tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements
Release Notes
Announcements
Release Notes
Product Introduction
Overview
Strengths
Architecture
Scenarios
Features
Concepts
Native Kubernetes Terms
Common High-Risk Operations
Regions and Availability Zones
Service Regions and Service Providers
Open Source Components
Purchase Guide
Purchase Instructions
Purchase a TKE General Cluster
Purchasing Native Nodes
Purchasing a Super Node
Getting Started
Beginner’s Guide
Quickly Creating a Standard Cluster
Examples
Container Application Deployment Check List
Cluster Configuration
General Cluster Overview
Cluster Management
Network Management
Storage Management
Node Management
GPU Resource Management
Remote Terminals
Application Configuration
Workload Management
Service and Configuration Management
Component and Application Management
Auto Scaling
Container Login Methods
Observability Configuration
Ops Observability
Cost Insights and Optimization
Scheduler Configuration
Scheduling Component Overview
Resource Utilization Optimization Scheduling
Business Priority Assurance Scheduling
QoS Awareness Scheduling
Security and Stability
TKE Security Group Settings
Identity Authentication and Authorization
Application Security
Multi-cluster Management
Planned Upgrade
Backup Center
Cloud Native Service Guide
Cloud Service for etcd
TMP
TKE Serverless Cluster Guide
TKE Registered Cluster Guide
Use Cases
Cluster
Serverless Cluster
Scheduling
Security
Service Deployment
Network
Release
Logs
Monitoring
OPS
Terraform
DevOps
Auto Scaling
Containerization
Microservice
Cost Management
Hybrid Cloud
AI
Troubleshooting
Disk Full
High Workload
Memory Fragmentation
Cluster DNS Troubleshooting
Cluster kube-proxy Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Service and Ingress Inaccessibility Troubleshooting
Common Service & Ingress Errors and Solutions
Engel Ingres appears in Connechtin Reverside
CLB Ingress Creation Error
Troubleshooting for Pod Network Inaccessibility
Pod Status Exception and Handling
Authorizing Tencent Cloud OPS Team for Troubleshooting
CLB Loopback
API Documentation
History
Introduction
API Category
Making API Requests
Elastic Cluster APIs
Resource Reserved Coupon APIs
Cluster APIs
Third-party Node APIs
Relevant APIs for Addon
Network APIs
Node APIs
Node Pool APIs
TKE Edge Cluster APIs
Cloud Native Monitoring APIs
Scaling group APIs
Super Node APIs
Other APIs
Data Types
Error Codes
TKE API 2022-05-01
FAQs
TKE General Cluster
TKE Serverless Cluster
About OPS
Hidden Danger Handling
About Services
Image Repositories
About Remote Terminals
Event FAQs
Resource Management
Service Agreement
TKE Service Level Agreement
TKE Serverless Service Level Agreement
Contact Us
Glossary
DocumentationTencent Kubernetes Engine

API Gateway TKE Tunnel Configuration

Focus Mode
Font Size
Last updated: 2024-12-23 11:30:47

Scenario

You can directly access Pods in a TKE cluster through API Gateway without passing through CLB. This document describes how to create a TKE tunnel and configure it as the backend type of an API in the console, so that requests from API Gateway go directly to the corresponding Pod of the TKE tunnel.
Feature strengths
API Gateway is directly connected to the Pods of the TKE cluster, reducing intermediate nodes (such as CLB).
A TKE tunnel can connect multiple TKE clusters at the same time.
Note
TKE tunnels are currently only supported by dedicated API Gateway instances.

Prerequisites

1. You have a dedicated instance.
2. You have a TKE cluster and have obtained its admin role.

Directions

Step 1. Create a TKE tunnel

1. Log in to the API Gateway console.
2. Select Backend Tunnel on the left sidebar and click Create.
3. On the Create Backend Tunnel page, enter the following information:
Backend Tunnel Name: Enter a custom name.
Tunnel Type: Select TKE tunnel.
VPC: Select a VPC.
Service List: Up to 20 services can be configured in the service list. The weighted round robin algorithm is used to distribute traffic among multiple Pods. The steps to configure a service are as follows:
3.1.1 Enter the weight ratio of each Pod of the service.
3.1.2 Select the cluster. If the cluster has not been authorized, API Gateway will request authorization.
3.1.3 Select a namespace in the cluster.
3.1.4 Select the service and its port.
3.1.5 Advanced options: Select additional node labels.
Backend Type: Select HTTP or HTTPS.
Host Header: Optional. It is the value of host in the request header carried in the HTTP/HTTPS request when API Gateway accesses the backend service.
Tag: Optional. A tag is used to manage resources by category from different dimensions.

Step 2. Connect the API backend to the TKE tunnel

1. On the Service page in the API Gateway console, click the target service ID to enter the API management page.
2. Click Create to create a general API.
3. Enter the frontend configuration information and click Next.
4. Select VPC resources as the backend type, select TKE tunnel as the backend tunnel type, and click Next.
5. Set the response result and click Complete.

Network Architecture

After the TKE tunnel is bound to the API, the architecture of the entire network is as follows:

API Gateway directly accesses the Pods in the TKE cluster without passing through CLB. The YAML configuration file of the cluster's httpbin service is as follows, where the selector indicates that the Pod with the tag key app and tag value httpbin is selected as the node of the TKE tunnel. Therefore, Pods on versions 1/2/3 are also nodes of the TKE tunnel.
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
    service: httpbin
spec:
  ports:
  - name: http
    port: 8000
    targetPort: 80
  selector:
    app: httpbin

Reminders

A TKE tunnel can connect up to 20 TKE services.
You should have the admin role of the TKE cluster.
The TKE tunnel and the dedicated API Gateway instance must be in the same region. Currently, API Gateway doesn't support cross-VPC access.
Next Topic: TKE General Cluster Updates (2025)

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback