Configuring HTTP/HTTPS for a LoadBalancer Service
Notes and Constraints
- Only clusters of v1.19.16 or later support HTTP or HTTPS.
Table 1 Scenarios where a load balancer supports HTTP or HTTPS ELB Type
Application scenario
Whether to Support HTTP or HTTPS
Description
Dedicated load balancer
Interconnecting with an existing load balancer
Supported
- For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10 and v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
- For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
Automatically creating a load balancer
Supported
- For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10 and v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
- For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
- Do not connect an ingress and a Service that uses HTTP or HTTPS to the same listener of the same load balancer. Otherwise, a port conflict occurs.
Using kubectl
If a Service uses the HTTP or HTTPS protocol, it is important to take note of the following configuration requirements:
- Different ELB types and cluster versions have different requirements on flavors. For details, see Table 1.
- The two ports in spec.ports must correspond to those in kubernetes.io/elb.protocol-port. In this example, ports 443 and 80 are enabled with HTTPS and HTTP, respectively.
The following is a configuration example for automatically creating a dedicated load balancer, in which key configurations are marked in red:
apiVersion: v1
kind: Service
metadata:
annotations:
# Specify the Layer 4 and Layer 7 flavors in the parameters for automatically creating a load balancer.
kubernetes.io/elb.autocreate: '
{
"type": "public",
"bandwidth_name": "cce-bandwidth-1634816602057",
"bandwidth_chargemode": "bandwidth",
"bandwidth_size": 5,
"bandwidth_sharetype": "PER",
"eip_type": "5_bgp",
"available_zone": [
""
],
"l7_flavor_name": "L7_flavor.elb.s2.small",
"l4_flavor_name": "L4_flavor.elb.s1.medium"
}'
kubernetes.io/elb.class: performance # Dedicated load balancer
kubernetes.io/elb.protocol-port: "https:443,http:80" # HTTP/HTTPS and port number, which must be the same as the port numbers in spec.ports
kubernetes.io/elb.cert-id: "17e3b4f4bc40471c86741dc3aa211379" # Certificate ID of the LoadBalancer Service
labels:
app: nginx
name: test
name: test
namespace: default
spec:
ports:
- name: cce-service-0
port: 443
protocol: TCP
targetPort: 80
- name: cce-service-1
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
version: v1
sessionAffinity: None
type: LoadBalancer
|
Parameter |
Type |
Description |
|---|---|---|
|
kubernetes.io/elb.protocol-port |
String |
If a Service is TLS/HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port". Specifically:
In this example, ports 443 and 80 are enabled with HTTPS and HTTP, respectively. Therefore, the parameter value is https:443,http:80. |
|
kubernetes.io/elb.cert-id |
String |
ID of an ELB certificate, which is used as the TLS/HTTPS server certificate. To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
