000001981436657.png
diff --git a/docs/cce/umn/en-us_image_0000001898025869.png b/docs/cce/umn/en-us_image_0000001981436665.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025869.png
rename to docs/cce/umn/en-us_image_0000001981436665.png
diff --git a/docs/cce/umn/en-us_image_0000001898026693.png b/docs/cce/umn/en-us_image_0000001981436701.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026693.png
rename to docs/cce/umn/en-us_image_0000001981436701.png
diff --git a/docs/cce/umn/en-us_image_0000001851587804.png b/docs/cce/umn/en-us_image_0000001981436769.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851587804.png
rename to docs/cce/umn/en-us_image_0000001981436769.png
diff --git a/docs/cce/umn/en-us_image_0000001897906289.png b/docs/cce/umn/en-us_image_0000001981436773.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906289.png
rename to docs/cce/umn/en-us_image_0000001981436773.png
diff --git a/docs/cce/umn/en-us_image_0000001898025885.png b/docs/cce/umn/en-us_image_0000001981436829.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898025885.png
rename to docs/cce/umn/en-us_image_0000001981436829.png
diff --git a/docs/cce/umn/en-us_image_0000001898026669.png b/docs/cce/umn/en-us_image_0000001981436837.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898026669.png
rename to docs/cce/umn/en-us_image_0000001981436837.png
diff --git a/docs/cce/umn/en-us_image_0000001851745716.png b/docs/cce/umn/en-us_image_0000001981436845.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745716.png
rename to docs/cce/umn/en-us_image_0000001981436845.png
diff --git a/docs/cce/umn/en-us_image_0000001851746544.png b/docs/cce/umn/en-us_image_0000001981436873.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851746544.png
rename to docs/cce/umn/en-us_image_0000001981436873.png
diff --git a/docs/cce/umn/en-us_image_0000001851745764.png b/docs/cce/umn/en-us_image_0000001981436885.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851745764.png
rename to docs/cce/umn/en-us_image_0000001981436885.png
diff --git a/docs/cce/umn/en-us_image_0000001897906445.png b/docs/cce/umn/en-us_image_0000001981436901.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897906445.png
rename to docs/cce/umn/en-us_image_0000001981436901.png