Huawei Cloud Stack 8.2.0 Solution Description 04
Constraints
This section describes the notes and constraints on using CCE.
Clusters and Nodes
- You can create a maximum of 50 clusters in a single resource set. If the quota does not meet service requirements, contact technical support.
- When upgrading resource objects, you can create a maximum of five clusters in the resource set created before the CCE upgrade.
- After a cluster is created, the following items cannot be changed:
- Number of master nodes in the cluster.
- AZ of a master node.
- Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings.
- Network model, for example, a change from a tunnel network to a VPC network.
- Applications cannot be migrated between different namespaces.
- Underlying resources, such as ECSs (nodes), are limited by quotas and their inventory. Therefore, only some nodes may be successfully created during cluster creation, cluster scaling, or auto scaling.
- The ECS (node) specifications must be higher than 2 cores and 4 GiB memory.
- Hygon and Phytium servers are compatible with EulerOS 2.9. If you want to use EulerOS 2.9, your clusters must be of v1.19 and use the VPC network model.
- Constraints in the scenarios where IPv6 is involved: The container network model must be the tunnel network, and the Service type cannot be LoadBalancer.
Networking
- By default, a NodePort Service is accessed within a VPC. If you need to use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
- The LoadBalancer Service allows workloads to be accessed from public networks through ELB. This access type has the following restrictions:
- It is recommended that automatically created load balancers not be used by other resources. Otherwise, these load balancers cannot be completely deleted, causing residual resources.
- Constraints on network policies:
- The VPC network model does not support network policies.
- Network policies do not support egress rules.
- Constraints on network attachment definitions:
Only clusters whose network model is VPC (with IPv6 disabled) and Yangtse support network attachment definitions. If the network model is tunnel network, only default-network is displayed in the list and it cannot be added or modified.
Volumes
- Constraints on EVS volumes:
- EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks.
- The data sharing function of a shared disk is not supported between nodes in a CCE cluster. If the same EVS disk is attached to multiple nodes, read and write conflicts and data cache conflicts may occur. Therefore, you are advised to create only one pod when creating a Deployment that uses EVS disks.
- When you create a StatefulSet and add a cloud storage volume, existing EVS volumes cannot be used.
- EVS disks that have partitions or have non-ext4 file systems cannot be imported.
- EVS volumes cannot be created in specified enterprise projects. Only the default enterprise project is supported.
- The ECS snapshot function affects CCE EVS disk storage volumes. Once an ECS snapshot is created for a CCE service node, the EVS volumes used by the workloads on this node cannot be attached to other nodes. In this case, if a workload is migrated to another node, the workload will fail to be started because the EVS volume cannot be attached.
- Constraints on SFS volumes:
- SFS volumes cannot be created in specified enterprise projects. Only the default enterprise project is supported.
- If SFS storage volumes are used, the owner group and permissions of the mount point cannot be modified. The default owner of the mount point is root.
- Constraints on OBS volumes:
- OBS volumes cannot be created in specified enterprise projects. Only the default enterprise project is supported.
Scaling
- The auto scaling function applies to worker nodes and workloads in a cluster, but not to master nodes.
- Constraints on workload scaling policies:
- HPA policies can be created only for clusters of v1.13 or later.
- CustomedHPA policies can be created only for clusters of v1.15 or later.
- Only one policy can be created for each workload. If you have created an HPA policy, you cannot create a CustomedHPA policy or other HPA policies for the workload. You can delete the created HPA policy and create a new one.
Other Restrictions
The VDC name cannot be changed.
Services
A Service is a Kubernetes resource object that defines a logical set of pods and a policy by which to access them.
A maximum of 6,000 Services can be created in each namespace.
CCE Cluster Resources
A fixed quota is allocated to each CCE cluster in each region.
Item |
Constraints on Common Users |
Method to Go Beyond Limit |
|---|---|---|
Total number of clusters in a resource set |
50 |
/ |
Number of nodes in a cluster (cluster management scale) |
You can select 50, 200, 1,000, or 2,000 nodes. |
/ |
Maximum number of container pods created on each worker node |
This number can be set on the console when you are creating a cluster. In the VPC network model, a maximum of 256 pods can be created. |
None |
Dependent Underlying Cloud Resources
Category |
Item |
Constraints on Common Users |
Method to Go Beyond Limit |
|---|---|---|---|
Compute |
Pods |
1,000 |
/ |
Cores |
8,000 |
/ |
|
RAM capacity (MB) |
16,384,000 |
/ |
|
Networking |
VPCs per account |
5 |
/ |
Subnets per account |
100 |
/ |
|
Security groups per account |
100 |
/ |
|
Security group rules per account |
5000 |
/ |
|
Routes per route table |
100 |
None |
|
Routes per VPC |
100 |
None |
|
VPC peering connections per region |
50 |
None |
|
Network ACLs per account |
200 |
/ |
|
Layer 2 connection gateways per account |
5 |
/ |
|
Load balancing |
Elastic load balancers |
50 |
/ |
Load balancer listeners |
100 |
/ |
|
Load balancer certificates |
120 |
/ |
|
Load balancer forwarding policies |
500 |
/ |
|
Load balancer backend host groups |
500 |
/ |
|
Load balancer backend servers |
500 |
/ |