tencent cloud

Feedback

Enabling CLB Direct Connection

Last updated: 2024-08-12 17:48:23

    Overview

    The traffic forwarded from CLB to Nginx Ingress can be directly connected, bypassing the NodePort communication. This method offers better performance and allows obtaining the real source IP address.
    If you are using a TKE serverless cluster, or you can ensure that all Nginx Ingress Pods are scheduled on the super node, then this link is already directly connected and requires no additional action.
    In other cases, the link will default to NodePort communication. If you wish to enable direct connection, you can refer to the following steps (choose steps applicable to your cluster environment).

    Enabling Direct Connection in GlobalRouter+VPC-CNI Network Mode

    If the cluster network mode is GlobalRouter and VPC-CNI is enabled:
    
    
    It is recommended to declare the use of the VPC-CNI network for Nginx Ingress and enable CLB direct connection. values.yaml configuration method:
    controller:
    podAnnotations:
    tke.cloud.tencent.com/networks: tke-route-eni # Declare the use of VPC-CNI network
    resources: # Declare the use of ENI in resources
    requests:
    tke.cloud.tencent.com/eni-ip: "1"
    limits:
    tke.cloud.tencent.com/eni-ip: "1"
    service:
    annotations:
    service.cloud.tencent.com/direct-access: "true" # Enable CLB direct access

    Enabling Direct Connection in GlobalRouter Network Mode

    If the cluster network is GlobalRouter but VPC-CNI is not enabled, it is recommended to enable VPC-CNI for the cluster. For details, see GlobalRouter + VPC-CNI Network Mode Enable Direct Connection to enable CLB direct connection.
    If you do not wish to enable VPC-CNI, you can enable direct connection according to the steps below but must accept the use limit.
    Note:
    Confirm that your account meets the above conditions and accepts the use limit.
    1. Modify the configmap to enable the direct connection capability in GlobalRouter cluster dimensions:
    kubectl edit configmap tke-service-controller-config -n kube-system
    Set GlobalRouteDirectAccess to true:
    
    2. Configure values.yaml to enable CLB direct connection:
    controller:
    service:
    annotations:
    service.cloud.tencent.com/direct-access: "true" # Enable CLB direct access

    Enabling Direct Connection in VPC-CNI Network Mode

    If the cluster network is VPC-CNI, directly configure values.yaml to enable CLB direct connection:
    controller:
    service:
    annotations:
    service.cloud.tencent.com/direct-access: "true" # Enable CLB direct access
    
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support