All Products
Search
Document Center

Container Service for Kubernetes:Enable service discovery based on Alibaba Cloud DNS PrivateZone

Last Updated:Jan 03, 2024

If you want to map private domain names in one or more virtual private clouds (VPCs) to IP addresses and block access to these private domain names from other networks, you can use the service discovery feature based on Alibaba Cloud DNS PrivateZone. ACK Serverless provides the service discovery feature to allow you to resolve and manage private domain names in VPCs. The service discovery feature supports intranet Services, headless Services, and ClusterIP Services.

Prerequisites

Billing

For more information about the billing rules of Alibaba Cloud DNS PrivateZone, see Pricing.

Procedure

  1. Deploy a Deployment and create Services.

    The following code block is a sample template. Copy the following YAML content to a YAML file and run the kubectl create -f nginx-service.yaml command to create Services.

    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-headless-service
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      clusterIP: None
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-clusterip-service
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      type: ClusterIP
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-intranet-service
      annotations:
        service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
    spec:
      ports:
      - port: 80
        protocol: TCP
      selector:
        app: nginx
      type: LoadBalancer
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx-deployment
      labels:
        app: nginx
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            image:  nginx:alpine
            ports:
            - containerPort: 80
  2. Run the following command to query the status of the Deployment:

    kubectl get svc,pod,deployment
  3. Log on to the Alibaba Cloud DNS console.

  4. In the left-side navigation pane, click Private DNS (PrivateZone). In the upper-right part of the page, click Configuration Mode and click the Built-in Authoritative Module tab in the middle of the page. Then, click User Defined Zones.

  5. On the User Defined Zones tab, click Resource Records Settings in the Actions column of the domain name that you want to manage.

    Note

    PrivateZone records use the $svc.$ns format to resolve domain names to IP addresses. Take note of the following rules when you create PrivateZone records:

    • A LoadBalancer Service corresponds to only one PrivateZone record. The record maps the Service to the IP address of the Server Load Balancer (SLB) instance.

    • A ClusterIP Service corresponds to only one PrivateZone record. The record maps the Service to the IP address of the cluster.

    • A headless Service corresponds to multiple PrivateZone records. The records map the Service to the IP addresses of backend pods.

    You can access a Service within the VPC through the private domain name of the Service.

    • You can use $svc.$ns.svc.cluster.local.$clusterId to access Services that are discovered in the current cluster. You can also use the long domain name to access Services in other clusters after you use Alibaba Cloud DNS PrivateZone to discover these Services.

    • You can use $svc to access Services in the current namespace and use $svc.$ns to access Services in other namespaces.

    For more information, see serverless-k8s-examples.

References

In addition to Alibaba Cloud DNS PrivateZone, you can also use CoreDNS to provide DNS resolution services in ACK Serverless clusters. For more information, see How DNS resolution works in ACK Serverless clusters.