Updated on 2025-06-26 GMT+08:00

Private Network Access

Overview

If you create a Service of the LoadBalancer type and configure a private network load balancer for the Service, you can use the private IP address and port of the load balancer to access the workload. This method can be used in the following scenarios: mutual access between workloads in the same namespace, mutual access between other cloud resources (such as ECSs) and CCI 2.0 workloads in the same VPC, and mutual access between workloads in different namespaces of the same VPC. Services are provided over the private network through the private IP address and port of the load balancer in the format of <private-IP-address>:<port>.

Workloads run in pods. Accessing a workload is to access the pods for that workload.

Constraints

  • The load balancer must be in the same VPC as the workload.
  • Only dedicated load balancers are supported.

Creating a Service for an Existing Workload

You can create a Service for a workload after it is created. Creating a Service has no impact on the workload. Once created, the Service can be used by the workload for network access immediately.

  1. Log in to the CCI 2.0 console.
  2. In the navigation pane, choose Services. On the right of the page, click Create from YAML.
  3. Import or add a YAML file.

    The following is an example YAML file:

    • Resource description in the service.yaml file
      apiVersion: cci/v2
      kind: Service
      metadata:
        name: kubectl-test
        namespace: kubectl
        annotations:
          kubernetes.io/elb.class: elb
          kubernetes.io/elb.id: 1234567890 # Load balancer ID. Only dedicated load balancers are supported.
      spec:
        selector:
          app: kubectl-test # Label of the associated workload
        ports:
          - name: service-0
            targetPort: 80   # Container port
            port: 12222      # Access port (load balancer's port for accessing the workload)
            protocol: TCP     # Protocol used to access the workload
        type: LoadBalancer
    • Resource description in the service.json file
      {
      	"apiVersion": "cci/v2",
      	"kind": "Service",
      	"metadata": {
      		"name": "kubectl-test",
      		"namespace": "kubectl",
      		"annotations": {
                              "kubernetes.io/elb.class": "elb",
      			"kubernetes.io/elb.id": "1234567890"  # Load balancer ID. Only dedicated load balancers are supported.
      		}
      	},
      	"spec": {
      		"selector": {
      			"app": "kubectl-test" # Label of the associated workload
      		},
      		"ports": [
      			{
      				"name": "service-0",
      				"targetPort": 80,     # Container port
      				"port": 12222,        # Access port (load balancer's port for accessing the workload)
      				"protocol": "TCP",    # Protocol used to access the workload
      				"type": "LoadBalancer"
      			}
      		]
      	}
      }

  4. Click OK. Access the workload through the load balancer's private IP address and port in the format of <private-IP-address>:<port>.

Updating a Service

After you add a Service, you can update the access port of the Service.

  1. Log in to the CCI 2.0 console.
  2. In the navigation pane, choose Services. On the Services page, select the target namespace, locate the Service and click Edit YAML in the Operation column.
  3. Only the access port can be modified.

    spec.ports[i].port indicates the access port. The port number ranges from 1 to 65535.

  4. Click OK. The Service will be updated for the workload.