All Products
Search
Document Center

The SLB address exposed by LoadBalancer cannot be connected in the Kubernetes cluster

Last Updated: Jul 02, 2020

Description

Some nodes in the Kubernetes cluster can access the Local SLB exposed by the cluster, but some nodes cannot access the SLB exposed by the cluster, and Ingress has many problems.

Causes

Local SLB instances can be accessed only when the corresponding backend Pod is deployed on the Node.

Workaround

Alibaba Cloud reminds you that:

  • When you perform operations that have risks, such as modifying instances or data, check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • Before you modify the configurations and data of instances including but not limited to ECS and RDS instances, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify such information in a timely manner.

If you encounter this problem, you can use the following method to solve the problem. We recommend that you use the first method.

  • In a Kubernetes cluster, access through a service name or ClusterIP.
    The Ingress service name is: nginx-ingress-lb.kube-system
  • Change the externalTrafficPolicy in the LoadBalancer Service to Cluster. However, source IP addresses may be lost during application. You can run the following command to change the Ingress Service:
    kubectl edit svc nginx-ingress-lb -n kube-system
  • If it is an ENI in the Terway or a Cluster with multiple ENI IP addresses, change the externalTrafficPolicy in the LoadBalancer Service to Cluster and add a pass-through annotation to the ENI. For example, annotation: service.beta.kubernetes.io/backend-type:"eni" the source IP address can be retained and the access within the cluster is normal. For more information, see access a service through Server Load Balancer (Server Load Balancer).
    apiVersion: v1
    kind: Service
    metadata:
    annotations:
      service.beta.kubernetes.io/backend-type: eni
    labels:
      app: nginx-ingress-lb
    name: nginx-ingress-lb
    namespace: kube-system
    spec:
    externalTrafficPolicy: Cluster

Application scope

  • Alibaba Cloud Container Service for Kubernetes

Description: before upgrading to Kubernetes V1.14, check whether the corresponding configurations are configured to eliminate the risk of problems after the upgrade.