• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. User Guide 2.0
  4. Application Access Settings
  5. Intra-VPC Access

Intra-VPC Access

An application is accessible to other applications in the same VPC by using the IP address of a cluster node or the ELB service IP address of a private network.

Typical scenario: Applications in a kubernetes cluster are accessed by other applications in the same VPC.

The following two intra-VPC access modes are available:

  • Using the IP address of a cluster node, as shown in Figure 1.
  • Using the ELB service IP address of a private network, as shown in Figure 2. This mode provides higher reliabilities than the preceding access mode.
Figure 1 Intra-VPC access (by using the IP address of a cluster node)
Figure 2 Intra-VPC access (by using the ELB service IP address of a private network)

Methods for Setting the Access Mode

You can set the access mode using either of the following two methods:

Creating an Application on the CCE Console

The following procedure uses an Nginx application as an example.

  1. Create an application. For details, see Creating a Stateless Application or Creating a Stateful Application. In the Set Application Access step, click Add Access Mode, and set the parameters as follows:

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Access Mode: Select Intra-VPC access.
      • Node IP address: The node IP address is used to access nodes in the cluster.
      • Intra-VPC load balancer: Nodes in the cluster can be accessed using elastic load balancers.
        • For Classic load balancer, if no load balancers are available, click Create a classic load balancer to create one. Make sure that the load balancer you select or create is in the same VPC as the cluster and is in a private network.
        • For Enhanced load balancer, you can select an existing load balancer or let the system automatically create one.

        Currently, only clusters of v1.11.3 support automatic creation of enhanced load balancers.

    • Protocol: Select a protocol used by the service.
    • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
    • Access Port:
      • Access a node in a cluster using the IP address of the node: Specify a port to map a container port to the node's private IP address. The port range is 30000–32767. The port will be used when the application is accessed using the node's private IP address. You are advised to select Automatically generated.
        • Automatically generated: The system automatically assigns a port number.
        • Specified port: Specify a fixed node port. The port range is 30000–32767. Ensure that the port is unique in the same cluster.
      • Access a node in a cluster using the private IP address of the elastic load balancer: Specify a port to map a container port to the load balancer's port. The port range is 1–65535. When the private network load balancing IP address is used to access the application. The port will be used when the application is accessed using the private IP address of the elastic load balancer.

  2. Click OK, and then click Next. On the Configure Advanced Settings page that is displayed, click Create Now.
  3. Click View Application Details. On the Access Mode tab page, obtain the access address, for example: 192.168.0.160:30358.
  4. On the homepage of the management console, choose Computing > Elastic Cloud Server.
  5. Find any ECS server in the same VPC, and confirm that the security group is open to the IP address and port to be connected.

    Figure 3 Confirming that the security group is open

  6. Click Remote Login. On the login page that is displayed, enter the username and password.
  7. Run the curl command to check whether the application can be accessed normally.

    NOTE:

    If a node is accessed by using a private IP address, a cluster virtual IP address is also allocated. Therefore, you can verify whether the application is accessible using the cluster virtual IP address. By default, the cluster virtual IP address access port is the same as the container port. In this example, the access port is port 80.

    curl 192.168.0.160:30358

    192.168.0.160:30358 is the access address obtained in 3.

    If the following information is displayed, the application is accessible.

    <html>
    <head>
    <title>Welcome to nginx!</title>
    <style>
        body {
            width: 35em;
            margin: 0 auto;
            font-family: Tahoma, Verdana, Arial, sans-serif;
        }
    </style>
    </head>
    <body>
    <h1>Welcome to nginx!</h1>
    <p>If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.</p>
    
    <p>For online documentation and support please refer to
    <a href="http://nginx.org/">nginx.org</a>.<br/>
    Commercial support is available at
    <a href="http://nginx.com/">nginx.com</a>.</p>
    
    <p><em>Thank you for using nginx.</em></p>
    </body>
    </html>

Setting the Access Mode After Creating an Application

  1. Log in to the CCE console. In the navigation pane, choose Resource Management > Network. On the Services tab page, click Create Service. Select Intra-VPC access.
  2. Set the parameters for intra-VPC access.

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Cluster Name: Specify a cluster for the service.
    • Namespace: Specify a namespace for the service.
    • Application: Select an application for which you want to add the service.
    • Access Type:
      • Node IP address: The node IP address is used to access the application.
      • Intra-VPC load balancer: Nodes in the cluster can be accessed using elastic load balancers.
        • For Classic load balancer, if no load balancers are available, click Create a classic load balancer to create one. Make sure that the load balancer you select or create is in the same VPC as the cluster and is in a private network.
        • For Enhanced load balancer, you can select an existing load balancer or let the system automatically create one.
          NOTE:

          Currently, only clusters of v1.11.3 support automatic creation of enhanced load balancers.

    • Port Configuration:
      • Protocol: Select a protocol to be used by the service.
      • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
      • Access Port:
        • If Access Type is set to Node IP address, the container IP address and port will be mapped to the node's private IP address and the access port you set. The access port will be used when the application is accessed using the node's private IP address. The port range is 30000–32767. You are advised to select Automatically generated.
          • Automatically generated: The system automatically assigns a port number.
          • Specified port: Specify a fixed node port. The port range is 30000–32767. Ensure that the port is unique in its cluster.
        • If Access Type is set to Intra-VPC load balancer, the container IP address and port will be mapped to the elastic load balancer's private IP address and the access port you set. The port will be used when the application is accessed using the elastic load balancer's private IP address. The port range is 1-65535.

  3. Click Create Now. The intra-VPC access service has been added to the application, which can be verified by performing 4-7.

Implementing Intra-VPC Access Using kubectl

This section uses an Nginx application as an example to describe how to implement intra-VPC access using kubectl.

Prerequisites

You have configured the kubectl command and connected an ECS server to the cluster. For details, see Connecting to a Kubernetes Cluster Using kubectl.

Procedure

  1. Log in to the ECS server on which the kubectl commands have been configured. For details, see Logging In to a Linux ECS.
  2. Create and edit the nginx-deployment.yaml and nginx-nodeport-svc.yaml files.

    You can change the file names as required.

    vi nginx-deployment.yaml

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      strategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - image: nginx 
            imagePullPolicy: Always
            name: nginx
          imagePullSecrets:
          - name: default-secret

    vi nginx-nodeport-svc.yaml

    apiVersion: v1
    kind: Service
    metadata:
      labels:
        app: nginx
      name: nginx-nodeport
    spec:
      ports:
      - name: service
    #   nodePort: 30000      # Access port set on the CCE console. If this parameter is not specified, the system automatically allocates an access port.
         port: 80             # Cluster virtual IP address access port.
         protocol: TCP 
         targetPort: 80       # Container port set on the CCE console.
       selector: 
         app: nginx 
       type: NodePort        # Access type set on the CCE console. NodePort refers to the node's private IP address.

  3. Create an application.

    kubectl create -f nginx-deployment.yaml

    If the following information is displayed, the application is being created.

    deployment "nginx" created

    kubectl get po

    If the following information is displayed, the application is running.

    NAME                     READY     STATUS             RESTARTS   AGE
    etcd-0                   0/1       ImagePullBackOff   0          48m
    icagent-m9dkt            0/0       Running            0          3d
    nginx-2601814895-qhxqv   1/1       Running            0          9s

  4. Create a service.

    kubectl create -f nginx-nodeport-svc.yaml

    If the following information is displayed, the service is being created.

    service "nginx-nodeport" created

    kubectl get svc

    If the following information is displayed, the service has been created.

    NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
    etcd-svc         ClusterIP   None           <none>        3120/TCP       49m
    kubernetes       ClusterIP   10.247.0.1     <none>        443/TCP        3d
    nginx-nodeport   NodePort    10.247.4.225   <none>        80:30000/TCP   7s

  5. Run the curl command to check whether the application can be accessed normally.

    curl 192.168.2.240:30000

    192.168.2.240 is the IP address of any node in the cluster, and 30000 is the port number of the node.

    If the following information is displayed, the application is accessible.

    <html>
    <head>
    <title>Welcome to nginx!</title>
    <style>
        body {
            width: 35em;
            margin: 0 auto;
            font-family: Tahoma, Verdana, Arial, sans-serif;
        }
    </style>
    </head>
    <body>
    <h1>Welcome to nginx!</h1>
    <p>If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.</p>
    
    <p>For online documentation and support please refer to
    <a href="http://nginx.org/">nginx.org</a>.<br/>
    Commercial support is available at
    <a href="http://nginx.com/">nginx.com</a>.</p>
    
    <p><em>Thank you for using nginx.</em></p>
    </body>
    </html>