Use the CCM to deploy services across clusters - Container Service for Kubernetes

The cloud controller manager (CCM) is a key system component of Container Service for Kubernetes (ACK). You can use the CCM to associate nodes in your cluster and Elastic Compute Service (ECS) instances outside your cluster with a Classic Load Balancer (CLB) instance. This prevents service interruptions during service migrations. You can use the CCM to distribute traffic to multiple Kubernetes clusters. Data backup and disaster recovery are also supported to ensure high availability of your services. In this topic, three typical scenarios are used to describe how to use the CCM to deploy services across clusters.

Prerequisites

A CLB instance is created in the CLB console. The instance resides in the same region as your cluster. For more information, see Create and manage a CLB instance.
The CCM version is 2.0.1 or later.

Background information

The CCM enables the integration between Kubernetes and Alibaba Cloud services, such as CLB and Virtual Private Cloud (VPC). The CCM provides features such as load balancing and cross-node communication.

If you specify Type=LoadBalancer for a Service, the CCM automatically creates or configures a CLB instance for the Service. The CCM also configures listeners and backend server groups for the CLB instance.
When the endpoint of an Elastic Compute Service (ECS) instance in a vServer group for a Service is changed or the cluster nodes are changed, the CCM automatically updates the vServer groups of the CLB instance.

For more information, see Cloud Controller Manager.

Scenario 1: Distribute traffic to nodes in a cluster and ECS instances outside the cluster

You can use the CCM to associate both nodes in a cluster and ECS instances outside the cluster with a CLB instance. This way, the CLB instance can distribute traffic to nodes in your cluster and nodes outside your cluster.

Create a file named my-nginx-svc.yaml and copy the following content to the file:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: ${YOUR_LB_ID}             // Replace ${YOUR_LB_ID} with the ID of the CLB instance that you created in the CLB console. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "false"  // If you set the value to false, the CCM does not manage listeners for the CLB instance. 
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:   // Set the selector to the value of the matchLabels parameter in the my-nginx.yaml file. In this example, the selector is set to app: nginx. This associates the Service with the backend application. 
    app: nginx      
  type: LoadBalancer

Note

The CCM uses the specified CLB instance for load balancing and configures the CLB instance based on the specified annotations. For example, the CCM automatically creates multiple vServer groups for the CLB instance.
The CCM supports a variety of annotations that you can use to customize load balancing features by using Alibaba Cloud services. For information, see Use annotations to configure load balancing.

Run the following command to create a Service named my-nginx-svc:
```
kubectl apply -f my-nginx-svc.yaml
```
Log on to the CLB console, create listeners for the CLB instance, and then associate the vServer groups created by the CCM with the CLB instance.
For more information, see Listener overview.
Important The listening ports of the CLB instance must be the same as the Service ports.
Log on to the CLB console and add ECS instances outside your cluster to the vServer groups created by the CCM. Then, specify weights for these ECS instances.
For more information, see Create and manage a vServer group.
After you complete the configuration, go to the Edit VServer Group page of the CLB instance in the CLB console. You can view the node (callout 1) inside your cluster and the ECS instance (callout 2) outside your cluster, as shown in the following figure. Application scaling within your cluster does not affect the ECS instance outside your cluster.

Scenario 2: Set weights for nodes in the cluster and ECS instances outside the cluster

Notes

You cannot share vServer groups among CLB instances.
A vServer group can be associated only with one port.
The weights of the nodes in the cluster are set by the CCM. You need to manually set weights for the ECS instances outside the cluster.

Procedure

Log on to the CLB console and create a vServer group with no servers. Record the ID of the vServer group.
For more information, see Create and manage a vServer group.
Create a listener for the CLB instance and associate the listener with the vServer group that you created. Record the ID of the CLB instance.
For more information, see Listener overview.
Important The listening ports of the CLB instance must be the same as the Service ports.
Add the ECS instance outside the cluster to the vServer group and set the weight of the ECS instance.
For more information, see Create and manage a vServer group.

Create a file named service.yaml and copy the following content to the file:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "lb-xxxxx"  // Replace lb-xxxxx with the ID of the CLB instance that you created in the CLB console. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"   // Replace ${YOUR_VGROUP_ID} with the ID of the vServer group that you created.     
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "60"   // Set the Service weight. This annotation is optional. 
  name: nginx-svc
  namespace: default
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  sessionAffinity: None
  type: LoadBalancer

Run the following command to create a Service named service:
```
kubectl apply -f service.yaml
```
After you complete the configuration, go to the Edit VServer Group page of the CLB instance in the CLB console. You can view the node (callout 1) inside your cluster and the ECS instance (callout 2) outside your cluster, as shown in the following figure. Application scaling within your cluster does not affect the ECS instance outside your cluster.

Scenario 3: Distribute traffic to multiple Kubernetes clusters

In most cases, an enterprise takes various measures, such as data backup and disaster recovery across clusters, to ensure high availability for services. To achieve this goal, the enterprise can use a CLB instance to distribute traffic to multiple Kubernetes clusters based on the weights of backend servers, as shown in the following figure.

Important

You cannot share vServer groups among CLB instances.
A vServer group can be associated only with one port.
The Services that are exposed by the CLB instance must have different names and are deployed in different namespaces.

Log on to the CLB console and create a vServer group with no servers.
For more information, see Create and manage a vServer group.
Log on to the CLB console, create listeners for the CLB instance, and then associate the vServer groups created in the preceding step with the CLB instance.
For more information, see Listener overview.
Important The listening ports of the CLB instance must be the same as the Service ports.

Create a file named service-a.yaml in Cluster A and copy the following content to the file:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "${YOUR_LB_ID}"                   // Replace ${YOUR_LB_ID} with the ID of the CLB instance that you created in the CLB console. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"   // Replace ${YOUR_VGROUP_ID} with the ID of the vServer group that you created. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "20"                          // Set the Service weight. This annotation is optional. 
  name: service-a     // The name of the file. 
  namespace: default
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  sessionAffinity: None
  type: LoadBalancer

Note If you want to set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port to multiple port-to-vServer group mappings, separate the mappings with commas (,). Example: "${YOUR_VGROUP_ID_1}:80, ${YOUR_VGROUP_ID_2}:443".

Run the following command to create a Service named service-a:
```
kubectl apply -f service-a.yaml
```

Create a file named service-b.yaml in Cluster B and copy the following content to the file:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "${YOUR_LB_ID}"                  // Replace ${YOUR_LB_ID} with the ID of the CLB instance that you created in the CLB console. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"  // Replace ${YOUR_VGROUP_ID} with the ID of the vServer group that you created. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "80"                         // Set the Service weight. This annotation is optional. 
  name: service-b      // The name of the file. 
  namespace: default
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  sessionAffinity: None
  type: LoadBalancer

Run the following command to create a Service named service-b:
```
kubectl apply -f service-b.yaml
```
After the configuration is completed, go to the Edit VServer Group page of the CLB instance in the CLB console. You can view the nodes of Cluster A and also nodes of Cluster B. The weight of each node is automatically configured based on the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation. Application scaling results are automatically synchronized to the vServer groups of the CLB instance.