The cloud controller manager (CCM) is a key system component of Container Service for Kubernetes (ACK). You can use the CCM to associate nodes in your cluster and Elastic Compute Service (ECS) instances outside your cluster with a Classic Load Balancer (CLB) instance. This prevents service interruptions during service migrations. You can use the CCM to distribute traffic to multiple Kubernetes clusters. Data backup and disaster recovery are also supported to ensure high availability of your services. In this topic, two typical scenarios are used to describe how to use the CCM to deploy services across clusters.

Prerequisites

  • A CLB instance is created in the CLB console. The instance resides in the same region as your cluster. For more information, see Create a CLB instance.

  • The CCM version is 2.0.1 or later.

Background information

The CCM enables the integration between Kubernetes and Alibaba Cloud services, such as CLB and Virtual Private Cloud (VPC). The CCM provides features such as load balancing and cross-node communication.

  • If you specify Type=LoadBalancer for a Service, the CCM automatically creates or configures a CLB instance for the Service. The CCM also configures listeners and backend server groups for the CLB instance.
  • If the endpoint of a Service is changed or the cluster nodes are changed, the CCM automatically updates the vServer groups of the CLB instance.

For more information, see Cloud Controller Manager.

Scenario 1: Distribute traffic to nodes in a cluster and ECS instances outside the cluster

You can use the CCM to associate both nodes in a cluster and ECS instances outside the cluster with a CLB instance. This way, the CLB instance can distribute traffic to nodes in your cluster and nodes outside your cluster.

CLB traffic distribution
  1. Create a my-nginx-svc.yaml file and copy the following content to the file:
    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: ${YOUR_LB_ID}             // Replace ${YOUR_LB_ID} with the ID of the CLB instance that you created in the CLB console. 
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "false"  // If you set the value to false, the CCM does not manage listeners for the CLB instance. 
      labels:
        app: nignx
      name: my-nginx-svc
      namespace: default
    spec:
      ports:
      - port: 80
        protocol: TCP
        targetPort: 80
      selector:   // Set the selector to the value of the matchLabels parameter in the my-nginx.yaml file. In this example, the selector is set to app: nginx. This associates the Service with the backend application. 
        app: nginx      
      type: LoadBalancer
    Note
    • The CCM uses the specified CLB instance for load balancing and configures the CLB instance based on the specified annotations. For example, the CCM automatically creates multiple vServer groups for the CLB instance.
    • The CCM supports a variety of annotations that you can use to customize load balancing features by using Alibaba Cloud services. For more information, see Use annotations to configure load balancing.
  2. Run the following command to create a my-nginx-svc Service:
    kubectl apply -f my-nginx-svc.yaml
  3. Log on to the CLB console, create listeners for the CLB instance, and then associate the vServer groups created by the CCM with the CLB instance.
    For more information, see Listener overview.
    Notice The listening ports of the CLB instance must be the same as the Service ports.
  4. Log on to the CLB console and add ECS instances outside your cluster to the vServer groups created by the CCM. Then, specify weights for these ECS instances.
    For more information, see Create a vServer group.
    Verify the result

    After you complete the configuration, go to the Edit VServer Group page of the CLB instance in the CLB console. You can view the node inside your cluster and the ECS instance outside your cluster. Application scaling within your cluster does not affect the ECS instance outside your cluster.

Scenario 2: Distribute traffic to multiple Kubernetes clusters

In most cases, an enterprise takes various measures, such as data backup and disaster recovery across clusters, to ensure high availability for services. To achieve this goal, the enterprise can use a CLB instance to distribute traffic to multiple Kubernetes clusters based on the weights of backend servers, as shown in the following figure.

CLB traffic distribution
Notice
  • You cannot share vServer groups among CLB instances.
  • A vServer group can be associated only with one port.
  1. Log on to the CLB console and create a vServer group with no servers.
    For more information, see Create a vServer group.
  2. Log on to the CLB console, create listeners for the CLB instance, and then associate the vServer groups that are created in the previous step.
    For more information, see Listener overview.
    Notice The listening ports of the CLB instance must be the same as the Service ports.
  3. Create a service-a.yaml file in Cluster A and copy the following content to the file:
    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "${YOUR_LB_ID}"                   // Replace ${YOUR_LB_ID} with the ID of the CLB instance that you created in the CLB console. 
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"   // Replace ${YOUR_VGROUP_ID} with the ID of the vServer group that you created. 
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "20"                          // Set the Service weight. This annotation is optional. 
      name: service-a     // The name of the file. 
      namespace: default
    spec:
      ports:
      - name: http
        port: 80
        protocol: TCP
        targetPort: 80
      selector:
        app: nginx
      sessionAffinity: None
      type: LoadBalancer
    Note If you want to set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port to multiple port-to-vServer group mappings, separate the mappings with commas (,). Example: "${YOUR_VGROUP_ID_1}:80, ${YOUR_VGROUP_ID_2}:443".
  4. Run the following command to create a service-a Service:
    kubectl apply -f service-a.yaml
  5. Create a service-b.yaml file in Cluster B and copy the following content to the file:
    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "${YOUR_LB_ID}"                  // Replace ${YOUR_LB_ID} with the ID of the CLB instance that you created in the CLB console. 
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"  // Replace ${YOUR_VGROUP_ID} with the ID of the vServer group that you created. 
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "80"                         // Set the Service weight. This annotation is optional. 
      name: service-b      // The name of the file. 
      namespace: default
    spec:
      ports:
      - name: http
        port: 80
        protocol: TCP
        targetPort: 80
      selector:
        app: nginx
      sessionAffinity: None
      type: LoadBalancer
    Note If you want to set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port to multiple port-to-vServer group mappings, separate the mappings with commas (,). Example: "${YOUR_VGROUP_ID_1}:80, ${YOUR_VGROUP_ID_2}:443".
  6. Run the following command to create a service-b Service:
    kubectl apply -f service-b.yaml
    Verify the result

    After the configuration is completed, go to the Edit VServer Group page of the CLB instance in the CLB console. You can view the nodes of Cluster A and also nodes of Cluster B. The weight of each node is automatically configured based on the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation. Application scaling results are automatically synchronized to the vServer groups of the CLB instance.