Based on native Kubernetes, Tencent Kubernetes Engine (TKE) is a container-oriented, highly scalable, and high-performance container management service. Compared with a client's container service, TKE has core advantages such as its ease of use, flexible expansion, security, reliability, high efficiency, and low costs. For more information, see Tencent Kubernetes Engine.
As an open source platform for automated container operations, Kubernetes is a mainstream choice for developers. However, the access capability of Kubernetes clusters are not sufficient and cannot meet the requirements of large applications. Using API Gateway as the access layer of Kubernetes can significantly improve the access capability of Kubernetes clusters and empower Kubernetes clusters with advanced capabilities of API Gateway, adapting to more scenarios of more customers.
You have activated Tencent Cloud services such as API Gateway, TKE, Cloud Load Balancer (CLB), Virtual Private Cloud (VPC), and Cloud Virtual Machine (CVM) and have permission to configure these services, as they will be used during the configuration process.
When creating a CVM, select the VPC and the subnet created in Step 1 and retain the default values for the other parameters. In this example, a standard S5 CVM instance is created.
Log in to the TKE console.
In the left sidebar, click Cluster to access the TKE cluster list page.
Click Create at the top of the TKE cluster list. On the Create Cluster page, create a TKE cluster by following the instructions in Creating a Cluster.
- When configuring the cluster information, set Cluster network to the VPC created in Step 1.
- When selecting a model, set Node Source to Existing nodes and Master Node to Managed, and select the CVM created in Step 2 in the Worker Configurations area.
- Retain the default values for the other parameters.
- Select a DockerHub nginx image.
- Set Service Access to Via VPC.
- Set Load Balancer to Automatic creation.
- In the Port Mapping area, set Protocol to TCP, and set both Target Port and Port to 80.
When entering the backend configuration, set Backend Type to HTTP, VPC Info to the VPC created in Step 1, VPC resources to CLB, and Backend Path to /.
Log in to the CVM console. In the left sidebar, click Security Groups to access the security group list page.
Select a region and click + New. In the pop-up dialog box, set the parameters and click OK to create a security group.
In the security group list, click the name of the created security group to access the security group details page. Click the Security Group Rule tab and then the Inbound rule tab to access the inbound rule list.
Click Add a Rule. In the pop-up dialog box, enter the following 5 private IP ranges of API Gateway: 220.127.116.11/8, 10.0.0.0/8, 100.64.0.0/10, 18.104.22.168/8, and 22.214.171.124/8. Set Protocol port to ALL and Policy to Allow for the 5 private IP ranges, and click Completed to add the 5 inbound rules.
Return to the security group details page. Click the Associate with Instance tab and then the Cloud Virtual Machine tab. Click Add Instances. In the pop-up dialog box, associate the created security group with the CVM created in Step 2 to open the private IP ranges of API Gateway to the internet.