• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. User Guide 2.0
  4. Application Access Settings
  5. Intra-Cluster Access

Intra-Cluster Access

An application can be accessed by other applications in the same cluster using an internal domain name. The internal domain name is in the format of <User-defined access mode>.<Namespace of the application>.svc.cluster.local, for example, nginx.default.svc.cluster.local.

Figure 1 shows the mapping relationships between access channels, container ports, and an access port.

Figure 1 Intra-cluster access

Methods for Setting the Access Mode

You can set the access mode using either of the following two methods:

Creating an Application on the CCE Console

  1. Create an application. For details, see Creating a Stateless Application or Creating a Stateful Application. In the Set Application Access step, click Add Access Mode, and set the parameters as follows:

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Access Mode: Select Intra-cluster access.
    • Protocol: Select a protocol used by the service.
    • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
    • Access Port: Specify a port to map a container port to the cluster's virtual IP address. The port range is 1–65535. The port will be used when the application is accessed using the cluster's virtual IP address.

  2. Click OK, and then click Next. On the Configure Advanced Settings page that is displayed, click Create Now.
  3. Click View Application Details. On the Access Mode tab page, obtain the access address, for example, 10.247.74.100:2.
  4. Log in to any node in the cluster where the application is located. For details, see Logging In to a Linux ECS.
  5. Run the curl command to check whether the application can be accessed normally. You can perform the verification by using the IP address or domain name.

    • IP address

      curl 10.247.74.100:2

      10.247.74.100:2 is the access address obtained in 3.

      If the following information is displayed, the application is accessible.

      <html>
      <head>
      <title>Welcome to nginx!</title>
      <style>
          body {
              width: 35em;
              margin: 0 auto;
              font-family: Tahoma, Verdana, Arial, sans-serif;
          }
      </style>
      </head>
      <body>
      <h1>Welcome to nginx!</h1>
      <p>If you see this page, the nginx web server is successfully installed and
      working. Further configuration is required.</p>
      
      <p>For online documentation and support please refer to
      <a href="http://nginx.org/">nginx.org</a>.<br/>
      Commercial support is available at
      <a href="http://nginx.com/">nginx.com</a>.</p>
      
      <p><em>Thank you for using nginx.</em></p>
      </body>
      </html>
    • Domain name

      curl nginx.default.svc.cluster.local:2

      nginx.default.svc.cluster.local is the domain name access address obtained in 3.

      If the following information is displayed, the application is accessible.

      <html>
      <head>
      <title>Welcome to nginx!</title>
      <style>
          body {
              width: 35em;
              margin: 0 auto;
              font-family: Tahoma, Verdana, Arial, sans-serif;
          }
      </style>
      </head>
      <body>
      <h1>Welcome to nginx!</h1>
      <p>If you see this page, the nginx web server is successfully installed and
      working. Further configuration is required.</p>
      
      <p>For online documentation and support please refer to
      <a href="http://nginx.org/">nginx.org</a>.<br/>
      Commercial support is available at
      <a href="http://nginx.com/">nginx.com</a>.</p>
      
      <p><em>Thank you for using nginx.</em></p>
      </body>
      </html>

Setting the Access Mode After Creating an Application

  1. Log in to the CCE console. In the navigation pane, choose Resource Management > Network. On the Services tab page, click Create Service. Select Intra-cluster access.
  2. Set the parameters for intra-cluster access.

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Cluster Name: Specify a cluster for the service.
    • Namespace: Specify a namespace for the service.
    • Application: Select an application for which you want to add the service.
    • Port Configuration:
      • Protocol: Select a protocol used by the service.
      • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
      • Access Port: Specify a port to map a container port to the cluster virtual IP address. The port range is 1–65535. The port will be used when the application is accessed using the cluster's virtual IP address.

  3. Click Create Now. The intra-cluster access service has been added to the application, which can be verified by performing 4-5.

Implementing Intra-Cluster Access Using kubectl

This section uses an Nginx application as an example to describe how to implement intra-cluster access using kubectl.

Prerequisites

You have configured the kubectl command and connected an ECS server to the cluster. For details, see Connecting to a Kubernetes Cluster Using kubectl.

Procedure

  1. Log in to the ECS server on which the kubectl commands have been configured. For details, see Logging In to a Linux ECS.
  2. Create and edit the nginx-deployment.yaml and nginx-clusterip-svc.yaml files.

    You can change the file names as required.

    vi nginx-deployment.yaml
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      strategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - image: nginx 
            imagePullPolicy: Always
            name: nginx
          imagePullSecrets:
          - name: default-secret
    vi nginx-ClusterIp-svc.yaml
    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app: nginx
      name: nginx-clusterip
    spec:
      ports:
      - name: service0
        port: 80             # Access port set on the CCE console.
        protocol: TCP
        targetPort: 80       # Container port set on the CCE console.
      selector:
        app: nginx
      type: ClusterIP        # Access type set on the CCE console. ClusterIP refers to the cluster virtual IP address.

  3. Create an application.

    kubectl create -f nginx-deployment.yaml

    If the following information is displayed, the application is being created.

    deployment "nginx" created

    kubectl get po

    If the following information is displayed, the application is running.

    NAME                     READY     STATUS             RESTARTS   AGE
    etcd-0                   0/1       ImagePullBackOff   0          27m
    icagent-m9dkt            0/0       Running            0          3d
    nginx-2601814895-znhbr   1/1       Running            0          15s

  4. Create a service.

    kubectl create -f nginx-ClusterIp-svc.yaml

    If the following information is displayed, the service is being created.

    service "nginx-clusterip" created

    kubectl get svc

    If the following information is displayed, the service has been created, and a cluster IP address has been generated.

    NAME              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
    etcd-svc          ClusterIP   None             <none>        3120/TCP   30m
    kubernetes        ClusterIP   10.247.0.1       <none>        443/TCP    3d
    nginx-clusterip   ClusterIP   10.247.200.134   <none>        80/TCP     20s

  5. Log in to any node in the cluster where the application is located. For details, see Logging In to a Linux ECS.
  6. Run the curl command to check whether the application can be accessed normally. You can perform the verification by using the IP address or domain name.

    • IP address

      curl 10.247.200.134:80

      If the following information is displayed, the application is accessible.

      <html>
      <head>
      <title>Welcome to nginx!</title>
      <style>
          body {
              width: 35em;
              margin: 0 auto;
              font-family: Tahoma, Verdana, Arial, sans-serif;
          }
      </style>
      </head>
      <body>
      <h1>Welcome to nginx!</h1>
      <p>If you see this page, the nginx web server is successfully installed and
      working. Further configuration is required.</p>
      
      <p>For online documentation and support please refer to
      <a href="http://nginx.org/">nginx.org</a>.<br/>
      Commercial support is available at
      <a href="http://nginx.com/">nginx.com</a>.</p>
      
      <p><em>Thank you for using nginx.</em></p>
      </body>
      </html>
    • Domain name

      curl nginx-clusterip.default.svc.cluster.local:80

      If the following information is displayed, the application is accessible.

      <html>
      <head>
      <title>Welcome to nginx!</title>
      <style>
          body {
              width: 35em;
              margin: 0 auto;
              font-family: Tahoma, Verdana, Arial, sans-serif;
          }
      </style>
      </head>
      <body>
      <h1>Welcome to nginx!</h1>
      <p>If you see this page, the nginx web server is successfully installed and
      working. Further configuration is required.</p>
      
      <p>For online documentation and support please refer to
      <a href="http://nginx.org/">nginx.org</a>.<br/>
      Commercial support is available at
      <a href="http://nginx.com/">nginx.com</a>.</p>
      
      <p><em>Thank you for using nginx.</em></p>
      </body>
      </html>