All Products
Document Center

:Use an SLB instance in a Kubernetes cluster

Last Updated:May 10, 2021


This document describes the number of Server Load Balancer (SLB) instances that are created by default in a Container Service for Kubernetes (ACK) cluster. This document also describes the purposes of the default SLB instances.


Number of SLB instances that are created by default

If you select Install Ingress Controllers in the Component Configurations step when you create a Kubernetes cluster, two SLB instances are created.

Purposes of the default SLB instances

The following content describes the purposes of the two SLB instances:

  • One SLB instance listens on port 6443 over Transmission Control Protocol (TCP) and listens to the master nodes of the cluster. The API server of the cluster must be accessed by using this SLB instance. To access the cluster, communication with the SLB instance is required. We recommend that you do not configure an access control list (ACL). For more information about how to configure the ACL, see the Troubleshooting a faulty Kubernetes cluster.
    Note: If you create a dedicated Kubernetes cluster, the SLB instance listens to master nodes. If you create a managed Kubernetes cluster, the SLB instance listens to the IP addresses assigned by Elastic Network Interfaces (ENIs) because the managed Kubernetes cluster does not have master nodes.
  • The other SLB instance listens on ports 80 and 443 over TCP. The backend port is a port other than port 30000. By default, the Elastic Compute Service (ECS) instance where the kube-system/nginx-ingress-controller pod resides is added to the VServer group of this SLB instance. This SLB instance serves the built-in load balancing component kube-system/nginx-ingress-lb of Kubernetes. The kube-system/cloud-controller-manager component manages and automatically configures the SLB instance. The following configuration policies are used:
    1. The frontend port is the port of a Service, whereas the backend port is the node port of the Service.
    2. The externalTrafficPolicy parameter of the Service determines the backend servers.
      • If the externalTrafficPolicy parameter is set to Cluster, all worker nodes are used as backend servers.
      • If the externalTrafficPolicy parameter is set to Local, the ECS instance where the pod associated with the Service resides is used as a backend server.
        • This SLB instance does not use master nodes as backend servers.
        • If the version of the Cloud Controller Manager (CCM) component is earlier than v1.9.3.164-g2105d2e-aliyun, this SLB instance removes the nodes that are removed from the cluster or set to the unschedulable state from the backend servers by default.

Applicable scope

  • Dedicated Kubernetes clusters in ACK
  • Managed Kubernetes clusters in ACK