Virtual nodes of Alibaba Cloud Serverless Kubernetes support the service discovery for intranet services, headless services, and ClusterIP services.

Prerequisites

  • You need to activate Alibaba Cloud DNS PrivateZone in the Alibaba Cloud DNS console first.
  • For more information about how to create a virtual node in a Kubernetes cluster, see Virtual nodes.
  • You have connected to the Kubernetes clusters. For more information, see Connect to Kubernetes clusters through kubectl.

Preparation

After you deploy a virtual node through Chart, you need to confirm that the relevant environment variables are configured correctly.

  1. Log on to the Container Service console.
  2. In the left-side navigation pane under Container Service - Kubernetes, choose Marketplace > App Catalog. On the left-side page, select ack-virtual-node.
  3. On the App Catalog - ack-virtual-node page, click the Parameters tab to customize parameter configurations as follows.
    • ECI_VPC: The VPC ID used by the Kubernetes cluster. It needs to be replaced with the VPC ID of the current cluster.
    • ALIYUN_CLUSTERID: The ID of the Kubernetes cluster. It needs to be replaced with the ID of the current cluster. Required. You are not allowed to set the value to default.

Procedure

  1. Deploy a Deployment and create a Service.

    The sample template is as follows, copy the following yaml code to the yaml file. Then run the kubectl create -f nginx-service-ack.yaml command to create it.

    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-headless-service
      annotations:
         service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      clusterIP: None
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-clusterip-service
      annotations:
         service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      type: ClusterIP
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-intranet-service
      annotations:
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
        service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      type: LoadBalancer
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx-deployment
      labels:
        app: nginx
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            image:  nginx:alpine
            ports:
            - containerPort: 80
    Note The service in a Kubernetes cluster is not synchronized to PrivateZone by default. You need to add the following information to the service to synchronize the resolution records to PrivateZone:
      annotations:
         service.beta.kubernetes.io/alibaba-cloud-private-zone-enable: "true"
    The virtual node Controller synchronizes the resolution records of the service to PrivateZone.
  2. Log on to the Alibaba Cloud DNS console.
  3. In the left-side navigation pane, click PrivateZone > All Zones. A record is automatically generated in the zone list.
    All Zones
  4. Click Configure. The Resolution Settings page appears.
    Note The format of host machine record is $svc.$ns, and the record corresponds to an IP resolution. Resolution rules are as follows:
    • LoadBalancer service: corresponds to only one resolution record in PrivateZone, which is the SLB IP.
    • ClusterIP service: corresponds to multiple resolution records in PrivateZone, which are the IPs of the backend pods.
    • Headless service: corresponds to multiple resolution records in PrivateZone, which are the IPs of the backend pods.
    You can access the service by using the private domain name in the VPC. The private domain name can be a long domain name or a short domain name.
    • A long domain name: You can use $svc.$ns.svc.cluster.local.$clusterId to connect to services in other clusters that are synchronized to PrivateZone.
    • A short domain name: You can use $svc to connect to the service under this namespace and use $svc.$ns to connect to services in other namespaces.