You can implement service discovery on virtual nodes in Container Service for Kubernetes (ACK) clusters. The following types of Services are supported for service discovery: intranet Services, headless Services, and ClusterIP Services.

Prerequisites

Set up the environment

After you use a Helm chart to deploy a virtual node, verify that the relevant environment variables are valid.

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, choose Marketplace > App Catalog.
  3. On the Marketplace page, click the App Catalog tab. Find and click ack-virtual-node.
  4. On the ack-virtual-node page, click Deploy.
  5. In the Deploy wizard, select a cluster and namespace, and then click Next.
  6. On the Parameters wizard page, set the parameters and click OK.
    • ECI_VPC: The ID of the virtual private cloud (VPC) where the ACK cluster is deployed. Replace it with the VPC ID of your cluster.
    • ALIYUN_CLUSTERID: The ID of the ACK cluster. Replace it with the ID of your cluster. Do not set the value to default or leave this parameter empty.

Procedure

  1. Create a Deployment and Services.

    Copy the following sample code to a YAML file and run the kubectl create -f nginx-service-ack.yaml command to create a Deployment and Services:

    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-headless-service
      annotations:
         service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      clusterIP: None
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-clusterip-service
      annotations:
         service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      type: ClusterIP
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-intranet-service
      annotations:
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
        service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      type: LoadBalancer
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx-deployment
      labels:
        app: nginx
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            image:  nginx:alpine
            ports:
            - containerPort: 80
    Note By default, the DNS records of Services in an ACK cluster are not synchronized to Alibaba Cloud DNS PrivateZone. To synchronize these records, you must add the following annotation to the Service configuration:
      annotations:
         service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    This way, the virtual node controller synchronizes the DNS records of the Services to Alibaba Cloud DNS PrivateZone.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click PrivateZone. On the Hosted Zones tab, you can view the PrivateZone records that are automatically generated in each zone.
    List of Hosted Zones
  4. In the list of Hosted Zones, find the zone that you want to configure and click Configure in the Actions column. The Resolution Settings page appears.
    Configure DNS records
    Note All PrivateZone records are in the $svc.$ns format. Each PrivateZone record maps a Service to an IP address. Comply with the following rules to parse columns:
    • A LoadBalancer Service corresponds only to one PrivateZone record. The record maps the Service to the IP address of a Server Load Balancer (SLB) instance.
    • A ClusterIP Service corresponds to multiple PrivateZone records. The records map the Service to the IP addresses of its backend pods.
    • A headless Service corresponds to multiple PrivateZone records. The records map the Service to the IP addresses of its backend pods.
    You can access a Service from within the VPC by using the private domain name of the Service.
    • You can use $svc.$ns.svc.cluster.local.$clusterId to access Services in your cluster. You can also use $svc.$ns.svc.cluster.local.$clusterId to access Services in other clusters after the Services are synchronized to Alibaba Cloud DNS PrivateZone.
    • You can use $svc to access Services in the current namespace and use $svc.$ns to access Services in other namespaces.