Kubernetes coordinates a highly available cluster of cloud resources, such as nodes and VPCs, required for running containers.
Clusters, Subnets, and VPCs
- A VPC is similar to a private local area network (LAN) managed by a home gateway. It is a private network built on the public cloud and provides a basic network environment for running ECSs, ELBs, and middleware. You can configure networks of different scales as required.
- A VPC can be divided into one or more subnets. Security groups are configured to determine whether these subnets can communicate with each other. This ensures that subnets can be isolated from each other, so that you can deploy different services on different subnets.
- A cluster consists of one or more ECSs (also known as nodes) in the same subnet. It provides a computing resource pool for running containers.
As shown in
, multiple VPCs are configured in a region. A VPC consists of subnets. The subnets communicate with each other through the subnet gateway. A cluster is created in a subnet. Therefore, there are three scenarios:
- Different clusters are created in different VPCs.
- Different clusters are created in the same subnet.
- Different clusters are created in different subnets.
Figure 1 Clusters, subnets, and VPCs
Cluster Authorization Overview
By default, Kubernetes RBAC is enabled for clusters created by CCE. For details, see official documents at https://Kubernetes.io.
Precautions for Configuring Nodes
Some of a node's resources are required to run the Kubernetes components and Kubernetes resources necessary to make this node function as part of your cluster. Therefore, you may notice a disparity between your node's total resources and the allocatable ones in Kubernetes Engine. Since larger nodes tend to run more containers, the amount of resources that Kubernetes Engine reserves scales up for larger nodes.
To ensure node stability, some resources on cluster nodes are reserved by CCE depending on node capacities for running Kubernetes components, such as kubelet, kube-proxy, and Docker.