• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. User Guide 2.0
  4. Application Access Settings
  5. External Access - Elastic Load Balancer

External Access - Elastic Load Balancer

This access mode is accessible to public networks using an ELB address. This access mode provides higher reliability than EIP-based access and is applicable to services that need to be exposed to public networks. The access address consists of the ELB service address of the public network, followed by the access port number, for example, 10.117.117.117:80.

Figure 1 Elastic Load Balancer

Methods for Setting the Access Mode

You can set the access mode using either of the following two methods:

Creating an Application on the CCE Console

The following procedure uses an Nginx application as an example.

  1. Create an application. For details, see Creating a Stateless Application or Creating a Stateful Application. In the Set Application Access step, click Add Access Mode, and set the parameters as follows:

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Access Mode: Select External access.
    • Access Type: Select ELB.
      • For Classic load balancer, if no load balancers are available, click Create a classic load balancer to create one. Make sure that the load balancer you select or create is in the same VPC as the cluster and is in a public network.
      • For Enhanced load balancer, you can select an existing load balancer or let the system automatically create one.
      NOTE:

      Currently, only clusters of v1.11.3 support automatic creation of enhanced load balancers.

    • Health Check: When Classic load balancer is selected, you can manually configure the health check port.
      • By default, this function is disabled and the service port is used for health check.
      • If the health check port is different from the service port, enable this function and manually configure the health check port.
        • Health Check Agreement: Select a value based on the health check protocol. If the protocol type is UDP, ensure that the security group rule is correctly configured. For details, see How Do I Enable ICMP Security Group Rules?
        • Health Check Container port: Listening port of the actual container health check.
        • Health Check Access port: The value of the input port must be different from that of the port mapping.
    • Protocol: Select a protocol used by the service.
    • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
    • Access Port: Specify a port to map a container port to the IP address of an ELB service. The port range is 1–65535. The port will be used when the application is accessed using the IP address of an ELB service.

  2. Click OK. Click Next. On the Configure Advanced Settings page that is displayed, click Create Now.
  3. Click View Application Details. On the Access Mode tab page, obtain the access address, for example: 10.4.10.230:2.
  4. Click the access address to go to the login page.

Setting the Access Mode After Creating an Application

  1. Log in to the CCE console. In the navigation pane, choose Resource Management > Network. On the Services tab page, click Create Service. Select External access.
  2. Set the parameters for external access.

    • Service Name: Specify a service name. You can use the application name as the service name.
    • Cluster Name: Specify a cluster for the service.
    • Namespace: Specify a namespace for the service.
    • Application: Select an application for which you want to add the service.
    • Access Type: Select ELB.
      • For Classic load balancer, if no load balancers are available, click Create a classic load balancer to create one. Make sure that the load balancer you select or create is in the same VPC as the cluster and is in a public network.
      • For Enhanced load balancer, you can select an existing load balancer or let the system automatically create one.
      NOTE:

      Currently, only clusters of v1.11.3 support automatic creation of enhanced load balancers.

    • Health Check: When Classic load balancer is selected, you can manually configure the health check port.
      • By default, this function is disabled and the service port is used for health check.
      • If the health check port is different from the service port, enable this function and manually configure the health check port.
        • Health Check Agreement: Select a value based on the health check protocol. If the protocol type is UDP, ensure that the security group rule is correctly configured. For details, see How Do I Enable ICMP Security Group Rules?
        • Health Check Container port: Listening port of the actual container health check.
        • Health Check Access port: The value of the input port must be different from that of the port mapping.
    • Port Configuration:
      • Protocol: Select a protocol used by the service.
      • Container Port: Specify a port on which the application listens. The Nginx application listens on port 80.
      • Access Port: Specify a port to map a container port to the IP address of a load balancer. The port range is 1–65535. The port will be used when the application is accessed using the IP address of a load balancer.

  3. Click Create Now. The public external access - elastic IP address service has been added to the application.

Implementing Public Network Access (ELB) Using kubectl

This section uses an Nginx application as an example to describe how to implement public network access using kubectl.

Prerequisites

You have configured the kubectl command and connected an ECS server to the cluster. For details, see Connecting to a Kubernetes Cluster Using kubectl.

Procedure

  1. Log in to the ECS server on which the kubectl commands have been configured. For details, see Logging In to a Linux ECS.
  2. Create and edit the nginx-deployment.yaml file and the nginx-elb-svc.yaml file. The file names are used as examples, and you can change them as required.

    vi nginx-deployment.yaml

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      strategy:
        type: RollingUpdate
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - image: nginx 
            imagePullPolicy: Always
            name: nginx
          imagePullSecrets:
          - name: default-secret

    vi nginx-elb-svc.yaml

    NOTE:

    A load balancer can be automatically created when you create a service using YAML.

    • If a load balancer is available when you create a headless service, refer to the following example to edit the YAML file:
      apiVersion: v1
      kind: Service
      metadata:
        annotations:  
          kubernetes.io/elb.class: union                 
          kubernetes.io/elb.id: a172d66c-e42f-4276-aa23-9258113478f6  
          labels:
          app: nginx
        name: nginx
      spec:
        loadBalancerIP: 10.78.42.242   # IP address of the an ELB service in a public network.
        ports:
        - name: service0
          nodePort: 31540      # Access port set on the CCE console. If this parameter is not specified, the system automatically allocates an access port.
          port: 80             # Cluster virtual IP address access port, which has been registered with an ELB service.
          protocol: TCP
          targetPort: 80       # Container port set on the CCE console.
        selector:
          app: nginx
        type: LoadBalancer     # The EIP must be based on an NodePort service.
    • If a load balancer needs to be automatically created when you create a headless service, refer to the following example to edit the YAML file:
      apiVersion: v1 
      kind: Service 
      metadata: 
        name: nginx 
        labels: 
          app: nginx 
        annotations: 
          service.protal.kubernetes.io/type: LoadBalancer 
          kubernetes.io/elb.class: union 
          kubernetes.io/elb.subnet-id: eff413e6-e6df-43e6-b586-ee36351d676d 
          kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"cce-bandwidth-1548668872423","bandwidth_chargemode":"bandwidth","bandwidth_size":10,"bandwidth_sharetype":"PER","eip_type":"5_bgp"}'
      spec: 
        selector: 
          app: nginx 
        ports: 
        - name: cce-service-0 
          targetPort: 80 
          nodePort: 0 
          port: 80 
          protocol: TCP 
        type: LoadBalancer 
        loadBalancerIP: ''

  3. Create an application.

    kubectl create -f nginx-deployment.yaml

    If the following information is displayed, the application is being created.

    deployment "nginx" created

    kubectl get po

    If the following information is displayed, the application is running.

    NAME                     READY     STATUS             RESTARTS   AGE
    icagent-m9dkt            0/0       Running            0          3d
    nginx-2601814895-c1xhw   1/1       Running            0          6s

  4. Create a service.

    kubectl create -f nginx-elb-svc.yaml

    If the following information is displayed, the service has been created.

    service "nginx" created

    kubectl get svc

    If the following information is displayed, the service access mode has been set successfully, and the application is accessible.

    NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
    etcd-svc     ClusterIP      None             <none>        3120/TCP       1h
    kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
    nginx        LoadBalancer   10.247.130.196   10.4.10.230   80:31540/TCP   51s

  5. In the address bar of your browser, enter 10.4.10.230 and press Enter. In this example, 10.4.10.230 is the IP address of the ELB instance.

    The Nginx application is accessible.

    Figure 2 Accessing the Nginx application