Creating a CCE Standard/Turbo Cluster¶
On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this way, you can implement cost-effective O&M and efficient service deployment.
Precautions¶
After a cluster is created, the following items cannot be changed:
Cluster type
Number of master nodes in the cluster
AZ of a master node
Network configurations of the cluster, such as the VPC, subnet, Service CIDR block, IPv6 settings, and kube-proxy settings
Network model. For example, change Tunnel network to VPC network.
Step 1: Log In to the CCE Console¶
Log in to the CCE console.
On the Clusters page, click Create Cluster.
Step 2: Configure the Cluster¶
On the Create Cluster page, configure the parameters.
Basic Settings
Parameter | Description |
|---|---|
Type | Select CCE Standard Cluster or CCE Turbo Cluster as required.
For more details, see cluster types. |
Cluster Name | Enter a cluster name. Cluster names under the same account must be unique. |
Cluster Version | Select the Kubernetes version used by the cluster. |
Cluster Scale | Select a cluster scale for your cluster as required. These values specify the maximum number of nodes that can be managed by the cluster. |
Master Nodes | Select the number of master nodes. The master nodes are automatically hosted by CCE and deployed with Kubernetes cluster management components such as kube-apiserver, kube-controller-manager, and kube-scheduler.
You can also select AZs for deploying the master nodes of a specific cluster. By default, AZs are allocated automatically for the master nodes.
|
Network Settings
The network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.
Parameter | Description |
|---|---|
VPC | Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after the cluster is created. |
Node Subnet | Select the subnet to which the master nodes belong. If no subnet is available, click Create Subnet to create one. The value cannot be changed after the cluster is created. |
Default Node Security Group | Select the security group automatically generated by CCE or use the existing one as the default security group of the node. Important NOTICE: The default security group must allow traffic from certain ports to ensure normal communication. Otherwise, the node cannot be created. For details, see Configuring Cluster Security Group Rules. |
IPv6 | If enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
|
Parameter | Description |
|---|---|
Network Model | Select VPC network or Tunnel network for your CCE standard cluster. Select Cloud Native Network 2.0 for your CCE Turbo cluster. For more information about their differences, see Overview. |
DataPlane V2 (supported by CCE Turbo clusters) | DataPlane V2 uses eBPF to enable features like Service ClusterIP, NetworkPolicy, and egress bandwidth. For details, see DataPlane V2 Network Acceleration. This function is available for new clusters of v1.27 or later. After this function is enabled, CCE will automatically deploy the cilium-agent on every node in the cluster. Each cilium-agent will use 80 MiB of memory, and the memory usage will increase by 10 KiB whenever a new pod is added. After the cluster is created, you cannot disable this function. Additionally, the nodes can run only HCE OS 2.0. Therefore, enable this function only when you fully understand the constraints in DataPlane V2 Network Acceleration. Note CCE DataPlane V2 is released with restrictions. To use this feature, submit a service ticket to CCE. |
Network Policies (supported by CCE standard clusters using a tunnel network) | Policy-based network control for clusters. For details, see Configuring Network Policies to Restrict Pod Access. After this function is enabled, if the CIDR blocks of a customer's service conflict with the on-premises CIDR blocks, the link to a newly added gateway may not be established. For example, when a cluster accesses an external address through a Direct Connect connection, the external switch does not support ip-option. If the network policy is enabled, the network access may fail. |
Container CIDR Block | Specify the CIDR block for containers, which determines the maximum number of containers allowed in the cluster. This parameter is available only for CCE standard clusters. CCE standard clusters allow both manual and automatic CIDR block settings.
|
Pod IP Addresses Reserved for Each Node (supported by CCE standard clusters using a VPC network) | Specify the number of container IP addresses that can be allocated to each node (alpha.cce/fixPoolMask) when creating a cluster. This parameter determines the maximum number of pods that can be created on each node and cannot be changed after the cluster is created. When a container network is used, each pod occupies one IP address. If a node's reserved container IP addresses are insufficient, pods cannot be created. For details, see Number of Allocatable Container IP Addresses on a Node. |
Pod Subnet | Select the subnet to which the pod belongs. If no subnet is available, click Create Subnet to create one. This parameter is available only for CCE Turbo clusters. The pod subnet determines the maximum number of containers in a cluster. You can add pod subnets after a cluster is created. |
Default Security Group | Select the security group automatically generated by CCE or use the existing one as the default security group of the containers. Important NOTICE: The default security group of containers must allow access from specified ports to ensure proper communication between containers in the cluster. For details about how to configure security group ports, see How Do I Harden the Automatically Created Security Group Rules for CCE Cluster Nodes? |
Parameter | Description |
|---|---|
Service CIDR Block | Configure the Service CIDR blocks for containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after the cluster is created. |
Request Forwarding | Select IPVS or iptables for your cluster. For details, see Comparing iptables and IPVS.
|
IPv6 Service CIDR Block | Configure this parameter only when IPv6 dual stack is enabled for a CCE Turbo cluster. This configuration cannot be modified after the cluster is created. |
(Optional) Advanced Settings
Parameter | Description |
|---|---|
IAM Authentication | CCE clusters support IAM authentication. You can call IAM authenticated APIs to access CCE clusters. |
Certificate Authentication |
|
CPU Management | If enabled, exclusive CPU cores can be allocated to workload pods. For details, see CPU Policy. |
Disk Encryption for Master Nodes | If enabled, dynamic data and static data on disks can be encrypted, providing powerful security protection for your data. After encryption, the disk read/write performance deteriorates, and the configuration cannot be modified after the cluster is created. This function is available only for clusters of v1.25 or later. |
Overload Control | After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster. |
Cluster Deletion Protection | A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE. You can modify the function status in the cluster Settings after creating it. |
Time Zone | The cluster's scheduled tasks and nodes are subject to the chosen time zone. |
Resource Tag | You can add resource tags to classify resources. A maximum of 20 resource tags can be added. You can create predefined tags on the TMS console. These tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. |
Description | You can enter description for the cluster. A maximum of 200 characters are allowed. |
Step 3: Select Add-ons¶
Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
Basic capabilities
Add-on Name | Description |
|---|---|
CCE Container Network (Yangtse CNI) | This is the basic cluster add-on. It provides network connectivity, Internet access, and security isolation for pods in your cluster. |
CCE Container Storage (Everest) | This add-on (CCE Container Storage (Everest)) is installed by default. It is a cloud native container storage system based on CSI and supports cloud storage services such as EVS. |
CoreDNS | This add-on (CoreDNS) is installed by default. It provides DNS resolution for your cluster and can be used to access the in-cloud DNS server. |
Observability
Add-on Name | Description |
|---|---|
Cloud Native Cluster Monitoring | (Optional) If selected, this add-on (Cloud Native Cluster Monitoring) will be automatically installed. Cloud Native Cluster Monitoring collects monitoring metrics for your cluster and reports the metrics to AOM. The agent mode does not support HPA based on custom Prometheus statements. If related functions are required, install this add-on manually after the cluster is created. |
Cloud Native Logging | (Optional) If selected, this add-on (Cloud Native Log Collection) will be automatically installed. Cloud Native Logging helps report logs to LTS. After the cluster is created, you are allowed to obtain and manage collection rules on the Logging page of the CCE cluster console. |
CCE Node Problem Detector | (Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting. |
Step 4: Configure Add-ons¶
Click Next: Add-on Configuration.
Basic capabilities
Add-on Name | Description |
|---|---|
CCE Container Network (Yangtse CNI) | This add-on is unconfigurable. |
CCE Container Storage (Everest) | This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration. |
CoreDNS | This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration. |
Observability
Add-on Name | Description |
|---|---|
Cloud Native Cluster Monitoring | Select an AOM instance for Cloud Native Cluster Monitoring to report metrics. If no AOM instance is available, click Creating Instance to create one. |
Cloud Native Logging | Select the logs to be collected. If enabled, a log group named k8s-log-{clusterId} will be automatically created, and a log stream will be created for each selected log type.
If log collection is disabled, choose Logging in the navigation pane of the cluster console after the cluster is created and enable this function. |
CCE Node Problem Detector | This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration. |
Step 5: Confirm the Configuration¶
After the parameters are specified, click Next: Confirm configuration. The cluster resource list is displayed. Confirm the information and click Submit.
It takes about 5 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.