Container Service for Kubernetes (ACK) allows you to use a Server Load Balancer (SLB) instance to expose a Service. To access the Service from outside the cluster, you can use the domain name of the SLB instance or the connection string <IP:Service port>. To access the Service from within the cluster, you can use the connection string <Service name:Service port>. This topic describes how to use an existing SLB instance to expose an application. An NGINX application is used as an example.

Prerequisites

An SLB instance is created in the SLB console. The SLB instance is deployed in the region where your cluster is deployed. For more information about how to create an SLB instance, see Create a CLB instance.

Background information

By default, cloud controller manager (CCM) v1.9.3.59-ge3bc999-aliyun and later do not automatically configure listeners for existing SLB instances. You can enable CCM to configure listeners for an SLB instance by adding the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "true". You can also manually configure listeners for an SLB instance.

You can use the following methods to check the CCM version:
  • Use the ACK onsole: Log on to the ACK console and check the CCM version on the Add-ons page.
    1. Log on to the the ACK console.
    2. In the left-side navigation pane, click Clusters.
    3. On the Clusters page, find the cluster that you want to manage, and choose More > Manage System Components in the Actions column. On the Add-ons page, check the CCM version on the Core Components tab.
  • Use kubectl: Run the following command to check the CCM version. This method applies only to ACK dedicated clusters.
    kubectl get pod -n kube-system -o yaml|grep image:|grep cloud-con|uniq

Considerations

  • When you use an existing SLB instance to expose an application, take note of the following limits:
    • The SLB instance must be created in the SLB console. You cannot reuse SLB instances that are automatically created by CCM.
    • To reuse an internal-facing SLB instance for a cluster, the SLB instance and the cluster must be deployed in the same virtual private cloud (VPC).
    • The network type of the SLB instance must be consistent with the connection method of the Service. If the Service is used for Internet access (service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "internet"), the network type of the SLB instance must be Internet-facing. If the Service is used for internal access (service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet"), the network type of the SLB instance must be internal-facing.
    • The SLB instance must listen on different Service ports if the SLB instance exposes more than one Service.
  • CCM configures SLB instances only for Services that have Type=LoadBalancer configured. CCM does not configure SLB instances for other types of Services.
    Notice When a Service that has Type=LoadBalancer configured is changed to another type of Service, CCM deletes the configurations that are added to the related SLB instance. As a result, you can no longer use the SLB instance to access the Service.
  • CCM uses a declarative API and automatically updates the configurations of an SLB instance to match the configurations of the exposed Service when specific conditions are met. If you set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: to true, the SLB configurations that you update in the SLB console may be overwritten.
    Notice Do not modify the configurations of the SLB instance that is created and managed by CCM in the SLB console. Otherwise, the modifications may be overwritten and the Service may become inaccessible.
  • You cannot change the SLB instance that is associated to a LoadBalancer Service after the Service is created. To change the SLB instance, you must create a new Service.

SLB resource quotas

  • CCM creates SLB instances for Services that have Type=LoadBalancer configured. By default, you can have at most 60 SLB instances within your Alibaba Cloud account. To increase the quota, Submit a ticket.
    Note In the ticket, specify that you want to modify the slb_quota_instances_num parameter to increase the quota of SLB instances.
  • CCM automatically creates listeners that use Service ports for SLB instances. By default, each SLB instance supports at most 50 listeners. To increase the quota, submit a ticket.
    Note In the ticket, specify that you want to modify the slb_quota_listeners_num parameter to increase the quota of listeners for each SLB instance.
  • CCM automatically adds Elastic Compute Service (ECS) instances to the backend server groups of an SLB instance based on the Service configurations.
    • By default, an ECS instance can be added to at most 50 backend server groups. To increase the quota, Submit a ticket.
      Note In the ticket, specify that you want to modify the slb_quota_backendserver_attached_num parameter to increase the maximum number of backend server groups to which an ECS instance can be added.
    • By default, you can add at most 200 backend servers to an SLB instance. To increase the quota, submit a ticket.
      Note In the ticket, specify that you want to modify the slb_quota_backendservers_num parameter to increase the maximum number of backend servers that can be added to each SLB instance.

    For more information about SLB limits, see Limits. For more information about how to query SLB resource quotas, see the Quota Management page in the SLB console.

Step 1: Deploy an application

The following section describes how to use the kubectl command-line tool to deploy an application. For more information about how to deploy an application in the ACK console, see Create a stateless application by using a Deployment.

  1. Create a my-nginx.yaml file with the following YAML template:
    apiVersion: apps/v1 # for versions before 1.8.0 use apps/v1beta1
    kind: Deployment
    metadata:
      name: my-nginx    # The name of the application. 
      labels:
        app: nginx
    spec:
      replicas: 3       # The number of replicated pods. 
      selector:
        matchLabels:
          app: nginx     # You must specify the same value in the selector of the Service that is used to expose the application. 
      template:
        metadata:
          labels:
            app: nginx
        spec:
        #  nodeSelector:
        #    env: test-team
          containers:
          - name: nginx
            image: registry.aliyuncs.com/acs/netdia:latest     # Replace the value with the image address that you want to use. Format: <image_name:tags>. 
            ports:
            - containerPort: 80               # The port that you want to expose in the Service. 
  2. Run the following command to deploy the my-nginx application:
    kubectl apply -f my-nginx.yaml
  3. Run the following command to query the status of the application:
    kubectl get deployment my-nginx

    Expected output:

    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    my-nginx   3/3     3            3           50s

Step 2: Use an existing SLB instance to expose the application

You can create a LoadBalancer Service in the ACK console or by using kubectl. After the Service is created, you can use the Service to expose the application.

Use the ACK console

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Network > Services
  5. On the Services page, click Create in the upper-right corner of the page.
  6. In the Create Service dialog box, set the parameters.
    service
    Parameter Description Example
    Name Enter a name for the Service. my-nginx-svc
    Type The type of Service. This parameter determines how the Service is accessed.
    Overwrite Existing Listeners: Specify whether to overwrite the listeners of the selected SLB instance. If you select this check box but the SLB instance does not have listeners, the system automatically creates listeners for the SLB instance.
    Note
    • If the listeners of the SLB instance are associated with applications, access to the applications may be interrupted after the listener configurations are overwritten.
    • CCM supports limited backend configurations and cannot handle complex configurations. If you require complex backend configurations, you can manually configure listeners in the SLB console without overwriting the existing listeners.

    In both cases, we recommend that you do not overwrite the configurations of the listeners. However, you can overwrite the configuration of a listener if the listening port is no longer used.

    • Choose Server Load Balancer > Public Access > Use Existing SLB Instance and select an SLB instance from the drop-down list.
    • In this example, a new SLB instance is created and new listeners must be created. Therefore, Overwrite Existing Listeners is selected.
    Backend Select the backend application that you want to associate with the Service. If you do not associate the Service with a backend application, no Endpoint object is created. You can manually associate the Service with a backend application. For more information, see services-without-selectors. my-nginx
    External Traffic Policy Select a policy to distribute external traffic.
    • Local: This policy routes traffic only to pods on the node where the Service is deployed.
    • Cluster: This policy can route traffic to pods on other nodes in the cluster.
    Note The External Traffic Policy parameter is available only if you set Type to Node Port or Server Load Balancer.
    Local
    Port Mapping Specify a Service port and a container port. The Service port corresponds to the port field in the YAML file and the container port corresponds to the targetPort field in the YAML file. The container port must be the same as the one that is exposed in the backend pod. 80
    Annotations Add one or more annotations to the Service to configure the SLB instance. You can select Custom Annotation or Alibaba Cloud Annotation from the Type drop-down list. For more information, see Use annotations to configure load balancing.

    In this example, two annotations are added to specify the pay-by-bandwidth billing method and set the maximum bandwidth to 2 Mbit/s to limit the amount of traffic that flows through the Service.

    • Type: Alibaba Cloud Annotation
    • Name:
      • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-charge-type
      • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth
    • Value:
      • paybybandwidth
      • 2
    Label Add one or more labels to the Service. Labels are used to identify the Service. N/A
  7. Click Create.
    On the Services page, you can view the created Service. endpoint
  8. Click 39.106.XX.XX:80 in the External Endpoint column to access the sample application.

Use kubectl

  1. Create a my-nginx-svc.yaml file with the following YAML template.
    • Replace the value ${YOUR_LB_ID} of service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id with the ID of the SLB instance that you created in the SLB console.
    • If you use an existing SLB instance, CCM does not create listeners for the SLB instance or overwrite the listeners of the SLB instance by default. If you want CCM to create new listeners or overwrite existing listeners, set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners to true. In this example, a new SLB instance is created and new listeners must be created. Therefore, set this annotation to true. For more information, see Use annotations to configure load balancing.
    • To associate the Service with the backend application that you created, set selector to the value of the matchLabels field in the my-nginx.yaml file. In this example, set the value to app: nginx.
    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: ${YOUR_LB_ID}
        service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'true'
      labels:
        app: nignx
      name: my-nginx-svc
      namespace: default
    spec:
      ports:
      - port: 80
        protocol: TCP
        targetPort: 80
      selector:
        app: nginx
      type: LoadBalancer
  2. Run the following command to create a Service named my-nginx-svc and use the Service to expose the application:
    kubectl apply -f my-nginx-svc.yaml
  3. Run the following command to check whether the LoadBalancer Service is created:
    kubectl get svc my-nginx-svc

    Expected output:

    NAME           TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
    my-nginx-svc   LoadBalancer   172.21.5.82   39.106.XX.XX     80:30471/TCP   5m
  4. Run the curl <YOUR-External-IP> command to access the application. Replace YOUR-External-IP with the IP address displayed in the EXTERNAL-IP column in the preceding output.
    curl 39.106.XX.XX

    Expected output:

    <!DOCTYPE html>
    <html>
    <head>
    <title>Welcome to nginx!</title>
    <style>
        body {
            width: 35em;
            margin: 0 auto;
            font-family: Tahoma, Verdana, Arial, sans-serif;
        }
    </style>
    </head>
    <body>
    <h1>Welcome to nginx!</h1>
    <p>If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.</p>
    
    <p>For online documentation and support please refer to
    <a href="http://nginx.org/">nginx.org</a>.<br/>
    Commercial support is available at
    <a href="http://nginx.com/">nginx.com</a>.</p>
    
    <p><em>Thank you for using nginx.</em></p>
    </body>
    </html>