Alibaba Cloud Provider Overview-Alibaba Cloud Developer Community

from: Alibaba Cloud container service ACK 2018-08-17 7873

introduction: introduction to Alibaba Cloud Provider CloudProvider provides the ability to connect kubernetes with cloud vendor basic services, which is implemented by the Cloud-controller-manager component. Pass this component, can let users create k8s LoadBalancer type of service when automatic for user.
+ Follow to continue viewing

Alibaba Cloud Provider Profile

CloudProvider provides the ability to connect kubernetes with cloud vendor basic services cloud-controller-manager component implementation .

This component allows you to automatically create an Alibaba Cloud SLB instance when creating a k8s LoadBalancer service, and dynamically bind and unbind the SLB backend, and provides a variety of configurations to allow users to customize the generated LoadBalancer.

See ReleaseNotes.

Basic usage cloudprovider uses the annotation on the service to control the behavior when creating a service of Type: LoadBalancer. An example of a basic annotation is as follows:

apiVersion: v1
kind: Service
metadata:
  annotations:
    # 这里填写相应的annotation, 用例
    service.beta.kubernetes.io/alicloud-loadbalancer-id: lb-bp1hfycf39bbeb019pg7m
  name: nginx
  namespace: default
spec:
  ports:
  - name: web
    port: 443
    protocol: TCP
    targetPort: 443
  type: LoadBalancer

>> note:

  • if the cloud-controller-manager version of your cluster is later than or equal to v1.9.3, the system does not process listeners for the specified SLB by default, you must manually configure the listener rules for the SLB instance.

Run the following command to view the version of cloud-controller-manager.

root@master # kubectl get po -n kube-system -o yaml|grep image:|grep cloud-con|uniq

image: registry-vpc.cn-....-controller-manager-amd64:v1.9.3
  • When your cluster cloudprovider is not the latest version, some features may not be available. For more information, see how to manually upgrade CloudProvider.

Create a LoadBalancer

prerequisites.

  • A cluster created by Alibaba Cloud container service. Reference
  • how to connect to a cluster through kubectl. Reference
  • create a common nginx application. For more information, see.

>> small

  • save the following yaml as svc.1.yaml and use kubectl apply -f svc.1.yaml to create a service.

1. Create an Internet SLB instance

apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

2. Create an intranet SLB instance

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-address-type: "intranet"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

3. Create an HTTP SLB instance

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-protocol-port: "http:80"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

4. Create an HTTPS SLB instance

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-protocol-port: "https:443"
    service.beta.kubernetes.io/alicloud-loadbalancer-cert-id: ${YOUR_CERT_ID}
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

>> note:

  • to create an https SLB instance, you must provide a certificate ID. If no certificate exists, go to the SLB console to create one.

5. Limit the bandwidth of the SLB instance.

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-bandwidth: "100"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

>> note:

  • only the bandwidth of the SLB instance is limited. All listener sharing the load balancing bandwidth. See shared instance bandwidth

6. Specify the SLB instance type

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-spec: "slb.s1.small"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

7. Bind an existing server load balancer instance to the Service

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

>> note:

  • by default, when you bind an existing SLB instance, the CloudProvider only binds and unbinds the SLB backend Server. You must specify service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: "true" to forcibly overwrite the listener. Note that this deletes unexpected listeners on your existing SLB instance.

8. Bind an existing SLB instance and forcibly overwrite the existing listener.

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
    service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: "true"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

9. Enable SLB to Mount worker nodes with specified labels as backend servers

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-backend-label: "failure-domain.beta.kubernetes.io/zone:ap-southeast-5a"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

>> small

  • separate multiple labels with commas (,). "k1:v1,k2:v2"
  • the semantics of and exists between multiple labels.

10. Configure session persistence SessionSticky for TCP SLB

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-persistence-timeout: "1800"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 443
  selector:
    run: nginx
  type: LoadBalancer

>> small

  • this parameter only applies to TCP listeners.
  • If multiple TCP listening ports are configured for the service, session persistence applies to all TCP listening ports by default.

11. Configure session persistence SessionSticky(insert cookie) for HTTP and HTTPS SLB instances

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-sticky-session: "on"
    service.beta.kubernetes.io/alicloud-loadbalancer-sticky-session-type: "insert"
    service.beta.kubernetes.io/alicloud-loadbalancer-cookie-timeout: "1800"
    service.beta.kubernetes.io/alicloud-loadbalancer-protocol-port: "http:80"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

>> small

  • only HTTP and HTTPS are supported.
  • The session persistence type is insert and Cookie is inserted.
  • If multiple HTTP or HTTPS listening ports are configured for the service, the session persistence applies to all HTTP and HTTPS listening ports by default.

12. Configure session persistence SessionSticky(server cookie) for HTTP and HTTPS SLB instances

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-sticky-session: "on"
    service.beta.kubernetes.io/alicloud-loadbalancer-sticky-session-type: "server"
    service.beta.kubernetes.io/alicloud-loadbalancer-cookie: "${YOUR_COOKIE}"
    service.beta.kubernetes.io/alicloud-loadbalancer-protocol-port: "http:80"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

>> small

  • only HTTP and HTTPS are supported.
  • The session persistence type is server and the Cookie is overwritten.
  • If multiple HTTP or HTTPS listening ports are configured for the service, the session persistence applies to all HTTP and HTTPS listening ports by default.

13. Specify the active/standby zone when creating an SLB instance

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alicloud-loadbalancer-master-zoneid: "ap-southeast-5a"
    service.beta.kubernetes.io/alicloud-loadbalancer-slave-zoneid: "ap-southeast-5a"
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

>> small

  • SLB instances in some regions do not support primary/secondary zones, such as ap-southeast-5
  • you cannot modify the primary/secondary zones.

13. Specify SLB to mount only the node where the Pod is located as the backend Server.

apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
spec:
  externalTrafficPolicy: Local
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  type: LoadBalancer

>> small

  • SLB instances in some regions do not support primary/secondary zones, such as ap-southeast-5
  • you cannot modify the primary/secondary zones.

Attachment: available Annotation parameters and their descriptions

>> small

The available annotation (annotation) description default value

developer Community> alibaba Cloud container service ACK
Selected, One-Stop Store for Enterprise Applications
Support various scenarios to meet companies' needs at different stages of development

Start Building Today with a Free Trial to 50+ Products

Learn and experience the power of Alibaba Cloud.

Sign Up Now