Cluster settings

The Cloud Containers clusters already have certain settings applied, listed below.

The Cloud Containers network proxy runs on each node, providing access to IP addresses of services and other Cloud Containers resources.

This proxy can work in several modes, they are listed in the --proxy-mode setting description. In Cloud Containers clusters, the proxy works in iptables mode. This mode of operation affects:

• the behavior of load balancers;
• on the behavior and settings of the local caching DNS server.

When working with pods it is recommended to specify in their configuration files requests and limits parameters for containers included in this pod.

If these parameters are not specified, Cloud Containers clusters automatically apply the values for the corresponding containers:

• requests: 100m CPU and 64Mb allocated memory.
• limits: 500m CPU and 512Mb allocated memory.

This prevents a container running incorrectly from exhausting all of the resources of a single worker node or even the entire cluster.

Templates are available for clusters starting with Cloud Containers version 1.21. For older versions, manually install Gatekeeper and the above templates and restrictions, or upgrade the cluster. For more information about Gatekeeper, see Architecture.

Copy
Error from server ([...] Sharing the host namespace is not allowed: nginx-host-namespace-disallowed): error when creating "pod_namespace.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [...] Sharing the host namespace is not allowed: nginx-host-namespace-disallowed

The pod that violated the constraint will not be created.