云服务器内容精选

华为云首页用户手册

容器网络配置

云容器引擎 CCE-为Pod配置QoS:约束与限制

约束与限制 Pod互访限速设置需遵循以下约束：约束类别容器隧道网络模式 VPC网络模式云原生2.0网络模式支持的版本所有版本都支持 v1.19.10以上集群版本 v1.19.10以上集群版本支持的运行时类型仅支持普通容器支持的Pod类型仅支持非HostNetwork类型Pod 支持的场景支持Pod间互访、Pod访问Node、Pod访问Service的场景限速限制的场景无无不支持Pod访问100.64.0.0/10和214.0.0.0/8外部云服务网段的限速场景不支持健康检查的流量限速场景限速值取值范围只支持单位M或G的限速配置，如100M，1G；最小取值1M，最大取值4.29G。

云容器引擎 CCE 容器网络配置
云容器引擎 CCE-为Pod配置QoS:通过kubectl命令行设置

通过kubectl命令行设置您可以通过对工作负载添加annotations指定出口带宽和入口带宽，如下所示。 apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: default labels: app: test spec: replicas: 2 selector: matchLabels: app: test template: metadata: labels: app: test annotations: kubernetes.io/ingress-bandwidth: 100M kubernetes.io/egress-bandwidth: 100M spec: containers: - name: container-1 image: nginx:alpine imagePullPolicy: IfNotPresent imagePullSecrets: - name: default-secret kubernetes.io/ingress-bandwidth：Pod的入口带宽 kubernetes.io/egress-bandwidth：Pod的出口带宽如果不设置这两个参数，则表示不限制带宽。修改Pod出/入口带宽限速后，需要重启容器才可生效。由于独立创建的Pod（不通过工作负载管理）修改annotations后不会触发容器重启，因此带宽限制不会生效，您可以重新创建Pod或手动触发容器重启。

云容器引擎 CCE 容器网络配置
云容器引擎 CCE-主机网络（hostNetwork）:hostNetwork使用注意事项

hostNetwork使用注意事项 Pod直接使用主机的网络会占用宿主机的端口，Pod的IP就是宿主机的IP，使用时需要考虑是否与主机上的端口冲突，因此一般情况下除非您知道某个特定应用需要占用宿主机上的特定端口，否则不建议使用主机网络。由于Pod使用主机网络，访问Pod需要直接通过节点端口，因此要注意放通节点安全组端口，否则会出现访问不通的情况。另外由于占用主机端口，使用Deployment部署hostNetwork类型Pod时，要注意Pod的副本数不要超过节点数量，否则会导致一个节点上调度了多个Pod，Pod启动时端口冲突无法创建。例如上面例子中的nginx，如果服务数为2，并部署在只有1个节点的集群上，就会有一个Pod无法创建，查询Pod日志会发现是由于端口占用导致nginx无法启动。请避免在同一个节点上调度多个使用主机网络的Pod，否则在创建ClusterIP类型的Service访问Pod时，会出现访问ClusterIP不通的情况。 $ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE nginx 1/2 2 1 67m $ kubectl get pod NAME READY STATUS RESTARTS AGE nginx-6fdf99c8b-6wwft 1/1 Running 0 67m nginx-6fdf99c8b-rglm7 0/1 CrashLoopBackOff 13 44m $ kubectl logs nginx-6fdf99c8b-rglm7 /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: bind() to [::]:80 failed (98: Address in use) nginx: [emerg] bind() to [::]:80 failed (98: Address in use) 2022/05/11 07:18:11 [emerg] 1#1: still could not bind() nginx: [emerg] still could not bind()

云容器引擎 CCE 容器网络配置