tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements
Release Notes
Announcements
Release Notes
Product Introduction
Overview
Strengths
Architecture
Scenarios
Features
Concepts
Native Kubernetes Terms
Common High-Risk Operations
Regions and Availability Zones
Service Regions and Service Providers
Open Source Components
Purchase Guide
Purchase Instructions
Purchase a TKE General Cluster
Purchasing Native Nodes
Purchasing a Super Node
Getting Started
Beginner’s Guide
Quickly Creating a Standard Cluster
Examples
Container Application Deployment Check List
Cluster Configuration
General Cluster Overview
Cluster Management
Network Management
Storage Management
Node Management
GPU Resource Management
Remote Terminals
Application Configuration
Workload Management
Service and Configuration Management
Component and Application Management
Auto Scaling
Container Login Methods
Observability Configuration
Ops Observability
Cost Insights and Optimization
Scheduler Configuration
Scheduling Component Overview
Resource Utilization Optimization Scheduling
Business Priority Assurance Scheduling
QoS Awareness Scheduling
Security and Stability
TKE Security Group Settings
Identity Authentication and Authorization
Application Security
Multi-cluster Management
Planned Upgrade
Backup Center
Cloud Native Service Guide
Cloud Service for etcd
TMP
TKE Serverless Cluster Guide
TKE Registered Cluster Guide
Use Cases
Cluster
Serverless Cluster
Scheduling
Security
Service Deployment
Network
Release
Logs
Monitoring
OPS
Terraform
DevOps
Auto Scaling
Containerization
Microservice
Cost Management
Hybrid Cloud
AI
Troubleshooting
Disk Full
High Workload
Memory Fragmentation
Cluster DNS Troubleshooting
Cluster kube-proxy Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Service and Ingress Inaccessibility Troubleshooting
Common Service & Ingress Errors and Solutions
Engel Ingres appears in Connechtin Reverside
CLB Ingress Creation Error
Troubleshooting for Pod Network Inaccessibility
Pod Status Exception and Handling
Authorizing Tencent Cloud OPS Team for Troubleshooting
CLB Loopback
API Documentation
History
Introduction
API Category
Making API Requests
Elastic Cluster APIs
Resource Reserved Coupon APIs
Cluster APIs
Third-party Node APIs
Relevant APIs for Addon
Network APIs
Node APIs
Node Pool APIs
TKE Edge Cluster APIs
Cloud Native Monitoring APIs
Scaling group APIs
Super Node APIs
Other APIs
Data Types
Error Codes
TKE API 2022-05-01
FAQs
TKE General Cluster
TKE Serverless Cluster
About OPS
Hidden Danger Handling
About Services
Image Repositories
About Remote Terminals
Event FAQs
Resource Management
Service Agreement
TKE Service Level Agreement
TKE Serverless Service Level Agreement
Contact Us
Glossary
DokumentasiTencent Kubernetes EngineApplication ConfigurationService and Configuration Management Service ManagementService Extension Protocol

Service Extension Protocol

PDF
Mode fokus
Ukuran font
Terakhir diperbarui: 2024-12-23 11:41:09

Protocols Supported by Services by Default

A Service is a mechanism and abstraction through which Kubernetes exposes applications outside the cluster. You can access the applications in a cluster through a Service.
Notes
For access in direct access mode, there are no restrictions on the use of extension protocols, and TCP and UDP protocols can be used together.
In non-direct access scenarios, ClusterIP and NodePort modes can be used together. However, the community has restrictions on Services of the LoadBalancer type, and only protocols of the same type can be used currently.
When LoadBalancer is declared as TCP, the port can use the capabilities of extension protocols to change the protocol of CLB to TCP_SSL, HTTP, or HTTPS.
When LoadBalancer is declared as UDP, the port can use the capabilities of extension protocols to change the protocol of CLB to UDP.

TKE Extension of Service Forwarding Protocols

In addition to the rules of the protocols supported by a native Service, a Service needs to support the hybrid use of TCP and UDP as well as the TCP SSL, HTTP, and HTTPS protocols in certain scenarios. TKE extends the support for more protocols in LoadBalancer mode.

Prerequisites

Extension protocols are only effective for Services in LoadBalancer mode.
An extension protocol describes the relationship between the protocol and the port through an annotation.
The relationship between the extension protocol and the annotation is as follows:
When the port described in Service Spec is not covered in the annotation of the extension protocol, Service Spec will be configured according to your declaration.
When the port described in the annotation of the extension protocol does not exist in Service Spec, the configuration will be ignored.
When the port described in the annotation of the extension protocol exists in Service Spec, the protocol configuration declared in Service Spec will be overwritten.

Annotation name

service.cloud.tencent.com/specify-protocol

Sample annotations of extension protocols

Sample for TCP_SSL
Sample for HTTP
Sample for HTTPS
Sample for TCP/UDP
Sample for hybrid use
QUIC
{"80":{"protocol":["TCP_SSL"],"tls":"cert-secret"}}
{"80":{"protocol":["HTTP"],"hosts":{"a.tencent.com":{},"b.tencent.com":{}}}}
 {"80":{"protocol":["HTTPS"],"hosts":{"a.tencent.com":{"tls":"cert-secret-a"},"b.tencent.com":{"tls":"cert-secret-b"}}}}
{"80":{"protocol":["TCP","UDP"]}} # Only supported in direct access mode. For more information, visit https://www.tencentcloud.com/document/product/457/36837. 
 {"80":{"protocol":["TCP_SSL","UDP"],"tls":"cert-secret"}} # Only supported in direct access mode. For more information, visit https://www.tencentcloud.com/document/product/457/36837. 
{"80":{"protocol":["QUIC"],"tls":"cert-secret"}}
Notes
The field cert-secret in TCP_SSL and HTTPS indicates that a certificate must be specified when you use the protocol. The certificate is an Opaque type Secret, the key of Secret is qcloud_cert_id, and the value is the certificate ID. For details, see Ingress Certificate Configuration.

Extension protocol use instructions

Use instructions of extension protocol `YAML`
Use instructions of extension protocols in the console
apiVersion: v1
kind: Service
metadata:
  annotations:  
    service.cloud.tencent.com/specify-protocol: '{"80":{"protocol":["TCP_SSL"],"tls":"cert-secret"}}' # To use other protocols, change the value in the key-value pair to the above content
  name: test
   ....
If you expose a Service in the form of "public network CLB" or "private network CLB" when creating it, in modes other than direct access mode, only TCP and TCP SSL can be used together in Port Mapping as shown below:

When the Service is in "ClusterIP" or "NodePort" mode, any protocols can be used together.
If you are using services with CLB-to-Pod direct access mode, hybrid use of any protocols is supported.

Cases

A native Service does not support hybrid use of protocols. Upon some special modifications, TKE supports hybrid use of protocols in CLB-to-Pod direct access mode.
Please note that the same protocol is used in YAML, but you can specify the protocol type for each port via the annotation. In the sample below, port 80 uses the TCP protocol, and port 8080 uses the UDP protocol.
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.cloud.tencent.com/direct-access: "true"  # TKE Serverless clusters default to use the CLB-to-Pod direct access mode. For TKE clusters, you must enable the CLB-to-Pod direct access mode with reference to the document.
    service.cloud.tencent.com/specify-protocol: '{"80":{"protocol":["TCP"]},"8080":{"protocol":["UDP"]}}'   # It specifies that port 80 uses the TCP protocol, and port 8080 uses the UDP protocol.
  name: nginx
spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: tcp-80-80
    nodePort: 32150
    port: 80
    protocol: TCP 
    targetPort: 80
  - name: udp-8080-8080
    nodePort: 31082
    port: 8080
    protocol: TCP # Note: Only the same type of protocols can be used because of the limits of Kubernetes Service Controller.
    targetPort: 8080 
  selector:
    k8s-app: nginx
    qcloud-app: nginx
  sessionAffinity: None
  type: LoadBalancer

Topik sebelumnya: Multiple Services Sharing a CLBTopik selanjutnya: Service Annotation

Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan