All Documents
Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Found 0 result in total

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Container Engine (KCE)

View more results
Document title with current keyword not found
Directory
Expand AllFold All Up
No products found with this keyword
Documentation Container Engine (KCE) User Guide Service management Access Services by using SLB

Access Services by using SLB

Last updated:2021-05-25 17:26:04

You can access Services by using SLB.

Prerequisites

KCE provides cloud-controller-manager that allows you to expose Services through SLB. Before you use SLB to expose Services, make sure that the following requirements are met:

  • cloud-controller-manager is installed in the cluster. 
    # kubectl get deployments -n kube-system
NAME                       DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
cloud-controller-manager   1         1         1            1           3h
  • The inbound rules of security groups in the VPC to which the cluster belongs allow specified ports. Ports 30000 to 32768 are allowed in this example. You can adjust the port range based on actual business requirements in the production environment. image.png

Examples

The following section uses some examples to describe how to configure and use SLB in typical scenarios to meet different needs. A Deployment must be created first.

The nginx-deployment.yaml file is as follows:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx

Create an NGINX Deployment.

# kubectl apply -f nginx-deployment.yaml

Expose Services to the Internet through SLB

Use SLB to expose Services to the Internet. The simple-svc.yaml file is as follows:

apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: simple-svc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Create a Service and obtain the IP address of the Service.

# kubectl apply -f simple-svc.yaml
# kubectl get svc
NAME         TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)        AGE
simple-svc   LoadBalancer   10.254.171.216   120.92.xx.xx   80:32733/TCP   11s

A Service named simple-svc is created and is exposed to the Internet through SLB (by setting the type parameter to LoadBalancer). The Service can be accessed through a public IP address (120.92.xx.xx). In the console, you can view a public SLB instance with the IP address of 120.92.xx.xx, bandwidth of 1 Mbit/s, and billing mode of Pay-By-Daily-Config in the SLB instance list.

SLB supports various configuration parameters. Annotations are required to use these parameters. For more information, see the "List of annotations" appendix of this topic.

Create an SLB instance that supports HTTP

In the Service configuration of Kubernetes, the Protocol field only supports TCP and UDP. To use Layer 7 load balancing, you can annotate service.beta.kubernetes.io/ksc-loadbalancer-protocol-port with the format "PROTOCOL:PORT". The value of PORT must be the same as that of port in spec:ports. The simple-svc.yaml file is as follows:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/ksc-loadbalancer-protocol-port: "HTTP:80"
  labels:
    app: nginx
  name: simple-http-svc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Create an SLB instance that supports HTTPS

Apply for a certificate in the Kingsoft Cloud console, and then create an SLB instance that supports HTTPS by using the following annotations. The https-svc.yaml file is as follows:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/ksc-loadbalancer-protocol-port: "HTTPS:443"
    service.beta.kubernetes.io/ksc-loadbalancer-cert-id: "your-cert-id"  
  labels:
    app: nginx
  name: https-lb
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    app: nginx
  type: LoadBalancer

Use an existing SLB instance

When a Service is exposed through SLB, a new SLB instance is created by default. If you do not create a new SLB instance but use an existing SLB instance, specify the ID of the existing SLB in the annotation. Note that if the port of the specified SLB instance is already occupied, the listener is deleted during the process of creating the Service.

Note Multiple Kubernetes Services can reuse the same SLB instance. The restrictions are as follows: If the SLB instance is automatically created by a Kubernetes Service, the SLB instance cannot be reused. Otherwise, the SLB instance will be deleted. Only an SLB instance that is created manually in the console or by calling the API can be reused.

The svc-using-existing-lb.yaml file is as follows:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/ksc-loadbalancer-id: "your-lb-id"
  labels:
    app: nginx
  name: svc-using-existing-lb
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Use a private SLB instance

For an internal Service that is not exposed to the Internet, you can use a private SLB instance. One way is to create an SLB instance in the console and then specify the ID of the SLB instance by using an annotation. For more information, see the "Use an existing SLB instance" section. Alternatively, specify the type of the SLB instance as internal and the ID of an endpoint subnet in annotations. Then, a new private SLB instance will be created for internal communication. The internal-svc.yaml file is as follows:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/ksc-loadbalancer-type: "internal"
    service.beta.kubernetes.io/ksc-loadbalancer-subnet-id: ""your-Reserve-id"
  labels:
    app: nginx
  name: internal-svc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Use a worker node with specified labels as the backend server

Multiple labels are separated with commas (,), for example, "k1=v1,k2=v2". Multiple labels are in an "AND" relationship. In this example, only the worker node with the "failure-domain.beta.kubernetes.io/zone=cn-beijing-6a" label is mounted to SLB.

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/ksc-loadbalancer-backend-label: "failure-domain.beta.kubernetes.io/zone=cn-beijing-6a"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

List of annotations

Annotation Description Default value
service.beta.kubernetes.io/ksc-loadbalancer-id Specifies the ID of the SLB instance. This ID can be used to specify your existing SLB instance. The existing listener will be deleted. This SLB instance will not be deleted when the Service is deleted. N/A
service.beta.kubernetes.io/ksc-loadbalancer-type Specifies the type of the SLB instance. For more information, see the Type field in CreateLoadBalancer. public
service.beta.kubernetes.io/ksc-loadbalancer-subnet-id Specifies the endpoint subnet when you create a private SLB instance. For more information, see the SubnetId field in CreateLoadBalancer. N/A
service.beta.kubernetes.io/ksc-loadbalancer-bandwidth Specifies the bandwidth of a public IP address. For more information, see the BandWidth field in AllocateAddress. 1
service.beta.kubernetes.io/ksc-loadbalancer-charge-type Specifies the billing mode of a public IP address. For more information, see the ChargeType field in AllocateAddress. Created based on your existing billing mode. PostPaidByDay is preferentially selected.
service.beta.kubernetes.io/ksc-loadbalancer-purchase-time Specifies the purchase period of a public IP address. For more information, see the PurchaseTime field in AllocateAddress. N/A
service.beta.kubernetes.io/ksc-loadbalancer-protocol-port Specifies protocols such as HTTP and HTTPS. Multiple values are separated with commas (,), for example, HTTPS:443,HTTP:80 N/A .
service.beta.kubernetes.io/ksc-loadbalancer-method Specifies the forwarding mode of a listener. For more information, see the Method field in CreateListeners. RoundRobin
service.beta.kubernetes.io/ksc-loadbalancer-cert-id Specifies the certificate ID when the protocol is HTTPS. For more information, see the CertificateId field in CreateListeners. N/A
service.beta.kubernetes.io/ksc-loadbalancer-session-state Specifies whether to enable session persistence. For more information, see the SessionState field in CreateListeners. start
service.beta.kubernetes.io/ksc-loadbalancer-session-persistence-period Specifies the session persistence timeout period. For more information, see the SessionPersistencePeriod field in CreateListeners. 3600
service.beta.kubernetes.io/ksc-loadbalancer-cookie-type Specifies the cookie type when the protocol is HTTP. For more information, see the CookieType field in CreateListeners. ImplantCookie
service.beta.kubernetes.io/ksc-loadbalancer-cookie-name Specifies the cookie name when the protocol is HTTP. For more information, see the CookieName field in CreateListeners. N/A
service.beta.kubernetes.io/ksc-loadbalancer-healthcheck-state Specifies whether to enable health checks. For more information, see the HealthCheckState field in ConfigureHealthCheck. stop
service.beta.kubernetes.io/ksc-loadbalancer-healthy-threshold Specifies the health threshold. For more information, see the HealthyThreshold field in ConfigureHealthCheck. N/A
service.beta.kubernetes.io/ksc-loadbalancer-healthcheck-interval Specifies the health check interval. For more information, see the Interval field in ConfigureHealthCheck. N/A
service.beta.kubernetes.io/ksc-loadbalancer-healthcheck-timeout Specifies the health check timeout period. For more information, see the Timeout field in ConfigureHealthCheck. N/A
service.beta.kubernetes.io/ksc-loadbalancer-healthcheck-urlpath HTTP Specifies the health check URL of the HTTP listener. For more information, see the UrlPath field in ConfigureHealthCheck. N/A
service.beta.kubernetes.io/ksc-loadbalancer-unhealthy-threshold Specifies the unhealthy threshold. For more information, see the UnhealthyThreshold field in ConfigureHealthCheck. N/A
service.beta.kubernetes.io/ksc-loadbalancer-healthcheck-hostname HTTP Specifies the domain name for HTTP health checks. For more information, see the HostName field in ConfigureHealthCheck. N/A
service.beta.kubernetes.io/ksc-loadbalancer-healthcheck-is-default-hostname Resets the domain name for health checks. For more information, see the IsDefaultHostName field in ConfigureHealthCheck. N/A

Notes:

  • Do not manually delete an SLB instance that is automatically created by Kubernetes for a Service.
  • Do not manually change an SLB listener that is automatically created by Kubernetes for a Service.
On this page
Previous:Manage Services
Next:Create a Traefik Ingress Service
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback