Accessing Service via ULB
1. Usage Reminder
- cloudprovider version <
22.07.1
If your cloud provider is below version 22.07.1, please do not modify the name and notes of the ULB and Vserver created by UK8S, otherwise it will cause the Service to be inaccessible. If the version is 22.07.1 or higher, you are allowed to modify the name and notes of the ULB (note that the Vserver is still not changeable). If you need to modify the name and notes of the ULB, please upgrade your cloud provider to the latest version. For details, please see CloudProvider plugin update.
- Related ULB deletion
If the ULB is created in sync when the Service is created by UK8S, the ULB will be deleted in sync when the Service is deleted. Please do not associate the ULB with other Vservers. If you need multiple Services to share the ULB, you can create the ULB first, and then associate the created ULB when creating the Service. For details, please see Use existing ULB.
- Use of ALB
At present, the request proxy type CLB has a series of quota restrictions, which may cause service issues during use. Therefore, if you have a requirement for the seventh layer proxy, it is recommended to use the Application Load Balancer ALB. If you need to use the ALB product, please upgrade the cloud provider version to 24.06.28 and above, refer to CloudProvider plugin update.
- Parameter modification
Except for the external network EIP, ULB-related parameters currently do not support Update modification. If you are unsure about how to fill this in, please consult UCloud Global technical support.
2. Must-read before Using UDP Protocol
- Monitor check
At present, ULB4 supports ping and port two modes of health check for the UDP protocol, the default is ping, it is strongly recommended to change to port;
- Notice on ping health check
The ping check will send the ICMP Ping message with the target IP as ulb-ip to the backend node. In the implementation of UK8S, only the network packet forwarding rule for the UDP port is configured for the backend node, and the ulb-ip is not bound on the network card, so it cannot respond to the above ping message. By default, the ping health check will fail. If you need to use ping health check, please refer to ULB document - Packet forwarding mode service node configuration to bind ulb-ip to the backend node;
- Notice on port health check
The backend implementation of port health check is to send UDP messages ( “Health Check” string) to the UDP port and send ICMP Ping messages to the RS IP. If a UDP packet is replied within the timeout, it is considered healthy; if no UDP packets are received during the timeout, the result of Ping detection will be considered as a reference. Therefore, your application needs to respond to UDP health check messages.
- Packet length
It is important to note that the length of the UDP packet should not exceed 1440 to avoid the possibility of fragmentation causing ULB4 to fail to receive the health check response, resulting in the failure of the health check.
3. Choosing between ULB4 and ULB7
ULB supports “packet forwarding (ULB4)” and “request proxy (ULB7)” two forwarding modes. In the external network mode, ULB4 is recommended because ULB4 has better performance; for the request proxy (ULB7) forwarding mode, the ALB is recommended, the traditional load balancing CLB may be subject to some restrictions during use. Traditional load balancing quota limits. Currently, ALB is charged, for specific prices, please refer to the ULB billing description.
4. Operation Guide
4.1 Expose service to the outside through ULB7 (http/https)
⚠️ To use the ALB, the CloudProvider version must be >= 24.03.13.
In the UK8S cluster, you can directly use the LoadBalancer type Service. If you need to provide http/https protocol externally, it is recommended to choose the application load balancer ALB; users can configure ULB type and other parameters through the “annotations” of the Service; for more parameter information, please refer to ULB parameter description.
For management of SSL certificates used by load balancing, please see the ULB document: Add certificate.
If the user chooses the ULB type as external network, pay attention to the settings of the external network bandwidth, and the selection of the EIP billing model;
# The network type of ULB, outer for public network, inner for internal network; outer is the default value, which can be omitted here.
"service.beta.kubernetes.io/ucloud-load-balancer-type": "outer"
# bandwidth defaults to 2Mpbs, it is recommended to explicitly declare the bandwidth size to avoid cost overrun.
"service.beta.kubernetes.io/ucloud-load-balancer-eip-bandwidth": "2"
# Billing model, supports month, year, dynamic, default is month
"service.beta.kubernetes.io/ucloud-load-balancer-eip-chargetype": "month"
# Billing period, default is 1, not valid when chargetype is dynimic
"service.beta.kubernetes.io/ucloud-load-balancer-eip-quantity": "1" Here is an example of using an internal network ULB7:
apiVersion: v1
kind: Service
metadata:
name: {{channelName}}-nginx-out-tcp-new
labels:
app: {{channelName}}-nginx-out-tcp-new
annotations:
# The network type of ULB, outer for public network, inner for internal network; outer is the default value, which can be omitted here;
"service.beta.kubernetes.io/ucloud-load-balancer-type": "inner"
# Choose the ULB type. "application" means using the application load balancer ALB, for other types, refer to: ULB parameter description;
"service.beta.kubernetes.io/ucloud-load-balancer-listentype": "application"
# Represents the ULB protocol type, http and https are equivalent, representing the application load balancer ULB7; if the https protocol is selected, also configuring the certificate and port;
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-protocol": "https"
# Declare the SSL certificate Id to be bound, which needs to be uploaded to UCloud Global first;
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-ssl-cert": "ssl-qsmo0c7o9y1"
# Declare the Service port using the SSL protocol, multiple ones are separated by ",";
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-ssl-port": "443,8443"
# The ALB is currently billed, and the default is monthly billing, and users can adjust the payment method;
"service.beta.kubernetes.io/ucloud-load-balancer-paymode": "month"
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 443
targetPort: 80
name: https
- protocol: TCP
port: 8443
targetPort: 80
name: ssl
- protocol: TCP
port: 80
targetPort: 80
name: http
selector:
app: {{channelName}}-nginx-out-tcp-new
---
apiVersion: v1
kind: Pod
metadata:
name: test-nginx-out-tcp
labels:
app: {{channelName}}-nginx-out-tcp-new
spec:
containers:
- name: nginx
image: uhub.ucloud-global.com/ucloud/nginx:1.9.2
ports:
- containerPort: 804.2 Exposing service to the outside through ULB4 (TCP)
For TCP protocols, if you only need to expose it to the internal network, you only need to specify load-balancer-type as inner in metadata.annotations, and exterior network load-balancer-type as outer. The other parameters have default values and do not need to be filled in. The details are as follows:
apiVersion: v1
kind: Service
metadata:
name: {{channelName}}-nginx-out-tcp-new
labels:
app: {{channelName}}-nginx-out-tcp-new
annotations:
# ULB type, the default is outer, supports outer, inner
"service.beta.kubernetes.io/ucloud-load-balancer-type": "inner"
# Used to declare the ULB protocol type, not the application protocol, both tcp and udp represent ULB4, and both https and http represent ULB7;
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-protocol": "tcp"
# For ULB4, whether the container port type is tcp or udp, it is recommended to explicitly declare it as port.
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-monitor-type": "port"
# Control the subnet where ULB is created, fill in the subnet ID
"service.beta.kubernetes.io/ucloud-load-balancer-subnet-id": "subnet-xxxx"
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: {{channelName}}-nginx-out-tcp-new
---
apiVersion: v1
kind: Pod
metadata:
name: test-nginx-out-tcp
labels:
app: {{channelName}}-nginx-out-tcp-new
spec:
containers:
- name: nginx
image: uhub.ucloud-global.com/ucloud/nginx:1.9.2
ports:
- containerPort: 804.3 Exposing Service to the Outside through ULB4 (UDP)
If your application uses the UDP protocol, be sure to explicitly declare the health check type as port (port check), otherwise it defaults to ping, which may cause ULB to mistakenly consider the backend service to be abnormal. If you need external exposure, be sure to modify the ucloud-load-balancer-type to outer.
apiVersion: v1
kind: Service
metadata:
name: {{channelName}}-inner-udp-new
labels:
app: {{channelName}}-inner-udp-new
annotations:
# ULB type, the default is outer, supports outer, inner
"service.beta.kubernetes.io/ucloud-load-balancer-type": "inner"
# Represents the ULB protocol type, both tcp and udp represent ULB4, both https and http represent ULB7;
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-protocol": "udp"
# For ULB4, whether the container port type is tcp or udp, it is recommended to explicitly declare it as port.
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-monitor-type": "port"
# Control the subnet where ULB is created, fill in the subnet ID
"service.beta.kubernetes.io/ucloud-load-balancer-subnet-id": "subnet-xxxx"
spec:
type: LoadBalancer
ports:
- name: udp
protocol: UDP
port: 53
targetPort: 53
selector:
app: {{channelName}}-inner-udp-new
---
apiVersion: v1
kind: Pod
metadata:
name: test-inner-udp
labels:
app: {{channelName}}-inner-udp-new
spec:
containers:
- name: dns
image: uhub.ucloud-global.com/library/coredns:1.4.0
ports:
- name: udp
containerPort: 53
protocol: UDP4.4 Exposing Service to the Outside through ULB4 (Mixed Use of TCP and UDP Protocols)
After version 24.03.5 of the CloudProvider plugin, when “service.beta.kubernetes.io/ucloud-load-balancer-vserver-protocol” is tcp/udp or omitted, ULB4 simultaneously supports TCP and UDP. In the following example, two ports are exposed externally: port 80 uses the TCP protocol, and port 53 uses the UDP protocol.
apiVersion: v1
kind: Service
metadata:
name: {{channelName}}-nginx-out-tcp-new
labels:
app: {{channelName}}-nginx-out-tcp-new
annotations:
# The network type of ULB, outer for public network, inner for internal network; outer is the default value, which can be omitted here.
"service.beta.kubernetes.io/ucloud-load-balancer-type": "inner"
# Represents the ULB protocol type, tcp, udp, and tcp/udp are equivalent, representing ULB4; when using tcp/udp or when omitted, both TCP and UDP protocols are supported
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-protocol": "tcp/udp"
# For ULB4, whether the container port type is tcp or udp, it is recommended to explicitly declare it as port.
"service.beta.kubernetes.io/ucloud-load-balancer-vserver-monitor-type": "port"
spec:
type: LoadBalancer
ports:
- name: tcp-default
protocol: TCP
port: 80
targetPort: 80
- name: udp
protocol: UDP
port: 53
targetPort: 53
selector:
app: {{channelName}}-nginx-out-tcp-new
---
apiVersion: v1
kind: Pod
metadata:
name: test-nginx-out-tcp1
labels:
app: {{channelName}}-nginx-out-tcp-new
spec:
containers:
- name: nginx
image: uhub.ucloud-global.com/ucloud/nginx:1.9.2
ports:
- containerPort: 80
protocol: TCP
- name: dns
image: uhub.ucloud-global.com/library/coredns:1.4.0
ports:
- name: udp
containerPort: 53
protocol: UDP