Use a service to expose an application - Container Compute Service

In Kubernetes, pods are ephemeral and their IP addresses are not static. This makes it difficult to expose them directly as a stable service. A Kubernetes service provides a stable endpoint with a fixed IP address. Frontend applications can connect to this IP address to access backend pods without tracking the IP addresses of individual pods. This decouples the frontend from the backend and ensures service stability. This topic describes how to create and expose a service in the Container Compute Service (ACS) console and using the kubectl command.

Method 1: Create a service in the console

Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Network > Services.

On the Services page, click Create. In the Create Service dialog box, configure the parameters.

Parameter	Description	Example
Name	Set the name of the service.	my-nginx-svc
Service Type	Select the type of service. This specifies how the service is accessed. Valid values include the following: Cluster IP: Exposes the service on an internal IP address in the cluster. If you select this value, the service is accessible only from within the cluster. Note When you select Cluster IP, you can configure a Headless Service. You can use a headless service to interface with other service discovery mechanisms without being tied to the Kubernetes implementation. SLB: Uses a Server Load Balancer (SLB) instance to expose the service. You can select Public Access or Internal Access. It can route traffic to ClusterIP services. Create Resource: If you select Pay-by-specification, you can click Change Specification to modify the SLB specification. Use Existing Resource: You can select an SLB specification from the list of existing SLB instances. Note If you use an existing SLB instance, its existing listeners are forcibly overwritten. SLB instances created by a service cannot be reused. This may cause the SLB instance to be unexpectedly deleted. You can only reuse SLB instances that you manually create in the console or by calling an OpenAPI operation. If you reuse an SLB instance for multiple services, make sure their frontend listener ports are different to avoid port conflicts. When you reuse an SLB instance, Kubernetes uses the names of the listener and the vServer group as unique identifiers. Do not change the names of the listener and the vServer group. You cannot reuse SLB instances across clusters.	Create Service: Service Type: SLB SLB Type: CLB Select Resource: Create Resource Create CLB Instance: Access Method: Internal Access Use the default values for other configurations.
Backend	Select the backend application to associate with the service. If you do not associate an application, the related Endpoint object is not created. For more information, see Services without selectors.	Name: app Value: nginx
Port Mapping	Add a service port, which corresponds to the `port` field in the service's YAML file, and a container port, which corresponds to the `targetPort` field in the service's YAML file. The container port must be the same as the port exposed by the backend pods.	Service Port: 80 Container Port: 80 Protocol: TCP
Annotations	Add an annotation to the service. You can configure annotations for ClusterIP or LoadBalancer service resources. Note Alibaba Cloud-related annotations take effect only when Service Type is set to SLB. For example, if you set `service.beta.kubernetes.io/alicloud-loadbalancer-bandwidth:2`, the peak bandwidth of the service is set to 2 Mbit/s to control service traffic. For more information about parameters, see Configure a Classic Load Balancer (CLB) instance using annotations.	None
Label	Add a label to identify the service.	None

After you configure the parameters, click OK.

After the service is created, you can find the new service named my-nginx-svc on the Services page.

Method 2: Create a service using kubectl

Connect to a Kubernetes cluster using kubectl in CloudShell.

Create a file named my-nginx-svc.yaml that contains the following content.

Click to view my-nginx-svc.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet"
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Field	Description
`kind`	Defines the resource object as a service.
`metadata`	Defines basic information about the service, such as its name, label, and namespace.
`metadata.annotations`	Container Compute Service (ACS) supports a wide range of annotations for load balancing. For example, in the preceding YAML sample, `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type` specifies that the service is `intranet` (internal-facing). For more information about annotations, see Configure a Classic Load Balancer (CLB) instance using annotations.
`spec.selector`	Defines the selector for the service. The service identifies the backend pods to expose based on the matching relationship between the selector and pod labels.
`spec.ports.port`	Defines the port that the service exposes on the ClusterIP. Clients inside the cluster can access the service at `clusterIP:port`.
`spec.ports.targetPort`	Defines the port on the backend pods. Traffic that enters through the `port` is routed by kube-proxy to the `targetPort` on the backend pods, and then into the containers.
`spec.type`	Defines how the service is accessed. `LoadBalancer`: Exposes the service using an Alibaba Cloud Server Load Balancer (SLB) instance. If you do not specify an existing SLB instance, a public-facing SLB instance is created by default. You can create an internal-facing service and a corresponding internal-facing SLB instance by setting the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type` annotation to `intranet`. `ClusterIP`: Exposes the service on an internal IP address in the cluster. This makes the service reachable only from within the cluster. Important Alibaba Cloud Container Compute Service (ACS) does not support NodePort services. If you try to create a service of this type, the operation fails or the service does not work.

Run the following command to create the service.
```
kubectl apply -f my-nginx-svc.yaml
```

Run the following command to verify that the service is created.

kubectl get svc my-nginx-svc

Expected output:

NAME           TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)   AGE
my-nginx-svc   LoadBalancer   172.16.XX.XX   192.168.XX.XX   80/TCP    13s

Related operations

Update a service

Method 1: Update the service by running the following command.
```
kubectl edit service my-nginx-svc
```
Method 2: Manually delete the old service, modify the YAML file, and then re-create the service by running the following commands.
```
kubectl apply -f my-nginx-svc.yaml
```

View a service

You can view the service.

kubectl get service my-nginx-svc

Expected output:

NAME           TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)   AGE
my-nginx-svc   LoadBalancer   172.16.XX.XX   192.168.XX.XX   80/TCP    13s

Delete a service

Run the following command to delete the service.

kubectl delete service my-nginx-svc