• Cloud Container Engine

  1. Help Center
  2. Cloud Container Engine
  3. API Reference
  4. Appendix
  5. Using ELB with a Cluster

Using ELB with a Cluster

This section describes how to use ELB with a cluster created on the CCE console.


  1. Download your AK/SK certificate file.

    1. Log in to the management console, click the account name at the upper right corner, and choose My Credential.
    2. Choose Access Keys > Add Access Key. In the Add Access Key dialog box, type the email or mobile phone verification code and click OK.
    3. Click OK to confirm that you want to proceed with the download.

      The AK/SK file is named credentials.csv.

    Example AK/SK file:
    User Name,Access Key Id,Secret Access Key
    • User Name is "username".
    • Access Key Id is ******.
    • Secret Access Key is ******.

  2. Run the following commands to encode Access Key Id and Secret Access Key using base64:

    echo -n Access Key Id content to be encoded. | base64
    echo -n Secret Access Key Content to be encoded | base64

    base64 is an encoding tool. Before you use this tool, ensure that the system has this tool installed.

  3. Create a secret using the API described in Creating a Secret.

    For details about API parameter description, see Table 2.

    If ELB is used in different namespaces, each namespace must have a secret to hold sensitive information of the corresponding ELB.

    Sample request message:

        "apiVersion": "v1",
        "data": {
            "access.key": "<base-64-encoded-ak>",
            "secret.key": "<base-64-encoded-sk>"
        "kind": "Secret",
        "metadata": {
            "name": "paas.elb"
        "type": "Opaque"


    • <base-64-encoded-ak> is replaced by the encoded Access Key Id.
    • <base-64-encoded-sk> is replaced by the encoded Secret Access Key.

  4. Create a service using the API described in Creating a Service.

    For details about API parameter description, see Table 2.

    Sample request message:

        "apiVersion": "v1",
        "kind": "Service",
        "metadata": {
            "name": "test-service"
        "spec": {
            "loadBalancerIP": "",
            "ports": [
                    "name": "elbtest",
                    "port": 80,
                    "protocol": "TCP",
                    "targetPort": 80
            "selector": {
                "name": "elbtest"
            "type": "LoadBalancer"
    • loadBalancerIP is the IP address assigned at the time of creating ELB on the ELB console.

      If listener quota of the selected ELB is insufficient, create a new ELB and set loadBalancerIP to the IP address assigned to the newly created ELB.

    • protocol must be set to TCP.
    • targetPort must be different from the listening port.
    • type must be set to LoadBalancer.