Kubernetes officially provides a NodePort-type Service. This means it provides all nodes with the same port through which a Service can be opened. Traditionally, most Services of the Cloud Load Balancer (CLB) type are implemented based on NodePort. Specifically, the CLB backend is bound with the NodePort of each node. When the CLB receives external traffic, it forwards the traffic to the NodePort of one of the nodes. Then, traffic is forwarded through the CLB within Kubernetes to pods by using iptables or ipvs. See the figure below:
TKE adopts the same approach to implement the default CLB-type Service and Ingress. Currently, however, it also supports the CLB-pod direct connection mode, in which the CLB backend is directly bound with pod IP + Port, without being bound with the NodePort of nodes. See the figure below:
Traditionally, users create a cloud Ingress or LB-type Service by using a CLB directly bound to Nodeport. However, the traditional method involves the following issues:
The CLB-pod direct connection method not only solves the issues of the traditional NodePort method but also offers the following advantages:
externalTrafficPolicy: Local
is no longer needed to obtain the source IP address.sessionAffinity
in the Service.The CLB-pod direct connection method can be used in the following scenarios:
externalTrafficPolicy: Local
method.ReadinessGate
feature, which is supported in Kubernetes 1.12 and later versions.VPC-CNI
ENI mode must be enabled for the cluster network mode. You can refer to Confirming whether ENI is enabled to perform confirmation.
Perform the following steps based on your actual situation:
tke.cloud.tencent.com/networks: tke-route-eni
for pods to declare the use of ENI. In addition, you need to add requests and limits such as tke.cloud.tencent.com/eni-ip: "1"
for one of the containers. The YAML sample is as follows: apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx-deployment-eni
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
annotations:
tke.cloud.tencent.com/networks: tke-route-eni
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
tke.cloud.tencent.com/eni-ip: "1"
limits:
tke.cloud.tencent.com/eni-ip: "1"
When opening services through a CLB Service, you need to declare the use of the direct connection mode. The steps are as follows:
To use the console to create a Service, select Direct CLB-Pod Connection Mode. For more information, see Creating a Service. See the figure below:
To use YAML to create a Service, you need to add the annotation service.cloud.tencent.com/direct-access: "true"
for the Service. A sample is as follows:
Note:For more information on how to use YAML to create a Service, see Creating a Service.
apiVersion: v1
kind: Service
metadata:
annotations:
service.cloud.tencent.com/direct-access: "true"
labels:
app: nginx
name: nginx-service-eni
spec:
externalTrafficPolicy: Cluster
ports:
- name: 80-80-no
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
sessionAffinity: None
type: LoadBalancer
When opening services through an Ingress, you also need to declare the use of the direct connection mode. The steps are as follows:
To use the console to create an Ingress, select Direct CLB-Pod Connection Mode. For more information, see Creating an Ingress. See the figure below:
To use YAML to create an Ingress, you need to add the annotation ingress.cloud.tencent.com/direct-access: "true"
for the Ingress. A sample is as follows:
Note:For more information on how to use YAML to create an Ingress, see Creating an Ingress.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
ingress.cloud.tencent.com/direct-access: "true"
kubernetes.io/ingress.class: qcloud
name: test-ingress
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: nginx
servicePort: 80
path: /
Was this page helpful?