Help Center/ Cloud Container Engine_Autopilot/ Getting Started/ Deploying an Nginx Workload in a CCE Autopilot Cluster

Updated on 2024-11-12 GMT+08:00

View PDF

Deploying an Nginx Workload in a CCE Autopilot Cluster

CCE Autopilot is a serverless container service. You can deploy applications without purchasing or managing nodes. This reduces O&M costs and improves application reliability and scalability. Nginx is a high-performance, open-source web server that can also be used as a reverse proxy, load balancer, and HTTP cache. Nginx is used as an example to describe how you can create a CCE Autopilot cluster and deploy a workload in the cluster.

Click to enlarge

Procedure

Step	Description	Billing
Preparations	Sign up for a HUAWEI ID and make sure you have a valid payment method configured.	Billing is not involved.
Step 1: Enable CCE for the First Time and Perform Authorization	Obtain the required permissions for your account when you use CCE in the current region for the first time.	Billing is not involved.
Step 2: Create a CCE Autopilot Cluster	Create a CCE Autopilot cluster on the CCE console to simplify the management and operations of Kubernetes clusters.	Cluster management and VPC endpoints are billed. For details, see Billing.
Step 3: Create a Workload and Access It	Create a workload in the cluster to run your containers and create a Service for the workload to enable Internet access.	Pods are billed. For details, see Billing.
Follow-up Operations: Releasing Resources	To avoid additional expenditures, release resources promptly if you no longer need them.	Billing is not involved.

Preparations

Before you start, sign up for a HUAWEI ID and complete real-name authentication. For details, see Signing Up for a HUAWEI ID and Enabling Huawei Cloud Services and Getting Authenticated.

Step 1: Enable CCE for the First Time and Perform Authorization

CCE works closely with multiple cloud services to support computing, storage, networking, and monitoring functions. When you log in to the CCE console for the first time, CCE automatically requests permissions to access those cloud services in the region where you run your applications. If you have been authorized in the current region, skip this step.

Log in to the CCE console using your HUAWEI ID.
Click in the upper left corner on the displayed page and select a region.
When you log in to the CCE console in a region for the first time, wait for the Authorization Statement dialog box to appear, carefully read the statement, and click OK.

After you agree to delegate the permissions, CCE creates an agency named cce_admin_trust in IAM to perform operations on other cloud resources and grants it the Tenant Administrator permissions. Tenant Administrator has the permissions on all cloud services except IAM. The permissions are used to call the cloud services on which CCE depends. The delegation takes effect only in the current region. You can go to the IAM console, choose Agencies, and click cce_admin_trust to view the delegation records of each region. For details, see Account Delegation.

CCE may fail to run as expected if the Tenant Administrator permissions are not assigned. Therefore, do not delete or modify the cce_admin_trust agency when using CCE.

Step 2: Create a CCE Autopilot Cluster

Create a CCE Autopilot cluster on the CCE console to simplify the management and operations of Kubernetes clusters.

Log in to the CCE console.
- If there is no cluster in your account in the current region, click Buy Cluster or Buy CCE Autopilot Cluster.
- If there is already a cluster in your account in the current region, choose Clusters in the navigation pane and then click Buy Cluster.

Configure basic cluster information.

In this example, only some mandatory parameters are described. You can keep the default values for other parameters. For details about the parameters, see Buying a CCE Autopilot Cluster.

Click to enlarge

Parameter	Example Value	Description
Type	CCE Autopilot cluster	CCE allows you to create various types of clusters for diverse needs. It provides highly reliable, secure, business-class container services. CCE standard clusters provide highly reliable and secure containers for commercial use. CCE Turbo clusters use high-performance cloud native networks and provide cloud native hybrid scheduling. Such clusters have improved resource utilization and can be used in more scenarios. CCE Autopilot clusters are serverless and O&M-free. They greatly reduce O&M costs and improve application reliability and scalability. For more information about cluster types, see Cluster Comparison.
Cluster Name	autopilot-example	Enter a name for the cluster.
Enterprise Project	default	This parameter is displayed only for enterprise users who have enabled Enterprise Project. Enterprise projects are used for cross-region resource management and make it easy to centrally manage resources by department or project team. For more information, see Project Management. Select an enterprise project as needed. If there is no special requirement, you can select default.
Cluster Version	v1.28	Select the Kubernetes version for the cluster. You are advised to select the latest version.

Configure the network information.

In this example, only some mandatory parameters are described. You can keep the default values for other parameters. For details about the parameters, see Buying a CCE Autopilot Cluster.

Click to enlarge

Parameter	Example Value	Description
VPC	vpc-autopilot	Select the VPC where the cluster is located. If no option is available, click Create VPC to create one. For details, see Creating a VPC and Subnet . The VPC cannot be changed after the cluster is created.
Pod Subnet	subnet-502f	Select the subnet where the container is located. If no option is available, click Create Subnet to create one. For details, see Creating a VPC and Subnet . The container subnet determines the maximum number of containers in a cluster. You can add more subnets after the cluster is created.
Service CIDR Block	10.247.0.0/16	Specify the CIDR block for the Service. This CIDR block determines the maximum number of IP addresses that can be used by the Service and is used by containers in the same cluster to access each other. The Service CIDR block cannot be changed after the cluster is created.
Image Access	-	To ensure that the nodes in a cluster can pull images from SWR, existing endpoints in the selected VPC are used by default. If there are no endpoints in the VPC, CCE automatically creates the endpoints for SWR and OBS. VPC endpoints are billed. For details, see VPC Endpoint Price Calculator.
SNAT	Enabled	This option is enabled by default, and the cluster can access the Internet through a NAT gateway. By default, an existing NAT gateway in the selected VPC is used. If there are no NAT gateways, CCE automatically creates a NAT gateway with default specifications, binds an EIP to the NAT gateway, and configures an SNAT rule. The NAT gateway will be billed. For details, see NAT Gateway Price Calculator.

Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.

This example only includes the mandatory add-ons that are automatically installed.
Click Next: Add-on Configuration to configure the selected add-ons. Mandatory add-ons cannot be configured.

In this example, only mandatory add-ons are installed.
Click Next: Confirm configuration, check the displayed cluster resource list, and click Submit.

It takes about 5 to 10 minutes to create a cluster.

After the cluster is created, the cluster is in the Running state.

Step 3: Create a Workload and Access It

You can create a workload in a cluster to deploy Nginx in containers for high resource utilization and automatic management. You also need to create a Service of the LoadBalancer type for the workload so that the workload can be accessed from the public network. You can use either of the following methods to create and access the Nginx workload.

Log in to the CCE console and click the cluster name to access the cluster console.
In the navigation pane, choose Workloads. In the upper right corner, click Create Workload.

Configure the basic information about the workload.

In this example, only some mandatory parameters are described. You can keep the default values for other parameters. For details about the parameters, see Creating a Workload. You can select a reference document based on the workload type.

Click to enlarge

Parameter	Example Value	Description
Workload Type	Deployment	A workload defines the creation, status, and lifecycle of pods. By creating a workload, you can manage and control the behavior of multiple pods, such as scaling, updating, and restoration. Deployment: runs a stateless application. It supports online deployment, rolling upgrade, replica creation, and restoration. StatefulSet: runs a stateful application. Each pod for running the application has an independent state. Job: a one-off job. After the job is complete, the pods are automatically deleted. CronJob: a time-based job runs a specified job in a specified period. For more information about workloads, see Workload Overview. Nginx is mainly used to forward requests, balance loads, and distribute static content. You do not need to store any Nginx persistent data locally. Therefore, Nginx is deployed as a Deployment in this example.
Workload Name	nginx	Enter a name for the workload.
Namespace	default	A namespace is a conceptual grouping of resources or objects. Each namespace provides isolation for data from other namespaces. After a cluster is created, the default namespace is created by default. If there is no special requirement, select default.
Pods	1	Enter the number of pods.

Configure the containers.

Click to enlarge

Parameter	Example Value	Description
Image Name	nginx	Click Select Image. In the displayed dialog box, click the Open Source Images tab and select a public image.
Image Tag	latest	Select the required image tag.
CPU Quota	0.25 cores	Specify the CPU limit, which defines the maximum number of CPU cores that can be used by a container. The default value is 0.25 cores.
Memory Quota	512 MiB	Specify the memory limit, which is the maximum memory available for a container. The default value is 512 MiB. If the memory exceeds 512 MiB, the container will be terminated.

Specify the Service settings.

Click the plus sign (+) under Service Settings. The Create Service page is displayed.

In this example, external access to Nginx is required. So you need to create a Service of the LoadBalancer type.

In this example, only some mandatory parameters are described. You can keep the default values for other parameters. For details about the parameters, see Service . Select a reference document based on the Service type.

Click to enlarge

Parameter	Example Value	Description
Service Name	nginx	Enter a name for the Service.
Service Type	LoadBalancer	Select a Service type, which determines how the workload is accessed. ClusterIP: The workload can only be accessed using IP addresses in the cluster. LoadBalancer: The workload can be accessed from the public network through a load balancer. For more information about the Service types, see Service.
Load Balancer	Dedicated Network (TCP/UDP) & Application (HTTP/HTTPS) Use existing elb-nginx	Select Use existing if there is a load balancer available. NOTE: You can only select a dedicated load balancer that is in the same VPC as the cluster and handles network traffic. If there is no available load balancer, select Auto create to create one with an EIP bound. For details, see Creating a LoadBalancer Service.
Ports	Protocol: TCP	Protocol: Select a protocol for the load balancer listener.
	Container Port: 80	Container Port: Enter the port on which the application listens. This port must be the same as the listening port provided by the application for external systems. If the nginx image is used, set this port to 80.
	Service Port: 8080	Service Port: Enter a custom port. The load balancer will use this port as the listening port to provide an entry for external traffic.

Click Create Workload.

After the Deployment is created, it is in the Running state in the Deployment list.
Obtain the external access address of Nginx.

Click the name (nginx) of the workload to go to its details page. On the Access Mode tab, view the access address in the format of {EIP bound to the load balancer}:{Access port}.
In the address box of your browser, enter {EIP bound to the load balancer}:{Access port} to access the application.

Command line operations are required. You can perform related operations in either of the following ways:

Perform operations using CloudShell. You need to ensure kubectl has been configured in CloudShell and the cluster has been connected using CloudShell. For details, see Connecting to a Cluster Using CloudShell.
Perform operations on the ECS that is in the same VPC as the cluster and with an EIP bound. For details, see Purchasing and Using a Linux ECS. You also need to install kubectl and connect to the cluster through kubectl.

The following uses the first method as an example to describe how you can use kubectl to create an Nginx workload.

Click the cluster name to access the cluster console.
In the upper right corner, click Kubectl CloudShell to access CloudShell.

Using CloudShell to connect to a cluster is only available in some regions. For details, see the management console.

Create a YAML file for creating a workload. In this example, the file name is nginx-deployment.yaml. You can change it as needed.

vim nginx-deployment.yaml

The file content is as follows:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx     # Workload name
spec:
  replicas: 1     # Number of pods
  selector:
    matchLabels:  # Selector for selecting resources with specific labels
      app: nginx  
  template:
    metadata:
      labels:     # Labels
        app: nginx
    spec:
      containers:
      - image: nginx:latest   # {Image name}:{Image tag}
        name: nginx
      imagePullSecrets:
      - name: default-secret

Press Esc to exit editing mode and enter :wq to save the file.

Run the following command to create the workload:
```
kubectl create -f nginx-deployment.yaml
```
If information similar to the following is displayed, the workload is being created:
```
deployment.apps/nginx created
```

Run the following command to check the workload status:

kubectl get deployment

If the value of READY is 1/1, the pod created for the workload is available. This means the workload has been created.

NAME     READY   UP-TO-DATE   AVAILABLE   AGE
nginx    1/1     1            1           4m59s

The following table describes the parameters in the command output.

Parameter	Example Value	Description
NAME	nginx	Workload name.
READY	1/1	The number of available pods/desired pods for the workload.
UP-TO-DATE	1	The number of pods that have been updated for the workload.
AVAILABLE	1	The number of pods available for the workload.
AGE	4m59s	How long the workload has run.

Create a Service of the LoadBalancer type for the workload.

An existing load balancer is used to create the Service.To automatically create a load balancer, see Using kubectl to Create a Load Balancer.

Create a YAML file for creating the Service. In this example, the file name is nginx-elb-svc.yaml. You can change it as needed.

vim nginx-elb-svc.yaml

The file content is as follows:

apiVersion: v1 
kind: Service 
metadata: 
  name: nginx      # Service name
  annotations:
    kubernetes.io/elb.id: <your_elb_id>          # Load balancer ID. Replace it with the actual value.
    kubernetes.io/elb.class: performance         # Load balancer type
spec:
  selector: 
     app: nginx
  ports: 
  - name: service0 
    port: 8080     
    protocol: TCP 
    targetPort: 80  
  type: LoadBalancer

Press Esc to exit editing mode and enter :wq to save the file.

Parameter	Example Value	Description
kubernetes.io/elb.id	405ef586-0397-45c3-bfc4-xxx	ID of an existing load balancer. NOTE: You can only select a dedicated load balancer that is in the same VPC as the cluster and handles network traffic. In the navigation pane of the network console, choose Elastic Load Balance > Load Balancers. Locate the load balancer. The ID is displayed below the name.
kubernetes.io/elb.class	performance	Load balancer type. The value can only be performance, which means that only dedicated load balancers are supported.
selector	app: nginx	Selector, which is used by the Service to send traffic to pods with specific labels. NOTICE: The value must be the same as that of matchLabels in the YAML file for creating the workload. In this example, the value is app: nginx.
ports.port	8080	The port used by the load balancer as an entry for external traffic. You can use any port.
ports.protocol	TCP	Protocol for the load balancer listener.
ports.targetPort	80	Port used by a Service to access the target container. This port is closely related to the applications running in the container. If the nginx image is used, set this port to 80.

Run the following command to create a Service:
```
kubectl create -f nginx-elb-svc.yaml
```
If information similar to the following is displayed, the Service has been created:
```
service/nginx created
```

Run the following command to check the Service:

kubectl get svc

If information similar to the following is displayed, the workload access mode has been configured:

NAME         TYPE           CLUSTER-IP     EXTERNAL-IP                  PORT(S)          AGE
kubernetes   ClusterIP      10.247.0.1     <none>                       443/TCP          18h
nginx        LoadBalancer   10.247.56.18   xx.xx.xx.xx,xx.xx.xx.xx      8080:30581/TCP   5m8s

In the address box of your browser, enter {External access address}:{Service port} to access the workload. The external access address is the first IP address displayed for EXTERNAL-IP, and the Service port is 8080.

Follow-up Operations: Releasing Resources

To avoid additional expenditures, release resources promptly if you no longer need them.

Log in to the CCE console. In the navigation pane, choose Clusters.
Locate the cluster, click in the upper right corner of the cluster card, and click Delete Cluster.
In the displayed Delete Cluster dialog, select all resources to be deleted, including the NAT gateway, EIP configured for the SNAT rule, and endpoints.
Enter DELETE and click Yes to start deleting the cluster.

It takes 1 to 3 minutes to delete a cluster.

Next topic: Scaling a Workload Using an HPA Policy

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot