All Products
Search
Document Center

Container Compute Service:Specify vSwitches and security groups for pods

Last Updated:Aug 26, 2024

When creating a pod, you can specify a vSwitch on which to create the pod.

Background information

The corresponding vSwitch and security group for the cluster are configured when you create an Alibaba Cloud Container Compute Service (ACS) cluster. When you create a pod, it binds to its corresponding vSwitch, and the security rules of the pod are associated with the corresponding security group.

Pod configuration

You can use the following pod annotations:

Pod Annotations

Description

network.alibabacloud.com/vswitch-ids: "vsw-xx1,vsw-xx2"

Specify additional vSwitches for the pod except for service start-up configuration:

  • When creating an ACS cluster, you can specify a vSwitch that ACS saves to the backend system.

  • When creating a pod, if you specify a vSwitch, the backend system take the intersection of this vSwitch with the vSwitch configured during the service start-up of the cluster.

network.alibabacloud.com/security-group-ids: "sg-xx1,sg-xx2"

Specify additional security groups for the pod except for service start-up configuration:

  • When creating an ACS cluster, an enterprise security group is automatically created by ACS. ACS then saves this security group to the backend system.

  • When the annotation is specified, ACS uses the security group defined in the annotation and binds the network interface to that security group.

  • When the annotation is not specified, ACS uses the enterprise security group saved in the backend system and binds the network interface to that security group.

Note

A network interface can only be bound to one type of security group. If the specified security group contains both enterprise and regular security groups, errors occur when creating pods.