TkeServiceConfig is a Custom Resource Definition (CRD) provided by TKE. TkeServiceConfig can help you manage various Ingress CLB configurations more flexibly.
CLB parameters and features that cannot be defined by Ingress YAML semantics can be configured through TkeServiceConfig.
TkeServiceConfig can help you quickly configure CLBs. Through the Ingress annotation ingress.cloud.tencent.com/tke-service-config:<config-name>, you can specify the target configuration to be applied in the Ingress.
Note:
TkeServiceConfig resources and the Ingress need to be in the same namespace.
TkeServiceConfig does not help you configure or modify protocols, ports, domain names, or forwarding paths. You need to describe protocols, ports, domain names, and forwarding paths in the configuration to specify the forwarding rules for configuration forwarding.
There can be multiple domain names under each Layer-7 listener, and multiple forwarding paths under each domain name. Therefore, you can declare multiple sets of domain names and forwarding rule configurations in a single TkeServiceConfig
. Currently, configurations are mainly provided for CLB health check and backend access.
spec.loadBalancer.l7Listeners.protocol
: Layer-4 protocolspec.loadBalancer.l7Listeners.port
: listening portspec.loadBalancer.l7Listeners.protocol
: Layer-4 protocolspec.loadBalancer.l7Listeners.port
: listening portspec.loadBalancer.l7Listeners.domains[].domain
: domain namespec.loadBalancer.l7Listeners.domains[].rules[].url
: forwarding pathNote:
When your domain name is set to the default value, namely the public or private VIP, you can configure domain with a blank value.
-auto-service-config
or -auto-ingress-config
.apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: jetty
name: jetty-deployment
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app: jetty
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: jetty
spec:
containers:
- image: jetty:9.4.27-jre11
imagePullPolicy: IfNotPresent
name: jetty
ports:
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
apiVersion: v1
kind: Service
metadata:
name: jetty-service
namespace: default
spec:
ports:
- name: tcp-80-80
port: 80
protocol: TCP
targetPort: 80
- name: tcp-443-443
port: 443
protocol: TCP
targetPort: 443
selector:
app: jetty
type: NodePort
This sample includes the following configurations:
Service NodePort type, with two TCP services declared: one on port 80 and the other on port 443.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.rule-mix: "true"
kubernetes.io/ingress.http-rules: '[{"path":"/health","backend":{"serviceName":"jetty-service","servicePort":"80"}}]'
kubernetes.io/ingress.https-rules: '[{"path":"/","backend":{"serviceName":"jetty-service","servicePort":"443","host":"sample.tencent.com"}}]'
ingress.cloud.tencent.com/tke-service-config: jetty-ingress-config
# Specify existing tke-service-config
# service.cloud.tencent.com/tke-service-config-auto: true
# Automatically create tke-service-config
name: jetty-ingress
namespace: default
spec:
rules:
- http:
paths:
- backend:
serviceName: jetty-service
servicePort: 80
path: /health
- host: "sample.tencent.com"
http:
paths:
- backend:
serviceName: jetty-service
servicePort: 443
path: /
tls:
- secretName: jetty-cert-secret
This sample includes the following configurations:
sample.tencent.com
domain name. /health
, and that of the HTTPS service is /
.jetty-ingress-config
CLB configuration is used.apiVersion: cloud.tencent.com/v1alpha1
kind: TkeServiceConfig
metadata:
name: jetty-ingress-config
namespace: default
spec:
loadBalancer:
l7Listeners:
- protocol: HTTP
port: 80
domains:
- domain: ""
rules:
- url: "/health"
healthCheck:
enable: false
- protocol: HTTPS
port: 443
domains:
- domain: "sample.tencent.com"
rules:
- url: "/"
session:
enable: true
sessionExpireTime: 3600
healthCheck:
enable: true
intervalTime: 10
healthNum: 2
unHealthNum: 2
httpCheckPath: "/checkHealth"
httpCheckDomain: "sample.tencent.com"
httpCheckMethod: HEAD
scheduler: WRR
This sample includes the following configurations:
The name of the TkeServiceConfig is jetty-ingress-config
, and in the Layer-7 listener configuration, two configuration segments are declared:
/health
path is disabled.sample.tencent.com
. Under this domain name, only a forwarding rule configuration, with the forwarding path of /
, is described. The configuration contains the following content:/checkHealth
, and the checked domain name is sample.tencent.com
.➜ kubectl apply -f jetty-deployment.yaml
➜ kubectl apply -f jetty-service.yaml
➜ kubectl apply -f jetty-ingress.yaml
➜ kubectl apply -f jetty-ingress-config.yaml
➜ kubectl get pods
NAME READY STATUS RESTARTS AGE
jetty-deployment-8694c44b4c-cxscn 1/1 Running 0 8m8s
jetty-deployment-8694c44b4c-mk285 1/1 Running 0 8m8s
jetty-deployment-8694c44b4c-rjrtm 1/1 Running 0 8m8s
# Obtain the TkeServiceConfig Configuration List
➜ kubectl get tkeserviceconfigs.cloud.tencent.com
NAME AGE
jetty-ingress-config 52s
# Update and Modify the TkeServiceConfig Configuration
➜ kubectl edit tkeserviceconfigs.cloud.tencent.com jetty-ingress-config
tkeserviceconfigs.cloud.tencent.com/jetty-ingress-config edited
Was this page helpful?