Overview
The traffic forwarded from CLB to Nginx Ingress can be directly connected, bypassing the NodePort communication. This method offers better performance and allows obtaining the real source IP address.
If you are using a TKE serverless cluster, or you can ensure that all Nginx Ingress Pods are scheduled on the super node, then this link is already directly connected and requires no additional action.
In other cases, the link will default to NodePort communication. If you wish to enable direct connection, you can refer to the following steps (choose steps applicable to your cluster environment).
Enabling Direct Connection in GlobalRouter+VPC-CNI Network Mode
If the cluster network mode is GlobalRouter and VPC-CNI is enabled:
It is recommended to declare the use of the VPC-CNI network for Nginx Ingress and enable CLB direct connection. values.yaml
configuration method:
controller:
podAnnotations:
tke.cloud.tencent.com/networks: tke-route-eni
resources:
requests:
tke.cloud.tencent.com/eni-ip: "1"
limits:
tke.cloud.tencent.com/eni-ip: "1"
service:
annotations:
service.cloud.tencent.com/direct-access: "true"
Enabling Direct Connection in GlobalRouter Network Mode
If you do not wish to enable VPC-CNI, you can enable direct connection according to the steps below but must accept the use limit. Note:
Confirm that your account meets the above conditions and accepts the use limit.
1. Modify the configmap to enable the direct connection capability in GlobalRouter cluster dimensions:
kubectl edit configmap tke-service-controller-config -n kube-system
Set GlobalRouteDirectAccess
to true:
2. Configure values.yaml
to enable CLB direct connection:
controller:
service:
annotations:
service.cloud.tencent.com/direct-access: "true"
Enabling Direct Connection in VPC-CNI Network Mode
If the cluster network is VPC-CNI, directly configure values.yaml
to enable CLB direct connection:
controller:
service:
annotations:
service.cloud.tencent.com/direct-access: "true"
Was this page helpful?