Bind CLB instances to applications in ACK clusters - Enterprise Distributed Application Service

When applications deployed in Kubernetes clusters need to accept traffic from the Internet or a private network, you must attach a load balancer. Enterprise Distributed Application Service (EDAS) lets you bind Internet-facing or internal-facing Classic Load Balancer (CLB) instances to applications and manages the listener configuration and CLB resources on your behalf.

Important

All listener and certificate changes must be made in the EDAS console. Changes made through the Server Load Balancer (SLB) console may cause configuration failures and make the application inaccessible.

CLB binding behavior differs by cluster type:

Cluster type	CLB behavior
Self-managed Kubernetes cluster	Each application requires a dedicated new CLB instance
Container Service for Kubernetes (ACK) cluster	Each application can use a dedicated new CLB instance or share an existing CLB instance with other applications

Prerequisites

Before you begin, make sure that you have:

An application deployed in an ACK cluster or a self-managed Kubernetes cluster in EDAS
Permissions to manage SLB resources in the EDAS console

Bind an Internet-facing CLB instance

Log on to the EDAS console. In the left-side navigation pane, choose Application Management > Applications. In the top navigation bar, select a region. In the upper part of the page, select a microservice namespace. Select Kubernetes Cluster from the Cluster Type drop-down list, then click the name of the target application.
On the Application Overview page, in the Access configuration section, click the + icon next to SLB (Public Network).
Note
If a CLB instance is already bound, its IP address and port number are displayed. Click the edit icon to modify the configuration, or click the delete icon to unbind the CLB instance.

In the Load balancing (public network) dialog box, configure the following parameters and click OK. Listener configuration Add one or more listeners by protocol type. Click Add Listener to add more.

Note

When you select Create SLB, a pricing summary appears below External Traffic Policy, showing resource check results, available specifications, quantity, billing method, and validity period for subscription instances. Click View Price for pricing details.

Parameter	Description
Select SLB	Select Create SLB to purchase a new CLB instance, or select an existing CLB instance from the drop-down list.
Scheduling Algorithm	Load balancing algorithm. Valid values: RR (Round Robin) and WRR (Weighted Round Robin).
External Traffic Policy	Controls how traffic is routed to pods. Valid values: Local and Cluster. For details, see External traffic policy: Local vs. Cluster.
Existing listening information of the SLB instance	Displayed only when you select an existing CLB instance. Shows the existing network protocol, port number, and container port number.

Protocol	Parameters
TCP or HTTP	SLB Port (Application): Frontend port (1--65535) used to access the application. Container Port (Target Port): Port the application listens on, such as `8080` for web applications.
UDP	SLB Port (Application): Frontend port (1--65535) used to access the application. Container Port (Target Port): Port the application listens on.
HTTPS	HTTPS Port (Application): Frontend port (1--65535) used to access the application. SSL Certificate: Select an uploaded certificate from the drop-down list. Container Port (Target Port): Port the application listens on, such as `8080` for web applications.

(Optional) If traffic exceeds the capacity of a single CLB instance, repeat steps 2--3 to bind additional instances and distribute the load.
Note
CLB capacity is measured by maximum connections, new connections per second, and queries per second (QPS).

Bind an internal-facing CLB instance

The procedure for binding an internal-facing CLB instance is the same as for an Internet-facing instance, with the following differences:

In step 2, click the + icon next to SLB (Private Network) instead of SLB (Public Network).
The dialog box title is SLB (Private Network).
Internal-facing CLB instances support TCP, HTTP, and HTTPS listeners. UDP is not available.

For the full procedure, see Bind an Internet-facing CLB instance and apply the differences above.

External traffic policy: Local vs. Cluster

The external traffic policy controls how the CLB instance routes traffic to pods in the cluster.

Policy	Behavior	Source IP preservation	Recommended algorithm
Local	Routes traffic only to pods on nodes where the Service pods run. Only those nodes are added as backend servers.	Preserves Layer-4 source IP addresses	WRR -- Container Controller Manager (CCM) adjusts node weight based on pod count for better load distribution.
Cluster	Routes traffic to pods on any node in the cluster. All nodes are added as backend servers. Requests can reach a pod even if no pod runs on the accessed node.	Does not preserve Layer-4 source IP addresses	--

Verify the binding

After the binding completes, verify that traffic reaches the application:

On the Application Overview page, check the Access configuration section. The CLB IP address and port number appear next to SLB (Public Network) or SLB (Private Network).
Open a browser and navigate to <CLB-IP>:<CLB-port> (for example, 115.xx.xx.xx:80). The application homepage should load.

If the binding fails:

The IP address and port do not appear in the Access configuration section.
Go to the Change Records page to view change details and troubleshoot based on the recorded errors.

Limitations

Important

Violating these limitations may cause configuration failures and make the application inaccessible.

Do not use the ACK console, kubectl, or third-party tools to delete or modify Service resources created by EDAS (label: edas-domain:edas-admin).
Do not use the SLB console to delete or modify CLB instances purchased by EDAS.
Do not use the SLB console to delete or modify listeners on CLB instances used by EDAS.
Do not use kubectl or the ACK console to modify external traffic policies for Services.