tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements
Release Notes
Announcements
Release Notes
Product Introduction
Overview
Strengths
Architecture
Scenarios
Features
Concepts
Native Kubernetes Terms
Common High-Risk Operations
Regions and Availability Zones
Service Regions and Service Providers
Open Source Components
Purchase Guide
Purchase Instructions
Purchase a TKE General Cluster
Purchasing Native Nodes
Purchasing a Super Node
Getting Started
Beginner’s Guide
Quickly Creating a Standard Cluster
Examples
Container Application Deployment Check List
Cluster Configuration
General Cluster Overview
Cluster Management
Network Management
Storage Management
Node Management
GPU Resource Management
Remote Terminals
Application Configuration
Workload Management
Service and Configuration Management
Component and Application Management
Auto Scaling
Container Login Methods
Observability Configuration
Ops Observability
Cost Insights and Optimization
Scheduler Configuration
Scheduling Component Overview
Resource Utilization Optimization Scheduling
Business Priority Assurance Scheduling
QoS Awareness Scheduling
Security and Stability
TKE Security Group Settings
Identity Authentication and Authorization
Application Security
Multi-cluster Management
Planned Upgrade
Backup Center
Cloud Native Service Guide
Cloud Service for etcd
TMP
TKE Serverless Cluster Guide
TKE Registered Cluster Guide
Use Cases
Cluster
Serverless Cluster
Scheduling
Security
Service Deployment
Network
Release
Logs
Monitoring
OPS
Terraform
DevOps
Auto Scaling
Containerization
Microservice
Cost Management
Hybrid Cloud
AI
Troubleshooting
Disk Full
High Workload
Memory Fragmentation
Cluster DNS Troubleshooting
Cluster kube-proxy Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Service and Ingress Inaccessibility Troubleshooting
Common Service & Ingress Errors and Solutions
Engel Ingres appears in Connechtin Reverside
CLB Ingress Creation Error
Troubleshooting for Pod Network Inaccessibility
Pod Status Exception and Handling
Authorizing Tencent Cloud OPS Team for Troubleshooting
CLB Loopback
API Documentation
History
Introduction
API Category
Making API Requests
Elastic Cluster APIs
Resource Reserved Coupon APIs
Cluster APIs
Third-party Node APIs
Relevant APIs for Addon
Network APIs
Node APIs
Node Pool APIs
TKE Edge Cluster APIs
Cloud Native Monitoring APIs
Scaling group APIs
Super Node APIs
Other APIs
Data Types
Error Codes
TKE API 2022-05-01
FAQs
TKE General Cluster
TKE Serverless Cluster
About OPS
Hidden Danger Handling
About Services
Image Repositories
About Remote Terminals
Event FAQs
Resource Management
Service Agreement
TKE Service Level Agreement
TKE Serverless Service Level Agreement
Contact Us
Glossary
DocumentationTencent Kubernetes EngineApplication ConfigurationComponent and Application Management Add-On Managementtke-eni-ip-webhook

tke-eni-ip-webhook

PDF
Focus Mode
Font Size
Last updated: 2025-10-23 10:45:10

Introduction

Component Introduction

The tke-eni-ip-webhook is a hook component used by Tencent Kubernetes Engine (TKE) in VPC-CNI network mode for Pod creation. Upon creation of each Pod, the component receives requests from kube-apiserver as a hook and adds appropriate network resource requests for the newly created Pod, thereby achieving network resource scheduling without the user's perception.

Kubernetes Objects Deployed in the Cluster

The following objects are only deployed in TKE self-deployed clusters (Master&Etcd are under user self-maintenance), while in TKE managed clusters (Master&Etcd are under platform management), the following objects are also managed by the platform and will not be deployed to user clusters.
Kubernetes Object Name
Type
Resource amount
Namespaces
add-pod-eni-ip-limit-webhook
ServiceAccount
-
tke-eni-ip-webhook
add-pod-eni-ip-limit-webhook
ClusterRole
-
-
add-pod-eni-ip-limit-webhook
ClusterRoleBinding
-
-
add-pod-eni-ip-limit-webhook
Service
-
tke-eni-ip-webhook
add-pod-eni-ip-limit-webhook
Deployment
0.01 CPU core, 30 MB memory
tke-eni-ip-webhook

Usage Scenario and Limitation

TKE standard cluster applicable to VPC-CNI network mode.

Component Principle

Background

In TKE VPC-CNI network mode, each node has a quota limit on network resources (for details, see Limits on the Number of Pods in VPC-CNI Mode). To implement network resource scheduling and ensure Pods can obtain IP and other network resources after scheduling, TKE VPC-CNI network mode adds expanded network resources (such as tke.cloud.tencent.com/eni-ip, tke.cloud.tencent.com/eip) to each node and configures corresponding resource requests for Pods.
Manually configuring network resources for each Pod is relatively complex. The tke-eni-ip-webhook component can automatically set suitable network resource requests for Pods based on the current cluster network mode and desired network resources, and bind it to the resources.requests and resources.limits fields of the first container.

Working Principles

The tke-eni-ip-webhook component implements the Kubernetes MutatingAdmissionWebhook. Upon startup, it creates a user-created MutatingWebhookConfiguration named add-pod-eni-ip-limit-webhook. This configuration hooks into pod creation. Every time a pod is created, the component receives the hook request from kube-apiserver, then adds the request for corresponding network resources to the newly created pod based on the cluster's network mode and pod network configuration. For example, in shared eni mode, the first container will have the following configurations added:
resources:
  requests:
    tke.cloud.tencent.com/eni-ip: "1"
  limits:
    tke.cloud.tencent.com/eni-ip: "1"
The latest version currently supports automatically adding network resources:
Shared ENI: tke.cloud.tencent.com/eni-ip
Dedicated ENI: tke.cloud.tencent.com/direct-eni
Trunking ENI: tke.cloud.tencent.com/sub-eni
Elastic IP: tke.cloud.tencent.com/eip
Previous Topic: Description of tke-monitor-agentNext Topic: UserGroupAccessControl

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback