The default ConfigMap of Terway can meet the requirements in most scenarios. Modifying the ConfigMap of Terway is a high-risk operation and may cause errors such as Terway suspension. If you have special requirements on the ConfigMap, such as adding a Terway reserved IP address pool to accelerate the process of allocating IP addresses to pods, you can customize the ConfigMap of Terway based on this topic.
Configuration example
The ConfigMap of Terway uses the following format:
apiVersion: v1
data:
10-terway.conf: | # The ConfigMap parameters of the Terway Container Network Interface (CNI), which are converted and passed to /etc/cni/net.d/. Do not modify the parameters.
{
"cniVersion": "0.4.0",
"name": "terway",
"capabilities": {"bandwidth": true},
"eniip_virtual_type": "datapathv2",
"host_stack_cidrs": ["169.254.20.10/32"],
"type": "terway"
}
disable_network_policy: "false" # Specifies whether to disable the NetworkPolicy feature.
eni_conf: | # The key parameters of Terway, including vSwitch and security group parameters.
{
"version": "1",
"max_pool_size": 5,
"min_pool_size": 0,
"credential_path": "/var/addon/token-config",
"enable_eni_trunking": true,
"vswitches": {"cn-hangzhou-j":["vsw-foo"],"cn-hangzhou-k":["vsw-foo"]},
"eni_tags": {"ack.aliyun.com":"c7c3cfoo"},
"service_cidr": "192.168.0.0/16",
"security_group": "sg-foo",
"ip_stack": "ipv4",
"vswitch_selection_policy": "ordered"
}
in_cluster_loadbalance: "true" # Specifies whether to enable load balancing in the cluster. This parameter takes effect in DataPathV2 and IPVLAN mode.
kind: ConfigMap
metadata:
name: eni-config
namespace: kube-systemParameters
Key parameters
Parameter | Description | Whether the parameter can be modified | Whether the parameter can be configured by using the console |
| The ConfigMap parameters of the Terway CNI, which are converted and passed to | No | No |
| The custom ConfigMap parameters of the Terway CNI. For more information, see Configure a custom CNI chain. | Yes | No |
| Specifies whether to disable the NetworkPolicy feature.
| Yes | Yes |
| The key parameters of Terway, including vSwitch and security group parameters. | Yes | Partially allowed |
| Specifies whether to enable load balancing in the cluster. This parameter takes effect in the DataPathV2 and IPVLAN modes. For more information, see How do I enable load balancing within a cluster in Terway IPVLAN mode? | Yes | Yes |
eni_conf
Parameter | Type | Description | Whether the parameter can be modified | Whether the parameter can be configured by using the console |
| string | The Security Token Service (STS) token used to call API operations. This parameter is available only in ACK managed clusters. | No | No |
| string | The Service CIDR block of the cluster. | No | No |
| map[string][]string | The vSwitches used by the elastic network interface (ENI). | Yes | Yes |
| map[string]string | The tag that you configured for the ENI. | No | No |
| map[string]string | Filters the ENIs managed by Terway. For more information, see Configure an ENI filter. | Yes | No |
| int | The maximum number of idle IP addresses that can be retained in the IP address pool. Default value: 5. | Yes | Yes |
| int | The minimum number of idle IP addresses that must be retained in the IP address pool. Default value: 0. | Yes | Yes |
| string | The security group of the ENI. | Yes | No |
| []string | The security group of the ENI. You can specify up to five security groups. The security groups must be of the same type. If you configure this parameter, the value of this parameter is merged with the value of | Yes | No |
| string | The policy used to select a vSwitch when you create an ENI.
| Yes | No |
| bool | Specifies whether to enable EIP migration. For more information, see Migrate EIPs from Terway to ack-extend-network-controller. | Yes | No |
| string | The IP family mode. You cannot modify the parameter. | No | No |
| bool | Specifies whether to enable the | Yes | No |
| bool | Specifies whether to enable the | Yes | No |
| float32 | The QPS setting of the Kubernetes client. This parameter must be configured together with the | Yes | No |
| int | The burst setting of the Kubernetes client. This parameter must be configured together with the | Yes | No |
Configuration method
Use the console
You can configure some commonly used parameters in the console. The console verifies the content and blocks parameters whose formats are invalid.
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose .
Click the Networking tab, find terway-eniip, and click Configuration.
In the dialog box that appears, configure the parameters and click OK in the lower-right corner.
Use kubectl
Some parameters are not displayed in the console. You can use kubectl to configure these parameters.
Using kubectl to configure Terway is a high-risk operation. kubectl cannot verify the input content. Incorrect input parameters may cause errors such as Terway suspension. Make sure that you understand the configuration before you make any changes.
Obtain the kubeconfig file of the cluster and use kubectl to connect to the cluster. Then, run the following command to configure advanced parameters:
kubectl edit cm -n kube-system eni-configAfter the configuration is complete, save the file and exit. Run the following command to update the configuration:
kubectl rollout restart -n kube-system daemonset.apps/terway-eniip
References
For more information about the operations for configuring ConfigMaps in ACK clusters, see Manage ConfigMaps.