In a production environment kubernetes if you provide only HTTP or HTTPS services, you can use seven-tier load balancing software such as nginx-ingress or Traefik. Of course, you can also expose HTTP or TCP services in a nodeport way. If you do not want to directly use the port number exposed by Nodeport, and the server is running on the Ali Cloud, you can expose the TCP service or Controller service externally using the Kubernetes Cloud Http/https Manager provided by Aliyun.
Premise:
1. Several ECS were purchased on Ali Cloud
2. A kubernetes cluster was built on the ECS of Aliyun, taking kubernetes1.9.0 as an example
3. Load Balancing to buy a public network on Ali Cloud
You can start to configure the Aliyun load balancing and kubernetes integration. The following are the configuration steps:
First get each ECS corresponding RegionID and ECSID, you can use the command echo ' curl-s http://100.100.100.200/latest/meta-data/region-id '. ' Curl-s http:// 100.100.100.200/latest/meta-data/instance-id ' Get. Add Apiserver, Controller-manager, and Kubelet to the startup parameters--cloud-provider=external, and add Kubelet to the--provider-id= above < Region_id>.<ecs_id> first create a Secret access key ID and access key Secret that you want to save Ali (both values are available in Ali's console), Write a Alicloud-secret.yaml file, as follows
APIVERSION:V1
kind:secret
metadata:
name:alicloud-config
namespace:kube-system
data:
# Insert your BASE64 encoded AliCloud Access ID and key here, ensure there ' s no trailing newline:
# to Base64 encode R token run:
# Echo-n "Abc123abc123doaccesstoken" | base64
Access-key-id: "<ACCESS_KEY_ID>"
Access-key-secret: "<ACCESS_KEY_SECRET>"
The ID and secret here are encoded with Base64 from the Ali console and replaced with the file above. Then create the corresponding secret with Kubectl apply-f Alicloud-secret.yaml. Next, write the Alicloud-controller-manager.yaml file, as follows
Apiversion:extensions/v1beta1 kind:deployment Metadata:name:alicloud-controller-manager Namespace:kube-system SPE C:replicas:1 Revisionhistorylimit:2 Template:metadata:labels:app:alicloud-controller-manage R Spec:dnsPolicy:Default tolerations: # This taint are set by all kubelets running '--cloud-provi Der=external '-Key: "node.cloudprovider.kubernetes.io/uninitialized" Value: "True" effect: "N
Oschedule "Containers:-image:registry.cn-hangzhou.aliyuncs.com/kube-test/alicloud-controller-manager:v0.1.0 Name:alicloud-controller-manager command:-/alicloud-controller-manager # Set Leade
R-elect=true If you have more that one replicas---leader-elect=false---allocate-node-cidrs=true # Set this to what your set to Controller-manager or Kube-proxy---cluster-cidr=10.0.6.0/24 # If you are want to use a secUre endpoint or deploy in a Kubeadm deployed cluster, you are need to use a kubeconfig instead.
---master=10.0.0.10:8080 env:-name:access_key_id Valuefrom:secretkeyref: Name:alicloud-config Key:access-key-id-name:access_key_secret V Aluefrom:secretkeyref:name:alicloud-config Key:access-key-secret
Note the Red Word section above and replace it with your own configuration. Also, use Kubectl apply-f alicloud-controller-manager.yaml to create a corresponding deployment and then you can create a service to use it, such as I create a zookeeper services below
APIVERSION:V1
kind:service
metadata:
name:zookeeper-master
Labels:
app:zookeeper-master
namespace:xxxxx
Spec:
ports:
-port:2181
targetport:2181
protocol:tcp
Name: Main-port
selector:
app:zookeeper-master
Type:loadbalancer
At this point, you can see the corresponding service through the Kubectl get Svc External-ip
To set the back-end server on the Ali console, add k8s node nodes.