Private Network Access
Overview
If you create a Service of the LoadBalancer type and configure a private network load balancer for the Service, you can use the private IP address and port of the load balancer to access the workload. This method can be used in the following scenarios: mutual access between workloads in the same namespace, mutual access between other cloud resources (such as ECSs) and CCI 2.0 workloads in the same VPC, and mutual access between workloads in different namespaces of the same VPC. Services are provided over the private network through the private IP address and port of the load balancer in the format of <private-IP-address>:<port>.
Workloads run in pods. Accessing a workload is to access the pods for that workload.
Constraints
- The load balancer must be in the same VPC as the workload.
- Only dedicated load balancers are supported.
Creating a Service for an Existing Workload
You can create a Service for a workload after it is created. Creating a Service has no impact on the workload. Once created, the Service can be used by the workload for network access immediately.
- Log in to the CCI 2.0 console.
- In the navigation pane, choose Services. On the right of the page, click Create from YAML.
- Import or add a YAML file.
The following is an example YAML file:
- Resource description in the service.yaml file
apiVersion: cci/v2 kind: Service metadata: name: kubectl-test namespace: kubectl annotations: kubernetes.io/elb.class: elb kubernetes.io/elb.id: 1234567890 # Load balancer ID. Only dedicated load balancers are supported. spec: selector: app: kubectl-test # Label of the associated workload ports: - name: service-0 targetPort: 80 # Container port port: 12222 # Access port (load balancer's port for accessing the workload) protocol: TCP # Protocol used to access the workload type: LoadBalancer
- Resource description in the service.json file
{ "apiVersion": "cci/v2", "kind": "Service", "metadata": { "name": "kubectl-test", "namespace": "kubectl", "annotations": { "kubernetes.io/elb.class": "elb", "kubernetes.io/elb.id": "1234567890" # Load balancer ID. Only dedicated load balancers are supported. } }, "spec": { "selector": { "app": "kubectl-test" # Label of the associated workload }, "ports": [ { "name": "service-0", "targetPort": 80, # Container port "port": 12222, # Access port (load balancer's port for accessing the workload) "protocol": "TCP", # Protocol used to access the workload "type": "LoadBalancer" } ] } }
- Resource description in the service.yaml file
- Click OK. Access the workload through the load balancer's private IP address and port in the format of <private-IP-address>:<port>.
Updating a Service
After you add a Service, you can update the access port of the Service.
- Log in to the CCI 2.0 console.
- In the navigation pane, choose Services. On the Services page, select the target namespace, locate the Service and click Edit YAML in the Operation column.
- Only the access port can be modified.
spec.ports[i].port indicates the access port. The port number ranges from 1 to 65535.
- Click OK. The Service will be updated for the workload.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot