Create Cluster in VPC-CNI Mode
Create a VPC-CNI Mode Cluster
VPC-CNI Mode Description
The VPC-CNI mode is the extension network mode supported by Cloud Container Engineer ( CCE), in which IP addresses in VPC can be distributed to Pod in clusters based on the Baidu AI Cloud’s VPC products. The Baidu AI Cloud’s VPC feature is responsible for routing for opening the connectivity of the container network so that the control plane and data plane of Pod and Node are at the same network layer. The characteristics of all products in Baidu AI Cloud’s VPC are available in Pod in this mode.
Once a VPC-CNI cluster is created, it cannot be modified. Please make a network plan in advance.
As the VPC-CNI mode has usage restrictions, it is recommended that you consider in advance whether to adapt to your business scenario.
Application Scenarios of the VPC-CNI Mode
A cluster in the VPC-CNI mode has the following advantages:
- Native Baidu AI Cloud Network Performance;
- Integrate the product features of Baidu AI Cloud VPC, e.g., you can bind a separate security group to a Pod to implement the packet filtering;
Instructions for Using VPC-CNI Mode
- The VPC-CNI mode supports Node distribution in different availability zones and different subnets;
- The VPC-CNI mode supports ENICs distributed in different availability zones and subnets, but ENICs can only be bound to Nodes in the same availability zone;
- The VPC-CNI mode requires the ENIC and Node to be distributed on different subnets;
- VPC-CNI mode dynamically binds multiple ENICs for each Node;
- The operating system images supported by VPC-CNI mode include centos7.x and ubuntu16.04/18.04;
VPC-CNI Container Size Limit
In the VPC-CNI mode, the upper limit of the number of IPs that can be assigned to the container on each Node depends on the Node specifications (number of CPU cores and memory). The number of ENICs that can be mounted on the Node is equal to min (the number of host cores, 8). The corresponding relationship between memory and the number of auxiliary IPs of a single ENIC is shown in the table below.
| Node Memory | Maximum number of auxiliary IPs for a single ENIC |
|---|---|
| 1G | 1 |
| (1-8]G | 7 |
| (8-32]G | 15 |
| (32-64]G | 29 |
| Greater than 64G | 39 |
The number of IPs that can be assigned to the container on a single Node = the number of mountable ENICs * the upper limit of the number of auxiliary IPs for a single ENIC.
Example:
- The specification of Node1 is 4C8G, so the maximum number of IPs that can be allocated to the container on Node1 is twenty-eight;
- The specification of Node2 is 12C32G, so the maximum number of IPs that can be allocated to the container on Node2 is 120;
Create a VPC-CNI Mode Cluster Method
- Enter the “Create Cluster” page;
- Select the [VPC-CNI] tab in the [Network Configuration] option, as shown in the figure below:
- After configuring the corresponding options, click to enter [Next];
Configuration description:
- ENI subnet: The subnet used to create the ENIC, you can choose multiple. Pay attention to planning in advance. No more Nodes can be created in the selected subnet;
- ENI security group: the security group bound to the ENIC;
Considerations :
- According to the current quota, you can create 10 ENICs for each VPC by default. If you need to increase the quota, submit a ticket to CCE;
- Before deleting the k8s namespace resource, the customer needs to delete all Pods in the namespace. Otherwise, the leakage of auxiliary IP resources may result;