Use an existing SLB instance to expose an application - - Alibaba Cloud Documentation Center

To access a Service exposed by a Server Load Balancer (SLB) instance from outside the cluster, use the domain name of the SLB instance or the <IP:Service port> endpoint. To access the Service from within the cluster, use the <Service name:Service port> endpoint. This topic uses an NGINX application as an example to describe how to create a LoadBalancer Service that uses an existing SLB instance to expose an application in an Alibaba Cloud Container Compute Service (ACS) cluster.

Prerequisites

An SLB instance is created in the SLB console. The SLB instance belongs to the same region as the ACS cluster. In this topic, an existing Internet-facing Classic Load Balancer (CLB) instance is used. If no CLB instance exists, create one. For more information, see Create and manage a CLB instance.

Usage notes

Limits on reusing SLB instances

When you use an existing SLB instance to expose an application, take note of the following limits:
- SLB instances that are created by using the SLB console can be reused. SLB instances that are automatically created by the cloud controller manager (CCM) and the SLB instance of the API server cannot be reused.
- To reuse an internal-facing SLB instance for a cluster, the SLB instance and the cluster must be deployed in the same virtual private cloud (VPC).
- The network type of the SLB instance must be consistent with the connection method of the Service.
  - If the Service is used for Internet access (service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "internet"), the network type of the SLB instance must be Internet-facing.
  - If the Service is used for internal access (service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "intranet"), the network type of the SLB instance must be internal-facing.
- The SLB instance must listen on different Service ports if the SLB instance exposes more than one Service.
- If you use an existing SLB instance to expose two Services in different clusters, make sure that the two Services have different names and are deployed in different namespaces.
The CCM configures SLB instances only for Services that have Type=LoadBalancer configured. CCM does not configure SLB instances for other types of Services.
Important
When a Service that has Type=LoadBalancer configured is changed to another type of Service, the CCM deletes the configurations that are added to the related SLB instance. As a result, you can no longer use the SLB instance to access the Service.
The CCM uses a declarative API and automatically updates the configurations of an SLB instance to match the configurations of the exposed Service when specific conditions are met. If you specify service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "true", the SLB configurations that you update in the SLB console may be overwritten.
Important
Do not modify the configurations of an SLB instance that is created and managed by CCM in the SLB console. Otherwise, the modifications may be overwritten and the Service may become inaccessible.
You cannot change the SLB instance that is associated with a LoadBalancer Service after the Service is created. To change the SLB instance, you must create a new Service.

SLB resource quotas

The CCM creates SLB instances for Services with the Type=LoadBalancer setting. By default, you can have a maximum of 60 SLB instances within your Alibaba Cloud account. To create more SLB instances, apply for a quota increase in the log on to the Quota Center console and submit an application.
The CCM automatically adds Elastic Compute Service (ECS) instances to the backend server groups of an SLB instance based on the Service configurations.
- By default, an ECS instance can be added to at most 50 backend server groups. To add the ECS instance to more backend server groups, apply for a quota increase in the log on to the Quota Center console and submit an application.
- By default, you can add at most 200 backend servers to an SLB instance. To add more backend servers to an SLB instance, apply for a quota increase in the log on to the Quota Center console and submit an application.
The CCM automatically creates listeners that use Service ports for SLB instances. By default, each SLB instance supports at most 50 listeners. To increase the number of listeners supported by each SLB instance, apply for a quota increase in the log on to the Quota Center console and submit an application.
For more information about the limits on SLB, see Limits on CLB and Limits on NLB.
To query the SLB resource quotas, go to the Quota Center page in the SLB console.

Step 1: Deploy an application

The following section describes how to use the kubectl command-line tool to deploy an application.

Manage Kubernetes clusters with kubectl on CloudShell.

Create a file named my-nginx.yaml and copy the following content to the file:

Show the YAML file

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx                 #The application name. 
  labels:
    app: nginx
spec:
  replicas: 3                    #The number of replicated pods. 
  selector:
    matchLabels:
      app: nginx                 #You must specify the same value in the selector parameter of the Service that is used to expose the application. 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
        ports:
        - containerPort: 80               #Expose this port in the Service.

Run the following command to deploy the my-nginx application:
```
kubectl apply -f my-nginx.yaml
```

Run the following command to check the status of the application:

kubectl get deployment my-nginx

Expected output:

NAME       READY   UP-TO-DATE   AVAILABLE   AGE
my-nginx   3/3     3            3           50s

Step 2: Use an existing SLB instance to expose the application

You can use the ACS console or kubectl to create a LoadBalancer Service to expose the application.

Method 1: Use the ACS console

Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Network > Services
On the Services page, click Create in the upper-right corner.

In the Create Service dialog box, set the required parameters.

Parameter	Description	Example
Parameter	Enter a name for the Service.	my-nginx-svc
Service Type	The type of Service. This parameter specifies how the Service is accessed.	Create Service: Service Type: SLB SLB Type: CLB Select Resource: Use Existing Resource Overwrite Existing Listeners: selected
Backend	Select the backend application that you want to associate with the Service. If you do not associate the Service with a backend application, no Endpoint object is created. You can manually associate the Service with a backend application. For more information, see services-without-selectors.	Click +Reference Workload Label and select my-nginx: Name: app Value: nginx
Port Mapping	Specify a Service port and a container port. The Service port corresponds to the `port` field in the YAML file and the container port corresponds to the `targetPort` field in the YAML file. The container port must be the same as the one that is exposed in the backend pod.	Service Port: 80 Container Port: 80 Protocol: TCP
Annotations	Add one or more annotations to the SLB instance. For more information about annotations, see Use annotations to configure CLB instances.	In this example, two annotations are added to specify the pay-by-bandwidth billing method and set the maximum bandwidth to 2 Mbit/s to limit the amount of traffic that flows through the Service. Specify the billing method: Name: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-charge-type` Value: paybybandwidth Specify the maximum bandwidth: Name: `service.beta.kubernetes.io/alibaba-cloud-loadbalancer-bandwidth` Value: 2
Label	Add one or more labels to the Service. Labels are used to identify the Service.	None

Click OK. After the Service is created, it is displayed on the Services page.
You can use the external IP address displayed in the External IP column to access the application. In this example, the external IP address is 39.106.XX.XX:80.

Method 2: Use kubectl to create a Service

Create a file named my-nginx-svc.yaml and copy the following content to the file:
- Modify the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id annotation by replacing ${YOUR_LB_ID} with the actual ID of the SLB instance that you created in the SLB console.
- If you use an existing SLB instance, CCM does not create listeners for the SLB instance or overwrite the listeners of the SLB instance by default. If you want the CCM to create new listeners or overwrite existing listeners, set service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners to true. In this example, a new SLB instance is created and new listeners must be created. Therefore, set this annotation to true. For more information about annotations, see Use annotations to configure CLB instances.
- To associate the Service with the backend application that you created, set selector to the value of the matchLabels field in the my-nginx.yaml file. In this example, the value is set to app: nginx.
```
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: ${YOUR_LB_ID} 
    service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'true'
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer
```
Run the following command to create a Service named my-nginx-svc and use the Service to expose the application:
```
kubectl apply -f my-nginx-svc.yaml
```

Run the following command to check whether the LoadBalancer Service is created:

kubectl get svc my-nginx-svc

Expected output:

NAME           TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
my-nginx-svc   LoadBalancer   172.21.5.82   39.106.XX.XX     80/TCP         5m

Run the curl <YOUR-External-IP> command to access the application. Replace YOUR-External-IP with the IP address displayed in the EXTERNAL-IP column in the preceding output.

curl 39.106.XX.XX

Expected output:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>