tencent cloud


TKE Upstream Configuration

Last updated: 2022-07-08 16:23:25


    You can directly access Pods in a TKE cluster through API Gateway without passing through CLB. This document describes how to create a TKE upstream and configure it as the backend type of an API in the console, so that requests from API Gateway go directly to the corresponding Pod of the TKE upstream.


    • API Gateway is directly connected to the Pods of the TKE cluster, reducing intermediate nodes (such as CLB).
    • A TKE upstream can connect multiple TKE clusters at the same time.

    TKE upstreams are currently only supported by dedicated API Gateway instances.


    1. You have a dedicated instance.
    2. You have an TKE cluster and have obtained its admin role.


    Step 1. Create a TKE upstream

    1. Log in to the API Gateway console.
    2. Select Backend Upstream on the left sidebar and click Create.
    3. On the Create Backend Upstream page, enter the following information:
      • Backend Upstream Name: Enter a custom name.
      • Upstream Type: Select TKE upstream.
      • VPC: Select a VPC.
      • Service List: Up to 20 services can be configured in the service list. The weighted round robin algorithm is used to distribute traffic among multiple Pods. The steps to configure a service are as follows:
        1. Enter the weight ratio of each Pod of the service.
        2. Select the cluster. If the cluster has not been authorized, API Gateway will request authorization.
        3. Select a namespace in the cluster.
        4. Select the service and its port.
        5. Advanced options: Select additional node labels.
      • Backend Type: Select HTTP or HTTPS.
      • Host Header: It is optional and is the value of host in the request header carried in the HTTP/HTTPS request when API Gateway accesses the backend service.
      • Tags: They are optional and manage resources by category in different dimensions.

    Step 2. Connect the API backend to the TKE upstream

    1. On the Service page in the API Gateway console, click the target service ID to enter the API management page.
    2. Click Create to create a general API.
    3. Enter the frontend configuration information and click Next.
    4. Select VPC resources as the backend type, select TKE upstream as the backend upstream type, and click Next.
    5. Set the response result and click Complete.

    Network Architecture

    After the TKE upstream is bound to the API, the architecture of the entire network is as follows:

    API Gateway directly accesses the Pods in the TKE cluster without passing through CLB. The YAML configuration file of the cluster's httpbin service is as follows, where the selector indicates that the Pod with the tag key app and tag value httpbin is selected as the node of the TKE upstream. Therefore, Pods on versions 1/2/3 are also nodes of the TKE upstream.

    apiVersion: v1
    kind: Service
     name: httpbin
       app: httpbin
       service: httpbin
     - name: http
       port: 8000
       targetPort: 80
       app: httpbin


    • A TKE upstream can connect up to 20 TKE services.
    • You should have the admin role of the TKE cluster.
    • The TKE upstream and the dedicated API Gateway instance must be in the same region. Currently, API Gateway doesn't support cross-VPC access.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support