• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. User Guide 2.0
  4. Application Access Settings
  5. External Access - Elastic IP Address

External Access - Elastic IP Address

An application is accessible to public networks using an EIP. This access mode is applicable to services that need to be exposed to public networks. To enable access to an application from the Internet, an EIP must be bound to a node in the cluster, and a mapping port number must be set. The port number must be in the 30000–32767 range. For example, the access address could be 10.117.117.117:30000.

Figure 1 Elastic IP Address

Methods for Setting the Access Mode

You can set the access mode using either of the following two methods:

Creating an Application on the CCE Console

The following procedure uses an Nginx application as an example.

  1. Create an application. For details, see Creating a Stateless Application or Creating a Stateful Application. In the Set Application Access step, click Add Access Mode, and set the parameters as follows:

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Access Mode: Select External access.
    • Access Type: Select EIP. Ensure that at least one node in the cluster has been bound to an EIP.
    • Protocol: Select a protocol used by the service.
    • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
    • Access Port: Specify a port to map a container port to an EIP. The port range is 30000–32767. The port will be used when the application is accessed using the EIP. You are advised to select Automatically generated.
      • Automatically generated: The system automatically assigns a port number.
      • Specified port: Specify a fixed node port. The port range is 30000–32767. Ensure that the port is unique in the same cluster.

  2. Click OK. Click Next. On the Configure Advanced Settings page that is displayed, click Create Now.
  3. Click View Application Details. On the Access Mode tab page, obtain the access address, for example: 10.78.27.59:30911.
  4. Click the access address to go to the login page.

    Figure 2 Accessing the Nginx application

Setting the Access Mode After Creating an Application

  1. Log in to the CCE console. In the navigation pane, choose Resource Management > Network. On the Services tab page, click Create Service. Select External access.
  2. Set the parameters for external access.

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Cluster Name: Specify a cluster for the service.
    • Namespace: Specify a namespace for the service.
    • Application: Select an application for which you want to add the service.
    • Access Type: Select EIP.
    • Port Configuration:
      • Protocol: Select a protocol used by the service.
      • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
      • Access Port: Specify a port to map a container port to the node's private IP address. The port range is 30000–32767. The port will be used when the application is accessed using the node's private IP address. You are advised to select Automatically Generated.
        • Automatically Generated: The system automatically assigns a port number.
        • Specified Port: Specify a fixed node port. The port range is 30000–32767. Ensure that the port is unique in its cluster.

  3. Click Create Now. The public external access - elastic IP address service has been added to the application.

Implementing Public Network Access (EIP) Using kubectl

This section uses an Nginx application as an example to describe how to implement public network access using kubectl.

Prerequisites

You have configured the kubectl command and connected an ECS server to the cluster. For details, see Connecting to a Kubernetes Cluster Using kubectl.

Procedure

  1. Log in to the ECS server on which the kubectl commands have been configured. For details, see Logging In to a Linux ECS.
  2. Create and edit the nginx-deployment.yaml file and the nginx-eip-svc.yaml file. The file names are used as examples, and you can change them as required.

    vi nginx-deployment.yaml

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      strategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - image: nginx 
            imagePullPolicy: Always
            name: nginx
          imagePullSecrets:
          - name: default-secret

    vi nginx-eip-svc.yaml

    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        service.protal.kubernetes.io/access-ip: 10.78.44.60  # EIP. At least one node in the cluster has been bound to this EIP. 
        service.protal.kubernetes.io/type: EIP                # Set the external access type to Elastic IP Address.
      labels:
        app: nginx
      name: nginx-eip
    spec:
      ports:
      - name: service0
        nodePort: 30000      # Access port set on the CCE console. If this parameter is not specified, the system automatically allocates an access port.
        port: 80             # Cluster virtual IP address access port.
        protocol: TCP
        targetPort: 80       # Container port set on the CCE console.
      selector:
        app: nginx
      type: NodePort         # The EIP must be based on an NodePort service.

  3. Create an application.

    kubectl create -f nginx-deployment.yaml

    If the following information is displayed, the application is being created.

    deployment "nginx" created

    kubectl get po

    If the following information is displayed, the application is running.

    NAME                     READY     STATUS             RESTARTS   AGE
    etcd-0                   0/1       ImagePullBackOff   0          59m
    icagent-m9dkt            0/0       Running            0          3d
    nginx-2601814895-sf71t  1/1       Running            0          8s

  4. Create a service.

    kubectl create -f nginx-eip-svc.yaml

    If the following information is displayed, the service has been created.

    service "nginx-eip" created

    kubectl get svc

    If the following information is displayed, the service access mode has been set successfully.

    NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
    etcd-svc     ClusterIP   None             <none>        3120/TCP       59m
    kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP        3d
    nginx-eip    NodePort    10.247.120.135   <none>        80:30000/TCP   7s

  5. In the address bar of your browser, enter 10.78.44.60:30000 and press Enter.

    10.78.44.60 is the EIP, and 30000 is the node port number obtained in the previous step.

    Figure 3 Accessing the Nginx application