This topic provides answers to some frequently asked questions about container networks, Services, Ingresses, and DNS.
Table of contents
FAQ about container networks
FAQ about Terway
Can I switch the network plug-in for an existing ACK cluster?
How do I choose between Terway and Flannel for an ACK cluster?
How do I enable load balancing for a cluster in Terway IPVLAN mode?
How do I add the pod CIDR block to a whitelist if my cluster uses Terway?
What is the number of pods that can be created on a node in Terway mode?
What do I do if MAC address cannot be found during pod creation in Terway mode?
FAQ about Flannel
How do I choose between Terway and Flannel for an ACK cluster?
What do I do if a node has the NodeNetworkUnavailable taint?
How do I modify the number of node IP addresses, the pod CIDR block, and the Service IP block?
FAQ about kube-proxy
How do I modify the IPVS load balancing algorithm in the kube-proxy configuration?
How do I modify the timeout period for IPVS UDP sessions in the kube-proxy configuration?
FAQ about IPv6
How do I fix common issues related to IPv4/IPv6 dual stack?
Other issues
What do I do if a pod is not immediately ready for communication after it is started?
How do I enable a pod to access a Service that is used to expose the pod?
Can I use the hostPort feature to create port mappings in an ACK cluster?
How do I obtain the public IP address of an application in a cluster?
Can I install and configure third-party network plug-ins for a cluster?
What do I do if the "no IP addresses available in range set" error message appears?
Service FAQ
FAQ about Server Load Balancer (SLB)
Which external traffic policy should I use when I create a Service, Local or Cluster?
Why are no events collected during the synchronization between a Service and an SLB instance?
How do I handle an SLB instance that remains in the Pending state?
What do I do if the vServer groups of an SLB instance are not updated?
What do I do if the annotations of a Service do not take effect?
Why does the cluster fail to access the IP address of an SLB instance?
If I delete a Service, is the SLB instance associated with the Service automatically deleted?
How do I rename an SLB instance if the CCM version is V1.9.3.10 or earlier?
How do I query the IP addresses, names, and address types of all SLB instances in a cluster?
FAQ about updates of the CCM
FAQ about using existing SLB instances
Why does the system fail to use an existing SLB instance for more than one Service?
Why is no listener created when I reuse an existing SLB instance?
Other issues
Ingress FAQ
FAQ about Ingress configurations
Which SSL or TLS protocol versions are supported by Ingresses?
Do Ingresses pass Layer 7 request headers to backend servers by default?
Can ingress-nginx forward requests to backend HTTPS servers?
Configure an Internet-facing or internal-facing NGINX Ingress controller
How do I specify an existing SLB instance for ack-ingress-nginx deployed from the Marketplace page?
How do I change Layer 4 listeners to Layer 7 HTTP or HTTPS listeners for ingress-nginx?
FAQ about connectivity
Why am I unable to access the IP address of the LoadBalancer Service within the Kubernetes cluster?
Why does the Ingress controller pod fail to access the Ingress controller?
Why am I unable to access gRPC Services that are exposed by an Ingress?
Why does the Ingress controller pod fail to preserve client IP addresses?
FAQ about canary releases
FAQ about errors
What do I do if an error "failed calling webhook" occurs when I create an Ingress?
What do I do if an error "SSL_ERROR_RX_RECORD_TOO_LONG" is returned for HTTPS requests?
What do I do if an error "net::ERR_HTTP2_SERVER_REFUSED_STREAM" occurs?
What do Id do if an error "The param of ServerGroupName is illegal" occurs?
What do I do if an error "certificate signed by unknown authority" occurs when I create an Ingress?
FAQ about other issues
DNS FAQ
What do I do if I cannot access a CoreDNS pod by running the exec command?
Why does CoreDNS use deprecated APIs?
What do I do if the error message dns: buffer size too small appears in CoreDNS logs?
FAQ about network configurations
How do I access cluster workloads over the Internet?
ACK allows you to use the following methods to access workloads over the Internet:
How do I configure the pods to obtain the real IP addresses of clients?
If Web Application Firewall (WAF) is used and your cluster uses SLB instances to provide external services, set
externaltrafficpolicy
toLocal
for the Services that are used to expose the pods. This way, you can obtain the real IP addresses of clients. If your cluster uses Ingresses to provide external services, setexternaltrafficpolicy
toLocal
for the nginx-ingress-lb Service.For more information about WAF, see Use WAF or transparent WAF.
How do I throttle traffic for an ACK cluster?
You can use Service Mesh (ASM) to throttle traffic for an ACK cluster. ASM helps you cope with issues such as traffic spikes, service overloading, resource exhaustion, and attacks. This ensures the stability of backend services, reduces costs, and improves user experience. For more information, see Throttling.