This topic provides answers to some frequently asked questions about container networks, Services, Ingresses, and DNS.
Table of contents
FAQ about container networks
FAQ about Terway
Which network plug-in should I choose for an ACK cluster, Terway or Flannel?
How do I enable load balancing within a cluster in Terway IPvlan mode?
How do I add the pod CIDR block to a whitelist if my cluster uses the Terway network plug-in?
FAQ about Flannel
FAQ about kube-proxy
How do I modify the IPVS load balancing algorithm in the kube-proxy configuration?
How do I modify the timeout period for IPVS UDP sessions in the kube-proxy configuration?
FAQ about IPv6
How do I fix common issues related to IPv4/IPv6 dual stack?
Other issues
Service FAQ
FAQ about Server Load Balancer (SLB)
Which external traffic policy should I use when I create a Service, Local or Cluster?
Why are no events collected during the synchronization between a Service and an SLB instance?
How do I handle an SLB instance that remains in the Pending state?
What do I do if the vServer groups of an SLB instance are not updated?
What do I do if the annotations of a Service do not take effect?
Why does the cluster fail to access the IP address of the SLB instance?
If I delete a Service, is the SLB instance associated with the Service automatically deleted?
FAQ about updates of the cloud controller manager (CCM)
FAQ about using existing SLB instances
Other issues
What do I do if errors occur in Services?
How do I configure listeners for a NodePort Service?
How do I access a NodePort Service?
How do I configure a proper node port range?
How is session persistence implemented in Kubernetes Services?
Ingress FAQ
FAQ about Ingress configurations
Which SSL or TLS protocol versions are supported by Ingresses?
Do Ingresses pass Layer 7 request headers to backend servers by default?
Can ingress-nginx forward requests to backend HTTPS servers?
Configure an Ingress controller to use an internal-facing SLB instance
How do I specify an existing SLB instance for ack-ingress-nginx deployed from the Marketplace page?
How do I change Layer 4 listeners to Layer 7 HTTP or HTTPS listeners for ingress-nginx?
FAQ about connectivity
Why do I fail to access the IP address of the LoadBalancer from within the Kubernetes cluster?
Why does the Ingress controller pod fail to access the Ingress controller?
Why do I fail to access gRPC Services that are exposed by an Ingress?
Why does the Ingress controller pod fail to preserve client IP addresses?
FAQ about canary releases
FAQ about errors
Why does the following error occur when you create an Ingress: "failed calling webhook"?
Why is the following error returned for HTTPS requests: SSL_ERROR_RX_RECORD_TOO_LONG?
Why does the following error occur: net::ERR_HTTP2_SERVER_REFUSED_STREAM?
Why does the following error occur: The param of ServerGroupName is illegal?
Why does the "certificate signed by unknown authority" error occur when I create an Ingress?
FAQ about other issues
DNS FAQ
What do I do if I cannot access a CoreDNS pod by running the exec command?
FAQ about network configurations
How do I access cluster workloads over the Internet?
Container Service for Kubernetes (ACK) allows you to use the following methods to access workloads over the Internet:
How do I configure the pods to obtain the real IP addresses of clients?
If Web Application Firewall (WAF) is used and your cluster uses SLB instances to provide external services, set
externaltrafficpolicy
toLocal
for the Services that are used to expose the pods. This way, you can obtain the real IP addresses of clients. If your cluster uses Ingresses to provide external services, setexternaltrafficpolicy
toLocal
for the nginx-ingress-lb Service.For more information about WAF, see Use WAF or transparent WAF.