When you configure a Type=LoadBalancer Service, the cloud controller manager (CCM) of Alibaba Cloud Container Compute Service (ACS) automatically creates or configures a Server Load Balancer (SLB) instance for the Service, including its listeners and vServer groups. Understanding how the CCM manages SLB resources—and the associated constraints—helps you configure LoadBalancer Services correctly and avoid unexpected behavior.
Prerequisites
Before you configure a Type=LoadBalancer Service, ensure that you have:
-
An ACS cluster with the CCM running
-
An SLB instance created in the SLB console, if you plan to reuse an existing instance (you cannot reuse an instance created by the CCM)
-
For an internal-facing SLB instance: the SLB instance and the ACS cluster deployed in the same virtual private cloud (VPC)
How the CCM manages SLB resources
The CCM supports two approaches: reusing an existing SLB instance you specify, or letting the CCM create and manage one automatically. The two approaches use different update policies.
Existing SLB instance (user-specified)
Specify an existing SLB instance using the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id.
-
The CCM uses the specified instance for load balancing and automatically creates vServer groups for it. Use other annotations to configure the instance further.
-
If the Service is deleted, the CCM does not delete the specified SLB instance.
Listener management: Control listener behavior with the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners:.
-
Set to
false: the CCM does not configure or manage listeners for the instance. -
Set to
true: the CCM configures and manages listeners based on the Service configuration, replacing any existing listeners.
When force-override-listeners is set to true, any manual changes you make to listeners in the SLB console may be overwritten by the CCM.
CCM-created SLB instance
If you do not specify an existing SLB instance, the CCM automatically creates, configures, and manages the SLB instance, its listeners, and vServer groups based on the Service configuration.
-
If the Service is deleted, the CCM deletes the SLB instance it created.
Do not modify a CCM-created SLB instance in the SLB console. The CCM uses a declarative API to reconcile the SLB configuration with the Service configuration, and any console changes may be overwritten, making the Service unavailable.
Backend server groups
When Service endpoints or cluster nodes change, the CCM automatically updates the vServer groups of the SLB instance. In ACS clusters, the CCM can mount only pod IP addresses as backend servers.
Limitations
-
The CCM configures SLB instances only for
LoadBalancerServices. If you change a Service fromType=LoadBalancerto any other type, the CCM deletes the associated SLB configuration and the Service becomes inaccessible.
Quotas
VPC quotas
Each route table in a VPC can contain up to 200 route entries by default, and each cluster node maps to one route entry. If your cluster exceeds 200 nodes, apply for a quota increase through the log on to the Quota Center console and submit an application.
For a full list of VPC limits, see Limits and quotas. To check your current VPC quotas, go to the VPC Quota Management page.
SLB quotas
| Resource | Default quota | How to increase |
|---|---|---|
| SLB instances per Alibaba Cloud account | 60 | Apply via log on to the Quota Center console and submit an application |
| Listeners per SLB instance | 50 | Apply via log on to the Quota Center console and submit an application |
For a full list of SLB limits, see Limits. To check your current SLB quotas, go to the SLB Quota Management page.