A Service is a mechanism and abstraction through which Kubernetes exposes applications outside the cluster. You can access the applications in a cluster through a Service.
Note
- For access in direct access mode, there are no restrictions on the use of extension protocols, and TCP and UDP protocols can be used together.
- In non-direct access scenarios,
ClusterIP
andNodePort
modes can be used together. However, the community has restrictions on Services of theLoadBalance
type, and only protocols of the same type can be used currently.- When
LoadBalance
is declared as TCP, the port can use the capabilities of extension protocols to change the protocol of CLB to TCP_SSL, HTTP, or HTTPS.- When
LoadBalance
is declared as UDP, the port can use the capabilities of extension protocols to change the protocol of CLB to UDP.
In addition to the rules of the protocols supported by a native Service, a Service needs to support the hybrid use of TCP and UDP as well as the TCP SSL, HTTP, and HTTPS protocols in certain scenarios. TKE extends the support for more protocols in LoadBalancer
mode.
LoadBalancer
mode.Service Spec
is not covered in the annotation of the extension protocol, Service Spec
will be configured according to your declaration.Service Spec
, the configuration will be ignored.Service Spec
, the protocol configuration declared in Service Spec
will be overwritten.service.cloud.tencent.com/specify-protocol
{"80":{"protocol":["TCP_SSL"],"tls":"cert-secret"}}
Note:The field
cert-secret
in TCP_SSL and HTTPS indicates that a certificate must be specified when you use the protocol. The certificate is an Opaque type Secret, the key of Secret is qcloud_cert_id, and the value is the certificate ID. For details, see Ingress Certificate Configuration.
apiVersion: v1
kind: Service
metadata:
annotations:
service.cloud.tencent.com/specify-protocol: '{"80":{"protocol":["TCP_SSL"],"tls":"cert-secret"}}' # To use other protocols, change the value in the key-value pair to the above content
name: test
....
A native Service does not support hybrid use of protocols. Upon some special modifications, TKE supports hybrid use of protocols in CLB-to-Pod direct access mode.
Please note that the same protocol is used in YAML, but you can specify the protocol type for each port via the annotation. In the sample below, port 80 uses the TCP protocol, and port 8080 uses the UDP protocol.
apiVersion: v1
kind: Service
metadata:
annotations:
service.cloud.tencent.com/direct-access: "true" # EKS clusters default to use the CLB-to-Pod direct access mode. For TKE clusters, you must enable the CLB-to-Pod direct access mode with reference to the document.
service.cloud.tencent.com/specify-protocol: '{"80":{"protocol":["TCP"]},"8080":{"protocol":["UDP"]}}' # It specifies that port 80 uses the TCP protocol, and port 8080 uses the UDP protocol.
name: nginx
spec:
externalTrafficPolicy: Cluster
ports:
- name: tcp-80-80
nodePort: 32150
port: 80
protocol: TCP
targetPort: 80
- name: udp-8080-8080
nodePort: 31082
port: 8080
protocol: TCP # Note: Only the same type of protocols can be used because of the limits of Kubernetes Service Controller.
targetPort: 8080
selector:
k8s-app: nginx
qcloud-app: nginx
sessionAffinity: None
type: LoadBalancer
Was this page helpful?