Expose the service port to the Internet or intranet by customizing Alibaba Cloud Server Load Balancer NAT mapping. The Agent must be upgraded to the latest version to support this extension capability label.
The label format is as follows. Variables with
$ are placeholders.
To better use the custom Server Load Balancer
lb label, you must understand three ports used in a routing request: the Server Load Balancer frontend port, the Server Load Balancer backend port (namely, the Elastic Compute Service (ECS) instance port), and the container port.
Take the first
aliyun.lb.port_80 as an example. From left to right, port 80 in the key indicates the port to be exposed by the container, and port 8080 indicates the frontend port to be exposed by Server Load Balancer. The Server Load Balancer backend port is the ECS instance port, which can be obtained from host and container port mapping of the
ports label. The container port 80 corresponds to the host port 7777. So the backend port forwarded by Server Load Balancer is 7777.
lb label indicates that a request sent to the Web service:
- First enters port 8080 of the Server Load Balancer frontend.
- Then, is forwarded to port 7777 of the backend ECS instance.
- Enters port 80 of the container according to the port mapping of
- Finally, is submitted to the WordPress process in the container to provide the service.
The other three
lb labels also apply to the preceding explanation. All the Server Load Balancer instances configured by the
lb label do not go through the routing service built in the cluster, and you control the request routing by yourself.
Format requirements of the label statement:
- The Server Load Balancer instance can be specified by using its name or ID.
- The Server Load Balancer instance name is limited to 1–80 characters, including letters, numbers, hyphens (-), forward slashes (/), periods (.), and underscores (_).
- The container port is limited to 1–65535.
- The Server Load Balancer frontend port is limited to 1–65535.
Limits on deploying services with custom Server Load Balancer NAT mapping:
- You must create a Server Load Balancer instance, name it, and create the corresponding listening port. Then, provide the mapping container port
$container_port, the used protocol
$scheme(possible values include
udp), and the Server Load Balancer instance name
$slb_idby using extension labels, and specify the frontend port
$slb_front_portof the Server Load Balancer instance.
- You must specify the host and container port mapping of the service port to be exposed and then use the standard Dockerfile label
portsto specify the port mapping.
Note: You must specify the host port and this port cannot conflict with the host port mapped by other services. Server Load Balancer uses the host port to bind the backend ECS instance.
- A service can only use one or more Server Load Balancer instances to expose the service port. Services cannot share and use the same Server Load Balancer instance because they are distributed in different ECS instance backends.
- When using the lb label to configure Server Load Balancer routing, the default Server Load Balancer instance cannot be used.
- The host that has the service with Server Load Balancer NAT mapping deployed uses the same host and container port mapping. Therefore, these services only have one instance on each ECS.
- The supported Server Load Balancer protocol
$schemeincludes tcp, http, https, and udp.
- You must create a listening port in the Alibaba Cloud Server Load Balancer console.
- Log on to the Server Load Balancer console to modify the configurations for the Server Load Balancer instance used in Container Service, such as bandwidth limitation.
- The value of the
lblabel is that you do not need to bind the backend ECS instance of Server Load Balancer by yourself. After configuring the corresponding labels, the backend is bound automatically. Therefore, except for binding the Server Load Balancer backend, you must set and modify the Server Load Balancer instances in the Alibaba Cloud Server Load Balancer console.
- Container Service helps you generate a Resource Access Management (RAM) sub-account (you are required to activate RAM). This account has some Server Load Balancer permissions, but does not have the permission to create or delete Server Load Balancer instances. Use this account to help you manage the Server Load Balancer instances used in Container Service, for example, binding some nodes in the cluster as the service backend.
- In the whole lifecycle of the service, the
lblabel always works unless the service is deleted or the service is redeployed after
lblabel is deleted. Meanwhile, the Server Load Balancer instances configured in the
lblabel cannot be mixed.