This page provides some examples and Service Annotations descriptions.
Before running the examples below,
make sure you have installed the huawei-cloud-controller-manager
in your Kubernetes cluster,
refer to Running on an Existing Cluster on Huawei Cloud.
If the annotation in the service is empty, the Loadbalancer Configuration will be used, otherwise use the set value.
-
kubernetes.io/elb.class
Required. Specifies the type of ELB service to use. Values are:shared: Use the shared load balancer service.
dedicated: Use the dedicated load balancer service.
-
kubernetes.io/elb.availability-zones
Optional. Specifies AZs where the load balancer needs to be created, AZs should seperated by a semi-colon(;). This annotation works with dedicated load balancers (kubernetes.io/elb.class: dedicated
), and it is required when creating a dedicated load balancer service. -
kubernetes.io/elb.id
Optional. Specifies use of an existing ELB service. If empty, a new ELB service will be created automatically. -
kubernetes.io/elb.connection-limit
Optional. Specifies the maximum number of connections for the listener. This option works with the Shared ELB service, the value ranges from-1
to2147483647
. The default value is-1
, indicating that there is no restriction on the maximum number of connections. -
kubernetes.io/elb.subnet-id
Optional. Specifies the IPv4 subnet ID where the load balancer works. If the value is empty, thesubnet-id
incloud-config
secret will be used. If both are empty, query the subnet where the node is located. Only IPv4 subnets are supported. -
kubernetes.io/elb.eip-id
Optional. Specifies use the specified EIP for ELB service. This field has no effect when using an existing ELB service. -
kubernetes.io/elb.keep-eip
Optional. Specifies whether to retain the EIP when deleting a ELB service Valid values are'true'
and'false'
, defaults to'false'
. -
kubernetes.io/elb.eip-auto-create-option
Optional. Specifies whether to automatically create an EIP for the ELB service. This is a JSON string, such as{"ip_type": "5_bgp", "bandwidth_size": 5, "share_type": "PER"}
.For details:
-
share_type
Required. Specifies the bandwidth type. Valid values:PER: Dedicated bandwidth. WHOLE: Shared bandwidth.
If this parameter is set to WHOLE, the
share_id
must be specified. -
ip_type
Optional. Specifies the EIP type. The value can be5_bgp
(dynamic BGP) or5_sbgp
(static BGP). It is required whenshare_type
isPER
.For the
ip_type
supported by each region, please see Assigning an EIP "Table 4 Description of the publicIP field". -
bandwidth_size
Optional. Specifies the bandwidth size. It is required whenshare_type
isPER
. -
charge_mode
Optional. Specifies whether the bandwidth is billed by traffic or by bandwidth size.It is required when
share_type
isPER
. Defaults istraffic
, valid values:bandwidth: billed by bandwidth size.
traffic: billed by traffic.
-
share_id
Optional. Specifies the bandwidth ID. You can specify an existing shared bandwidth when assigning an EIP.It is required when
share_type
isWHOLE
.
-
-
kubernetes.io/elb.lb-algorithm
Optional. Specifies the load balancing algorithm of the backend server group. The value range varies depending on the protocol of the backend server group:ROUND_ROBIN: indicates the weighted round-robin algorithm.
LEAST_CONNECTIONS: indicates the weighted least connections algorithm.
SOURCE_IP: indicates the source IP hash algorithm. When the value is SOURCE_IP, the weights of backend servers in the server group are invalid.
-
kubernetes.io/elb.session-affinity-flag
Optional. Specifies whether to enable session affinity. Valid values are'on'
and'off'
, defaults to'off'
. -
kubernetes.io/elb.session-affinity-option
Specifies the sticky session timeout duration in minutes. This parameter is mandatory when thekubernetes.io/elb.session-affinity-flag
is'on'
or globalsession-affinity-flag
ison
. This is a json string, such as{"type": "SOURCE_IP", "persistence_timeout": 15}
. For details:-
type
Required. Specifies the sticky session type. The value range varies depending on the protocol of the backend server group:SOURCE_IP: Requests are distributed based on the client's IP address. Requests from the same IP address are sent to the same backend server.
HTTP_COOKIE: When the client sends a request for the first time, the load balancer automatically generates a cookie and inserts the cookie into the response message. Subsequent requests are sent to the backend server that processes the first request.
APP_COOKIE: When the client sends a request for the first time, the backend server that receives the request generates a cookie and inserts the cookie into the response message. Subsequent requests are sent to this backend server. When the protocol of the backend server group is
TCP
, only SOURCE_IP takes effect. When the protocol of the backend server group isHTTP
, only HTTP_COOKIE or APP_COOKIE takes effect. -
cookie_name
Optional. Specifies the cookie name. This parameter is mandatory when the sticky session type is APP_COOKIE. -
persistence_timeout
Optional. Specifies the sticky session timeout duration in minutes. This parameter is invalid whentype
is set to APP_COOKIE. The value range varies depending on the protocol of the backend server group: When the protocol of the backend server group isTCP
orUDP
, the value ranges from1
to60
. When the protocol of the backend server group isHTTP
orHTTPS
, the value ranges from1
to1440
.
-
-
kubernetes.io/elb.health-check-flag
Optional. Specifies whether to enable health check for a backend server group. Valid values areon
andoff
, defaults toon
.When health check is enabled, CCM will add a new inbound rule to one of the security groups of the backend service, allowing traffic from
100.125.0.0/16
. This rule will be removed when all LoadBalance services are removed.100.125.0.0/16
are internal IP addresses used by ELB to check the health of backend servers. -
kubernetes.io/elb.health-check-option
Optional. Specifies the health check. This parameter is mandatory when thehealth-check
ison
. This is a json string, such as{"delay": 3, "timeout": 15, "max_retries": 3}
. For details:-
delay
Required. Specifies the maximum time between health checks in the unit of second. The value ranges from1
to50
. Defaults to5
. -
max_retries
Required. Specifies the maximum number of retries. The value ranges from1
to10
. Defaults to3
. -
timeout
Required. Specifies the health check timeout duration in the unit of second. The value ranges from1
to50
. Defaults to3
.
-
-
kubernetes.io/elb.enable-transparent-client-ip
Optional. Specifies whether to pass source IP addresses of the clients to backend servers. Valid values are'true'
and'false'
.TCP or UDP listeners of shared load balancers: The value can be true or false, and the default value is false if this annotation is not passed.
HTTP or HTTPS listeners of shared load balancers: The value can only be true, and the default value is true if this annotation is not passed.
All listeners of dedicated load balancers: The value can only be true, and the default value is true if this annotation is not passed.
Note:
If this function is enabled, the load balancer communicates with backend servers using their real IP addresses. Ensure that security group rules and access control policies are correctly configured.
If this function is enabled, a server cannot serve as both a backend server and a client.
If this function is enabled, backend server specifications cannot be changed.
-
kubernetes.io/elb.x-forwarded-host
Optional. Specifies whether to rewrite theX-Forwarded-Host
header. If this function is enabled,X-Forwarded-Host
is rewritten based on Host in the request and sent to backend servers.Valid values are
'true'
and'false'
, defaults to'false'
. -
kubernetes.io/elb.default-tls-container-ref
Optional. Specifies the ID of the server certificate used by the listener. When this option is set then the cloud provider will create a Listener of typeTERMINATED_HTTPS
for a TLS Terminated loadbalancer. -
kubernetes.io/elb.idle-timeout
Optional. Specifies the idle timeout for the listener. Value range:0
to4000
. Unit: second. -
kubernetes.io/elb.request-timeout
Optional. Specifies the request timeout for the listener. Value range:1
to300
. Unit: second. This parameter is valid when protocol is set to HTTP or HTTPS. -
kubernetes.io/elb.response-timeout
Optional. Specifies the response timeout for the listener. Value range:1
to300
. Unit: second. This parameter is valid when protocol is set to HTTP or HTTPS. -
kubernetes.io/elb.enable-cross-vpc
Optional. Specifies whether to enable cross-VPC backend. The value can betrue
(enable cross-VPC backend) orfalse
(disable cross-VPC backend). The value can only be updated totrue
. Only dedicated load balancer service (kubernetes.io/elb.class: dedicated
) will use this annotation. -
kubernetes.io/elb.l4-flavor-id
Optional. Specifies the ID of a flavor at Layer 4. If neitherkubernetes.io/elb.l4-flavor-id
norkubernetes.io/elb.l7-flavor-id
is specified, the default flavor is used. Only dedicated load balancer service (kubernetes.io/elb.class: dedicated
) will use this annotation. -
kubernetes.io/elb.l7-flavor-id
Optional. Specifies the ID of a flavor at Layer 7. If neitherkubernetes.io/elb.l4-flavor-id
norkubernetes.io/elb.l7-flavor-id
is specified, the default flavor is used. Only dedicated load balancer service (kubernetes.io/elb.class: dedicated
) will use this annotation.
Below are some examples of using shared ELB services. First, we should create a deployment for the bellow examples.
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: deployment-ccm-test
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.23
ports:
- containerPort: 80
EOF
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/elb.class: shared
kubernetes.io/elb.id: xx # Please replace xx with your ELB instance ID.
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
labels:
app: nginx
name: loadbalancer-service-demo-01
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
EOF
Check the state the status of the LoadBalancer type Service until the EXTERNAL-IP
status is no longer pending.
$ kubectl get service loadbalancer-service-demo-01
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
loadbalancer-service-demo-01 LoadBalancer 10.1.130.216 192.168.0.113 80:30993/TCP 3m10s
Once we can see that our service is active and has been assigned an external IP address,
test our application via curl
from any internet accessible machine.
$ curl 192.168.0.113
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/elb.class: shared
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
kubernetes.io/elb.enable-transparent-client-ip: 'true' # Preserve client IP to backend servers.
labels:
app: nginx
name: loadbalancer-service-demo-02
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
EOF
Check the state the status of the LoadBalancer type Service until the EXTERNAL-IP
status is no longer pending.
$ kubectl get service loadbalancer-service-demo-02
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
loadbalancer-service-demo-02 LoadBalancer 10.1.130.216 192.168.0.80 80:30993/TCP 3m10s
Once we can see that our service is active and has been assigned an external IP address,
test our application via curl
from any internet accessible machine.
$ curl 192.168.0.80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/elb.class: shared
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
kubernetes.io/elb.keep-eip: "false"
kubernetes.io/elb.eip-auto-create-option: >-
{"ip_type": "5_bgp", "bandwidth_size": 5, "share_type": "PER"}
labels:
app: nginx
name: loadbalancer-service-demo-03
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
EOF
Check the state the status of the LoadBalancer type Service until the EXTERNAL-IP
status is no longer pending.
$ kubectl get service loadbalancer-service-demo-03
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
loadbalancer-service-demo-03 LoadBalancer 10.1.35.151 159.138.37.76 80:30080/TCP 41s
Once we can see that our service is active and has been assigned an external IP address,
test our application via curl
from any internet accessible machine.
$ curl 159.138.37.76
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
annotations:
kubernetes.io/elb.class: shared
kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
kubernetes.io/elb.session-affinity-flag: 'on'
kubernetes.io/elb.session-affinity-option: >-
{"type": "SOURCE_IP", "persistence_timeout": 15}
labels:
app: nginx
name: loadbalancer-service-demo-04
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
EOF
Check the state the status of the LoadBalancer type Service until the EXTERNAL-IP
status is no longer pending.
$ kubectl get service loadbalancer-service-demo-04
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
loadbalancer-service-demo-04 LoadBalancer 10.1.130.216 192.168.0.113 80:30993/TCP 3m10s
Once we can see that our service is active and has been assigned an external IP address,
test our application via curl
from any internet accessible machine.
$ curl 192.168.0.113
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>