tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements

Release Notes

TKE General Cluster Updates (2024)

TKE General Cluster Updates (2023)

TKE General Cluster Updates

TKE Serverless Cluster Updates (2024)

TKE Serverless Cluster Updates (2023)

TKE Serverless Cluster Updates

Announcements

Security Vulnerability Fix Description

CVE-2024-21626 Vulnerability Fix Description

OOM Causes docker to Stop and Not Restart for Repair

Runc Vulnerability (CVE-2021-30465) Fix Description

Host Operation System Release for Super Node Pods (Mitigated NodeLost Issue)

TKE Native Node Sub-product Name Change Notice

Announcement on Authentication Upgrade of Some TKE APIs

Discontinuing Update of NginxIngress Addon

qGPU Service Adjustment

Version Upgrade of Master Add-On of TKE Managed Cluster

Upgrading tke-monitor-agent

Instructions on Cluster Resource Quota Adjustment

Decommissioning Kubernetes Version

Deactivation of Scaling Group Feature

Notice on TPS Discontinuation on May 16, 2022 at 10:00 (UTC +8)

Basic Monitoring Architecture Upgrade

Starting Charging on Managed Clusters

Instructions on Stopping Delivering the Kubeconfig File to Nodes

Release Notes

Kubernetes Version Maintenance

TKE Kubernetes Version Maintenance Mechanism

Update Notes of TKE Kubernetes Major Versions

TKE Kubernetes Revision Version History

Runtime Version Maintenance Description

TKE Runtime Revision Version History

Add-On Version Maintenance Description

CLS Add-on Version Description

Change Records of VPC-CNI Component

Monitoring Add-Ons Release Notes

Product Introduction

Native Kubernetes Terms

Quick Start

Beginner’s Guide

Quickly Creating a Standard Cluster

Examples

Creating Simple Nginx Service

Building Hello World Service Manually

WordPress with Single Pod

WordPress Service using TencentDB

Building a Simple Web Application

TKE General Cluster Guide

TKE General Cluster Overview

Purchase a TKE General Cluster

TKE Billing Overview

Purchase Instructions

Payment Overdue

Regions and Availability Zones

Quotas and Limits

Notes on the Public IP of a TKE Node

TKE Security Group Settings

Project of New Resources

High-risk Operations of Container Service

Deploying Containerized Applications in the Cloud

Open Source Components

Permission Management

Description of Role Permissions Related to Service Authorization

Controlling TKE cluster-level permissions

Using TKE Preset Policy Authorization

Authorizing by using custom policies

Usage Examples

Using Labels to Configure Sub-accounts with Full Read/Write Permissions for Batch Clusters

Configuring a Sub-account's Administrative Permissions to a Single TKE Cluster

Configuring a Sub-account's Full Read/write or Read-only Permission to TKE

TKE Kubernetes Object-level Permission Control

Comparison of Authorization Modes

Using Preset Identity Authorization

Custom Policy Authorization

Updating the TKE Cluster Access Credentials of Sub-accounts

Cluster Management

Cluster Overview

Cluster Hosting Modes Introduction

Cluster Lifecycle

Creating a Cluster

Creating a Cluster (New)

Changing the Cluster Operating System

Deleting a Cluster

Cluster Scaling

Connecting to a Cluster

Upgrading a Cluster

Enabling IPVS for a Cluster

Custom Kubernetes Component Launch Parameters

Using KMS for Kubernetes Data Source Encryption

Images

Worker node introduction

Node Pool Overview

Node Resource Reservation Description

Node Resource Reservation Description (New)

Removing a Node

Draining or Cordoning a Node

Setting the Startup Script of a Node

Setting a Node Label

Normal Node Management

Supported CVM Models for General Nodes

Node Pool Overview

Creating a Node Pool

Viewing a Node Pool

Adjusting a Node Pool

Deleting a Node Pool

Viewing Node Pool Scaling Logs

Native Node Management

Native Node Parameters

Purchasing Native Nodes

Native Node Pricing

Payment Overdue

Lifecycle of a Native Node

Creating Native Nodes

Modifying Native Nodes

Deleting Native Nodes

Self-Heal Rules

Declarative Operation Practice

Native Node Scaling

In-place Pod Configuration Adjustment

Enabling Public Network Access for a Native Node

Management Parameters

Enabling SSH Key Login for a Native Node

FAQs for Native Nodes

Supernode management

Super Node Overview

Purchasing a Super Node

Super Node Pricing

Creating Super Node

Pod Schedulable to Super Node

Scheduling Pod to Super Node

Super Node Annotation Description

Daemonset Running Supported on Supernodes

Collecting Logs of the Pod on the Supernodes

Registered Node Management

Registered Node Overview

Creating a Registered Node

Memory Compression Instructions

Compression Monitoring

GPU Share

qGPU Online/Offline Hybrid Deployment

Using qGPU Online/Offline Hybrid Deployment

Kubernetes Object Management

Workload

Deployment Management

StatefulSet Management

DaemonSet Management

CronJob Management

Setting the Resource Limit of Workload

Setting the Scheduling Rule for a Workload

Setting the Health Check for a Workload

Setting the Run Command and Parameter for a Workload

Using a Container Image in a TCR Enterprise Instance to Create a Workload

Configuration

ConfigMap Management

Secret Management

Auto Scaling

Automatic Scaling Basic Operations

Service Management

Service CLB Configuration

Using Existing CLBs

Service Backend Selection

Service Cross-region Binding

Graceful Service Shutdown

Using Services with CLB-to-Pod Direct Access Mode

Multiple Services Sharing a CLB

Service Extension Protocol

Service Annotation

Ingress Management

Storage Management

Use File to Store CFS

CFS Instructions

Managing CFS Templates by Using a StorageClass

Managing CFS by Using PVs and PVCs

Use Cloud Disk CBS

CBS Instructions

Managing CBS Templates by Using a StorageClass

Managing CBS by using PVs and PVCs

Instructions for Other Storage Volumes

PV and PVC binding rules

Policy Management

Application and Add-On Feature Management Description

Add-On Management

Helm Application

Use the application

Connecting to a Cluster Using the Local Helm Client

Application Market

Network Management

Container Network Overview

GlobalRouter Mode

GlobalRouter Mode

Interconnection Between Intra-region and Cross-region Clusters in GlobalRouter Mode

Interconnection Between Cluster in GlobalRouter Mode and IDC

Registering GlobalRouter Mode Cluster to CCN

VPC-CNI Mode

Multiple Pods with Shared ENI Mode

Pods with Exclusive ENI Mode

Static IP Address Mode Instructions

Static IP Address Usage

Static IP Address Features

Non-static IP Address Mode Instructions

Interconnection Between VPC-CNI and Other Cloud Resources/IDC Resources

Security Group of VPC-CNI Mode

Instructions on Binding an EIP to a Pod

VPC-CNI Component Description

Limits on the Number of Pods in VPC-CNI Mode

Cilium-Overlay Mode

Cilium-Overlay Mode

OPS Center

Audit Management

Auditing Dashboard

Event Management

Event Dashboard

Monitoring Management

Monitoring and Alarms

Overview of Monitoring and Alarms

Viewing Monitoring Data

List of Monitoring and Alarm Metrics

Obtaining GPU Monitoring Metrics

Log Management

Log Collection Overview

Collect container logs to CLS

Using CRD to Configure Log Collection

Guidance on Using CRD to Configure Log Collection

LogConfig JSON Format Description

Log Add-On Version Upgrade

Backup Center

Backup Repository

Backup Management

Restoration Management

Backup and Restoration Practices

Remote Terminals

Remote Terminal Overview

Basic Remote Terminal Operations

Other Login Methods

TKE Serverless Cluster Guide

TKE Serverless Cluster Overview

Purchasing a TKE Serverless Cluster

Regions and Availability Zones

Billing Overview

Purchase Limits

Resource Specifications

TKE Serverless Cluster Management

Creating a Cluster

Connecting to a Cluster

Cluster Lifecycle

Super Node Management

Creating a Super Node

Managing a Super Node

Kubernetes Object Management

Workload Management

Specifying resource specifications

Service Management

Other Resource Management

Serverless Cluster Global Configuration Description

OPS Center

Log Collection

Using Environment Variables to Configure Log Collection

Using CRD to Collect Logs to Kafka

Using a CRD to Configure Log Collection

Enabling Log Collection

Configuring Log Collection via the Console

Configuring Log Collection via Yaml

Audit Management

Audit Dashboard

Event Management

Event Dashboard

Monitoring and alarm

TKE Registered Cluster Guide

Registered Cluster Management

Creating a Registered Cluster

Connecting to a Registered Cluster

Unregistering a Cluster

Ops Guide

Cluster Auditing

TKE Insight

TKE Scheduling

Job Scheduling

Request Recommendation

Preemptible Job

Native Node Dedicated Scheduler

Scheduling Policy Configuration

Fine Scheduling

CPU Usage Priority

CPU Hyper-Threading Isolation

CPU Surge During Application Startup

Fine-Grained Memory Scheduling

Fine-Grained Network Scheduling

Fine-Grained Disk IO Scheduling

Cloud Native Service Guide

Practical Tutorial

Cluster

Cluster Model Recommendations

Enabling Disaster Recovery for Masters of Self-Deployed Clusters

Using Private DNS to Implement Automatic Domain Name Resolution When Accessing Cluster via Private Network

Cluster Migration

Guide on Migrating Resources in a TKE Managed Cluster to an Serverless Cluster

Serverless Cluster

Accessing Internet through NAT Gateway

Using EIP to Access Public Network

Mastering Deep Learning in Serverless Cluster

Building Deep Learning Container Image

Running Deep Learning in TKE Serverless

FAQs

Public Network Access

Customized DNS Service of Serverless Cluster

Scheduling

Installing CoScheduling for Batch Scheduling

Increasing Cluster Packing Rate via Native Nodes

Security

Pod Security Group

Container Image Signature and Verification

how to use CAM to authenticate databases for workloads running in TKE

Importing SSM Credentials via ExternalSecretOperator

Service Deployment

Proper Use of Node Resources

Setting Request and Limit

Proper Resource Allocation

Application High Availability Deployment

Smooth Workload Upgrade

Parameter Adaptation for docker run

Solve the inconsistent time zone problem in the container

Container coredump Persistence

Using a Dynamic Admission Controller in TKE

Network

DNS

Best Practices of TKE DNS

CoreDNS Log Dashboard User Guide

Using NodeLocal DNS Cache in a TKE Cluster

Implementing Custom Domain Name Resolution in TKE

Configuring ExternalDNS in TKE

Self-Built Nginx Ingress Practice Tutorial

Custom Load Balancer

Enabling CLB Direct Connection

Optimization for High Concurrency Scenarios

High Availability Configuration Optimization

Observability Integration

Access to Tencent Cloud WAF

Installing Multiple Nginx Ingress Controllers

Migrating from TKE Nginx Ingress Plugin to Self-Built Nginx Ingress

Complete Example of values.yaml Configuration

Using Network Policy for Network Access Control

Deploying NGINX Ingress on TKE

Nginx Ingress High-Concurrency Practices

Nginx Ingress Best Practices

Limiting the bandwidth on pods in TKE

Directly connecting TKE to the CLB of pods based on the ENI

Use CLB-Pod Direct Connection on TKE

Obtaining the Real Client Source IP in TKE

Using Traefik Ingress in TKE

Release

Using CLB to Implement Simple Blue-Green Deployment and Grayscale Release

Logs

Best Practice in TKE Log Collection

Custom Nginx Ingress Log

Using CLS to Report Abnormal Resources

Monitoring

Using Prometheus to monitor Java applications

Using Prometheus to Monitor MySQL and MariaDB

Migrating Self-built Prometheus to Cloud Native Monitoring

OPS

Removing and Re-adding Nodes from and to Cluster

Using Ansible to Batch Operate TKE Nodes

Using Cluster Audit for Troubleshooting

Renewing a TKE Ingress Certificate

Using cert-manager to Issue Free Certificates

Using cert-manager to Issue Free Certificate for DNSPod Domain Name

Using the TKE NPDPlus Plug-In to Enhance the Self-Healing Capability of Nodes

Using kubecm to Manage Multiple Clusters kubeconfig

Quick Troubleshooting Using TKE Audit and Event Services

Customizing RBAC Authorization in TKE

Clearing De-registered Tencent Cloud Account Resources

Terraform

Managing TKE Clusters and Node Pools with Terraform

DevOps

Using Docker as an image building service in a containerd cluster

Deploying Jenkins on TKE

Construction and Deployment of Jenkins Public Network Framework Appications based on TKE

Step 1: Configure the TKE cluster and Jenkins

Step 2:Slave pod build configuration

Auto Scaling

KEDA

Introduction to KEDA

Deploying KEDA on TKE

Scheduled Horizontal Scaling (Cron Triggers)

Multi-Level Service Synchronized Horizontal Scaling (Workload Triggers)

Auto Scaling Based on Prometheus Custom Metrics

Cluster Auto Scaling Practices

Using tke-autoscaling-placeholder to Implement Auto Scaling in Seconds

Installing metrics-server on TKE

Using Custom Metrics for Auto Scaling in TKE

Utilizing HPA to Auto Scale Businesses on TKE

Using VPA to Realize Pod Scaling up and Scaling down in TKE

Adjusting HPA Scaling Sensitivity Based on Different Business Scenarios

Implementing elasticity based on traffic prediction with EHPA

Implementing Horizontal Scaling based on CLB monitoring metrics using KEDA in TKE

Containerization

Accelerated Pull of Images Outside the Chinese Mainland

Image Layering Best Practices

Microservice

Hosting Dubbo to TKE

Hosting SpringCloud to TKE

Cost Management

Tools for Resource Utilization Improvement

Hybrid Cloud

Elastic Scaling with EKS for IDC-Based Cluster

Fault Handling

API Documentation

Making API Requests

Request Structure

Elastic Cluster APIs

CreateEksLogConfig

Resource Reserved Coupon APIs

DescribeReservedInstanceUtilizationRate

Cluster APIs

AcquireClusterAdminRole

CreateClusterEndpoint

CreateClusterEndpointVip

DeleteClusterEndpoint

DeleteClusterEndpointVip

DescribeAvailableClusterVersion

DescribeClusterAuthenticationOptions

DescribeClusterCommonNames

DescribeClusterEndpointStatus

DescribeClusterEndpointVipStatus

DescribeClusterEndpoints

DescribeClusterKubeconfig

DescribeClusterLevelAttribute

DescribeClusterLevelChangeRecords

DescribeClusterSecurity

DescribeClusterStatus

DescribeClusters

DescribeEdgeAvailableExtraArgs

DescribeEdgeClusterExtraArgs

DescribeResourceUsage

DisableClusterDeletionProtection

EnableClusterDeletionProtection

GetClusterLevelPrice

GetUpgradeInstanceProgress

ModifyClusterAttribute

ModifyClusterAuthenticationOptions

ModifyClusterEndpointSP

UpgradeClusterInstances

CreateBackupStorageLocation

DeleteBackupStorageLocation

DescribeBackupStorageLocations

DescribeEncryptionStatus

DisableEncryptionProtection

EnableEncryptionProtection

UpdateClusterKubeconfig

UpdateClusterVersion

Third-party Node APIs

DescribeExternalNodeSupportConfig

Network APIs

CreateClusterRouteTable

DeleteClusterRoute

DeleteClusterRouteTable

DescribeClusterRouteTables

DescribeClusterRoutes

DescribeEnableVpcCniProgress

DescribeRouteTableConflicts

DescribeVpcCniPodLimits

EnableVpcCniNetworkType

AddVpcCniSubnets

Node APIs

CheckInstancesUpgradeAble

CreateClusterInstances

DeleteClusterInstances

DescribeClusterInstances

DescribeExistedInstances

AddExistedInstances

Node Pool APIs

CreateClusterNodePool

DeleteClusterNodePool

DescribeClusterAsGroupOption

DescribeClusterNodePoolDetail

DescribeClusterNodePools

ModifyClusterAsGroupOptionAttribute

ModifyClusterNodePool

RemoveNodeFromNodePool

SetNodePoolNodeProtection

AddNodeToNodePool

ModifyNodePoolInstanceTypes

TKE Edge Cluster APIs

Cloud Native Monitoring APIs

CreatePrometheusAlertRule

DeletePrometheusAlertRule

DescribePrometheusInstance

ModifyPrometheusAlertRule

Scaling group APIs

DeleteClusterAsGroups

DescribeClusterAsGroups

ModifyClusterAsGroupAttribute

Super Node APIs

DeleteClusterVirtualNode

DeleteClusterVirtualNodePool

DescribeClusterVirtualNode

DescribeClusterVirtualNodePools

DrainClusterVirtualNode

CreateClusterVirtualNodePool

ModifyClusterVirtualNodePool

CreateClusterVirtualNode

DescribePodChargeInfo

Add-on APIs

DescribeAddonValues

Other APIs

DescribeRegions

DescribeVersions

TKE API 2022-05-01

FAQs

TKE General Cluster

Auto-scaling related

How to Choose Containerd and Docker

External DNS Causes Abnormal Node Initialization

TKE Serverless Cluster

TKE Serverless Clusters-related

Load Balancer FAQs

Supernodes FAQs

Image Repository FAQs

About OPS

Basic Monitoring

Log Collections

Image Repositories

About Remote Terminals

Resource Management

Service Agreement

TKE Service Level Agreement

User Guide(Old)

DocumentationTencent Kubernetes EnginePractical TutorialSecurityContainer Image Signature and Verification

Container Image Signature and Verification

Last updated: 2024-12-13 17:23:08

Container Image Signature and Verification

Last updated: 2024-12-13 17:23:08

Image signature and signature verification can avoid man-in-the-middle attacks and the update and running of invalid images, ensuring image consistency across the entire linkage ranging from distribution to deployment.
Container image signature
TCR Enterprise Edition supports namespace-level automatic image signature. When an image is pushed to the registry, it will be automatically signed according to the matched signature policy to ensure image content trustworthiness in your registry.
Image signature verification
TKE provides the image signature verification add-on Cerberus, which verifies signed images for trustworthiness. This is to ensure that only container images signed by trusted authorizing parties are deployed in TKE clusters, thereby reducing the risks to image security in the container environment.

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support