Use Services to expose applications - Container Compute Service

Each pod in Kubernetes clusters has an IP address. Pods are frequently created and deleted in Kubernetes. As a result, pod IP addresses frequently change. Therefore, it is not practical to directly expose pods to external access. A Service provides a persistent IP address to expose the backend pods of the Service to external services and frontend applications. This eliminates the need to manually specify the backend pods and their IP addresses when you access the pods. Services decouple the frontend from the backend to provide stable external services. This topic describes how to create Services and use Services to expose applications in the Alibaba Cloud Container Compute Service (ACS) console or by using kubectl.

Method 1: Create a Service in the ACS console

Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Cluster page, click the name of the cluster that you want to manage. In the left-side navigation pane of the cluster details page, choose Networks > Services. In the upper-right corner of the Services page, click Create.

In the Create Service dialog box, set the following parameters and click OK.

Parameter	Description	Example
Name	Enter a name for the Service.	my-nginx-svc
Service Type	The type of Service. This parameter specifies how the Service is accessed. Valid values: Cluster IP: the ClusterIP type Service. This type of Service is exposed by using the internal IP address of the cluster. If you select this option, the Service is accessible only within the cluster. Note The Headless Service check box is displayed if you choose Cluster IP. If you select this check box, you can use a headless Service to interface with other service discovery mechanisms, without being tied to the implementation of service discovery in Kubernetes. SLB: the LoadBalancer type Service. This type of Service uses Internet-facing Server Load Balancer (SLB) instances or internal-facing SLB instances to enable external access or internal access. You can also use a LoadBalancer Service to route traffic to ClusterIP Services. Create SLB Instance: If you select Pay-by-specification, you can click Change Specification to change the specification of the SLB instance. Use Existing SLB Instance: You can select an existing SLB instance. Note If you use an existing SLB instance, the listeners of the SLB instance overwrite the listeners of the Service. The SLB instance that is created for a Service cannot be shared by other Services. If you use the SLB instance to expose other Services, the SLB instance may be deleted. Only SLB instances that are manually created in the console or by calling the API can be used to expose multiple Services. Kubernetes Services that share the same SLB instance must use different frontend listener ports. Otherwise, port conflicts occur. If you use one SLB instance to expose multiple Services, Kubernetes uses listener names and vServer group names as unique identifiers. Do not modify the names of listeners or vServer groups. You cannot share SLB instances across clusters.	Create Service: Service Type: SLB SLB Type: CLB Select Resource: Create Resource Create CLB Instance: Access Method: Internal Access Use the default values for other parameters.
Backend	Select the backend application that you want to associate with the Service. If you do not select a backend application, no Endpoint objects are created. For more information, see Services without selectors.	Name: app Value: nginx
Port Mapping	Specify a Service port and a container port. The Service port corresponds to the `port` field in the YAML file and the container port corresponds to the `targetPort` field in the YAML file. The container port must be the same as the port that is exposed in the backend pod.	Service Port: 80 Container Port: 80 Protocol: TCP
Annotations	Add one or more annotations to the ClusterIP or LoadBalancer Service. Note Alibaba Cloud annotations take effect only when you select SLB for Service Type. For example, you can use the `service.beta.kubernetes.io/alicloud-loadbalancer-bandwidth:2` annotation to set the maximum bandwidth of the Service to 2 Mbit/s in order to limit the amount of traffic that flows through the Service. For more information about annotations, see Use annotations to configure CLB instances.	None
Label	Add one or more labels to the Service. Labels are used to identify the Service.	None

After the Service is created, a Service named my-nginx-svc is displayed on the Services page.

Method 2: Create a Service by using kubectl

Use kubectl on Cloud Shell to manage ACK clusters.

Create a file named my-nginx-svc.yaml and copy the following content to the file.

Show the content of my-nginx-svc.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet"
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Parameter	Description
`kind`	Specifies that the resource object is a Service.
`metadata`	Defines the basic information about the Service, such as the name, labels, and namespace.
`metadata.annotations`	ACS supports a wide variety of SLB annotations. In the preceding YAML template, the `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type` annotation is set to `intranet`, which indicates that the Service is internal-facing. For more information, see Use annotations to configure CLB instances.
`spec.selector`	Defines the label selector of the Service. The Service exposes the pods with labels that match the label selector.
`spec.ports.port`	Specifies the Service port that is exposed to the cluster IP address. You can access the Service from within the cluster by sending requests to `clusterIP:port`.
`spec.ports.targetPort`	Specifies the port of the backend pod to receive traffic. The traffic that flows through the Service `port` is forwarded by kube-proxy to the port (specified by `targetPort`) of the backend pod and then transmitted to the containers.
`spec.type`	Defines how the Service is accessed. `LoadBalancer`: The Service is exposed by using an SLB instance. If you do not associate an existing SLB instance with the Service, the system automatically creates one. By default, the automatically created SLB instance is Internet-facing. You can set `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type` to `intranet` to create a Service for internal access and an internal-facing SLB instance for this Service. `ClusterIP`: exposes the Service within the cluster. A ClusterIP Service is accessible from within the cluster. Important ACS does not support NodePort Services. NodePort Services cannot be created and do not take effect in ACS clusters.

Run the following command to create a Service:
```
kubectl apply -f my-nginx-svc.yaml
```

Run the following command to check whether the Service is created:

kubectl get svc my-nginx-svc

Expected output:

NAME           TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)   AGE
my-nginx-svc   LoadBalancer   172.16.XX.XX   192.168.XX.XX   80/TCP    13s

Related operations

Update a Service

Method 1: Run the following command to update a Service:
```
kubectl edit service my-nginx-svc
```
Method 2: Manually delete a Service. Then, modify the Service YAML file and use the modified YAML file to create a new Service:
```
kubectl apply -f my-nginx-svc.yaml
```

View a Service

Run the following command to view a Service:

kubectl get service my-nginx-svc

Expected output:

NAME           TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)   AGE
my-nginx-svc   LoadBalancer   172.16.XX.XX   192.168.XX.XX   80/TCP    13s

Delete a Service

Run the following command to delete a Service:
```
kubectl delete service my-nginx-svc
```