Protocols Supported by Services by Default

A Service is a mechanism and abstraction through which Kubernetes exposes applications outside the cluster. You can access the applications in a cluster through a Service.

Note

• For access in direct access mode, there are no restrictions on the use of extension protocols, and TCP and UDP protocols can be used together.
• In non-direct access scenarios, ClusterIP and NodePort modes can be used together. However, the community has restrictions on Services of the LoadBalance type, and only protocols of the same type can be used currently.
• When LoadBalance is declared as TCP, the port can use the capabilities of extension protocols to change the protocol of CLB to TCP_SSL, HTTP, or HTTPS.
• When LoadBalance is declared as UDP, the port can use the capabilities of extension protocols to change the protocol of CLB to UDP or QUIC.

TKE Extension of Service Forwarding Protocols

In addition to the rules of the protocols supported by a native Service, a Service needs to support the mix use of TCP and UDP as well as the TCP SSL, HTTP, and HTTPS protocols in certain scenarios. TKE extends the support for more protocols in LoadBalancer mode.

Prerequisites

• Extension protocols are only effective for Services in LoadBalancer mode.
• An extension protocol describes the relationship between the protocol and the port through an annotation.
• The relationship between the extension protocol and the annotation is as follows:
  • When the port described in Service Spec is not covered in the annotation of the extension protocol, Service Spec will be configured according to your declaration.
  • When the port described in the annotation of the extension protocol does not exist in Service Spec, the configuration will be ignored.
  • When the port described in the annotation of the extension protocol exists in Service Spec, the protocol configuration declared in Service Spec will be overwritten.

Annotation name

service.cloud.tencent.com/specify-protocol

Sample annotations of extension protocols

{"80":{"protocol":["TCP_SSL"],"tls":"cert-secret"}}

{"80":{"protocol":["HTTP"],"hosts":{"a.tencent.com":{},"b.tencent.com":{}}}}

{"80":{"protocol":["HTTPS"],"hosts":{"a.tencent.com":{"tls":"cert-secret-a"},"b.tencent.com":{"tls":"cert-secret-b"}}}}

{"80":{"protocol":["TCP","UDP"]}} # Only supported in direct access mode

{"80":{"protocol":["TCP_SSL","UDP"],"tls":"cert-secret"}} # Only supported in direct access mode

Extension protocol use instructions

apiVersion: v1
kind: Service
metadata:
   annotations:  
     service.cloud.tencent.com/specify-protocol: '{"80":{"protocol":["TCP_SSL"],"tls":"cert-secret"}}' # To use other protocols, change the value in the key-value pair to the above content
   name: test
  ....