Security Group Support

Users who have enabled security groups will see the following option box when creating clusters or adding new nodes:

If you select “Do Not Enable for Now”: Nodes of the firewall type will be created, consistent with the previous method.

If you select the “Security Group” option: You must select a security group whose rule template must be the UK8S template. Refer to the following (the image is from creating a new security group on the Security Group product page):

The corresponding security group rules in the rule template are as follows:

If you need to use other types of rule templates, you can manually bind the security group to the host of the target node on the security group page (this operation can also be performed for existing nodes), or use the template to create a cloud host uhost, start it normally, and then add it to the cluster as an existing host.

For the situation where the security group configuration is modified, please also try to ensure that the rules in the UK8S template are applied to your custom security group rules, otherwise it may affect the normal use of the cluster.

Since the network policy becomes the whitelist mode after the security group is enabled, please do not unbind all security group rules of the uk8s nodes on the security group page, which may cause abnormal uk8s cluster network.