Release Notes
Announcements
Release Notes
--enable-security-groups.

kubectl edit deploy tke-eni-ipamd -n kube-system
spec.template.spec.containers[0].args.
After the modification, ipamd will restart and take effect automatically.
For a secondary ENI that is not associated with a security group on an existing node, a security group will be bound to it based on the following policy. If a security group has been bound, strong synchronization will be performed for the set security group unless the feature has been enabled before and a security group has been set on the node. The following security group will be bound to all ENIs on a new node.- --enable-security-groups# If you want to use the security groups of the primary ENI/instance by default, do not add the security-groups parameter.- --security-groups=sg-xxxxxxxx,sg-xxxxxxxx
kubectl annotate node <nodeName> --overwrite tke.cloud.tencent.com/disable-node-eni-security-groups="yes"
kubectl annotate node <nodeName> --overwrite tke.cloud.tencent.com/disable-node-eni-security-groups="no"
--security-groups is not set, or its value is empty, the security group of each node will use the security group bound to the node instance (security group bound to the primary ENI). If the feature is enabled, when the security group of a node instance (security group of the primary ENI) changes, the security group of the secondary ENI will not be synchronized automatically. Instead, you need to disable the security group on the node and enable it again for synchronization. For operation details, see Method of synchronizing ENI security group settings of existing nodes.--security-groups is set, the security group of each node is set to this security group set.--security-groups is modified, the settings of security groups on new nodes will be synchronized with global parameters, and the settings of security groups on existing nodes will remain unchanged. If you want to synchronize the settings of security groups on existing nodes, you need to disable the security group on the node and enable it again. For operation details, see Method of synchronizing ENI security group settings of existing nodes.spec.securityGroups contains the information of the security group of the node.kubectl get nec <nodeName> -oyaml
kubectl edit nec <nodeName>
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback