All Products
Search

This Product

    Container Service for Kubernetes:Configure an ENI filter

    Document Center

    Container Service for Kubernetes:Configure an ENI filter

    Last Updated:Nov 21, 2024

    If you use the Terway network plug-in, the elastic network interfaces (ENIs) of the nodes in your cluster are managed by Terway. If you want to manually manage some ENIs, you need to configure an ENI filter to specify the ENIs that are managed by Terway. Otherwise, conflicts occur when you and Terway manage the same ENI. After you configure an ENI filter, only ENIs that match the specified tags of the filter are managed by Terway. This topic describes how to configure an ENI filter.

    Table of contents

    Prerequisites

    • A Container Service for Kubernetes (ACK) managed cluster is created. The cluster uses the Terway network plug-in. For more information, see Create an ACK managed cluster.

    • Make sure that the ENIs are configured with the the same tags as the ENI filter. Otherwise, these ENIs will be excluded.

    Warning

    Exercise caution when you configure an ENI filter. We recommend that you read this topic and perform tests before you configure an ENI filter.

    Limits

    The version of Terway is 1.5.5 or later. For more information about how to update a component, see Manage components.

    Procedure

    1. Run the following command to modify the configuration file of Terway: 

      kubectl edit cm -n kube-system eni-config

    2. Add the following content to the eni_conf field: 

       "eni_tag_filter":  { "creator": "terway" }

      The "eni_tag_filter" parameter indicates an ENI tag filter. The { "creator": "terway" } tag specifies all ENIs that are created by Terway.

      Sample code:

       eni_conf: |
    {
      "eni_tag_filter":  { "creator": "terway" },
      "ip_stack": "ipv4",
      "vswitch_selection_policy": "ordered"
     }
      Important

      • Make sure that the ENIs are configured with the same tags as the ENI filter. Otherwise, these ENIs will be excluded. For more information about how to modify ENI tags, see Modify the tags of an ENI.

      • You can configure tags for ENIs when creating them with Terway. For more information, see Customize the Terway ConfigMap.

    3. Run the following command to restart Terway for the configuration to take effect: 

      kubectl delete pod -nkube-system -l app=terway-eniip

      Expected output:

      pod "terway-eniip-XXX" deleted

    4. Confirm that the configuration is in effect.

      1. Run the following command to check the status of terway-eniip: 

        kubectl get pods -n kube-system -l app=terway-eniip

        Expected output:

        NAME                 READY   STATUS    RESTARTS   AGE
terway-eniip-XXX   2/2     Running   0          19h

      2. Run the following command to view the configuration of Terway: 

        kubectl logs -nkube-system terway-eniip-XXX
# Alternatively:
kubectl logs -nkube-system terway-eniip-XXX -c terway-init

        If the output contains the following content, the new configuration is in effect: 

        #The ENITagFilter parameter indicates an ENI tag filter, and the creator:terway tag specifies all ENIs that are created by Terway. 
ENITagFilter:map[creator:terway]

    5. Add a new node or re-add an existing node.

      1. Starting from Terway 1.10, new clusters adopt a different resource management method.

      2. Run the following command to view the configuration of Terway:

        kubectl get cm -nkube-system eni-config -oyaml| grep ipam_type

      3. Sample output:

         "ipam_type": "crd",

        If the output includes crd, you must re-add the node. If no output is returned, no further action is required.

      4. For more information about how to manage nodes, see Nodes and node pools.