Workloads in a CCE cluster can access each other and can be accessed from the Internet.
- Workloads can access each other through ClusterIP (the virtual IP address of a cluster) and NodePort (a node IP address).
Table 1 Internal access description
Access Type |
Description |
Guide |
ClusterIP (the virtual IP address of a cluster) |
Used for mutual access between workloads in a cluster. For example, if a backend workload needs to communicate with a frontend workload, use this access type.
When this access type is selected, a cluster IP address is automatically allocated. |
- Container port: the port on a container on which the workload listens. The container port varies with the service. Typically, a container port is specified in the container image.
- Service port: the port configured for the workload after the workload was associated with a Service. Enter an integer from 1 to 65535. Workloads in a cluster can access each other through {Cluster IP}:{Access port number}.
|
NodePort (through a node IP address) |
The workload can be accessed through {Node IP address}:{Node port number}. If an EIP is bound to the node, the workload can be accessed from the external networks. |
-
Container port: the port on a container on which the workload listens. The container port varies with the service. Typically, a container port is specified in the container image.
- Service port: the port configured for the workload after the workload was associated with a Service. Enter an integer from 1 to 65535.
- Node port: the port on the node to which the container is mapped. After the configuration is complete, an actual port is open on all nodes in the project to which the user belongs. The workload can be accessed through {Node IP}:{Node port number}.
If there are no special requirements, select Automatically generated so that the system automatically assigns an access port. If you select Specified port, enter an integer ranging from 30000 to 32767 and ensure that the value is unique in the cluster.
|
- A workload can be accessed from the Internet through NodePort (using an EIP), LoadBalancer, or DNAT.
Table 2 External access description
Access Type |
Description |
Guide |
NodePort (using an EIP) |
If the node where the workload runs is bound with an EIP, the workload can be accessed through {Node EIP}:{Node port number}. The workload can then be accessed from the Internet. |
-
Container port: the port on a container on which the workload listens. The container port varies with the service. Typically, a container port is specified in the container image.
- Service port: the port configured for the workload after the workload was associated with a Service. Enter an integer from 1 to 65535.
- Node port: the port on the node to which the container is mapped. After the configuration is complete, an actual port is open on all nodes in the project to which the user belongs. The workload can be accessed through {Node IP}:{Node port number}.
If there are no special requirements, select Automatically generated so that the system automatically assigns an access port. If you select Specified port, enter an integer ranging from 30000 to 32767 and ensure that the value is unique in the cluster.
|
LoadBalancer |
ELB automatically distributes access traffic to multiple nodes to balance their service load. It supports higher levels of fault tolerance for workloads and expands workload service capabilities.
You need to create an ELB instance in advance and select ELB as the CCE access type. |
- Container port: the port on a container on which the workload listens. The container port varies with the service. Typically, a container port is specified in the container image.
- Service port: the port registered with a load balancer. Enter an integer ranging from 1 to 65535. External users can use {Virtual IP address of the load balancer }:{Service port number} to access the workload.
|
DNAT |
NAT gateways provide network address translation (NAT) for cloud servers so that multiple cloud servers can share an EIP.
You need to buy a public NAT gateway in advance. |
- Container port: the port on a container on which the workload listens. The container port varies with the service. Typically, a container port is specified in the container image.
- Service port: the port registered on your NAT gateway. Enter an integer ranging from 1 to 65535. The system automatically creates DNAT rules. External users can access the workload through {EIP of the NAT gateway}:{Service port number}.
|