Configuring a LoadBalancer Ingress Using Annotations¶
You can add annotations to a YAML file for more advanced ingress functions. This section describes the annotations that can be used when you create a LoadBalancer ingress.
Interconnection with ELB¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.class | String | Select a proper load balancer type.
| v1.9 or later |
kubernetes.io/ingress.class | String |
This parameter is mandatory when an ingress is created by calling the API. For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Using kubectl to Create a LoadBalancer Ingress. | Only clusters of v1.21 or earlier |
kubernetes.io/elb.port | String | This parameter indicates the external port registered with the address of the LoadBalancer Service. The value ranges from 1 to 65535. Note Some ports are high-risk ports and are blocked by default, for example, port 21. | v1.9 or later |
kubernetes.io/elb.id | String | Mandatory when an existing load balancer is to be interconnected. ID of a load balancer. How to obtain: On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID. | v1.9 or later |
kubernetes.io/elb.ip | String | Mandatory when an existing load balancer is to be interconnected. Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer. | v1.9 or later |
kubernetes.io/elb.autocreate | Table 10 Object | Mandatory when load balancers are automatically created. Example
| v1.9 or later |
kubernetes.io/elb.subnet-id | String | Optional when load balancers are automatically created. ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
| Mandatory for clusters earlier than v1.11.7-r0 Discarded in clusters later than v1.11.7-r0 |
The following shows how to use the preceding annotations:
Associate an existing load balancer. For details, see Creating an Ingress - Interconnecting with an Existing Load Balancer.
Automatically create a load balancer. For details, see Creating an Ingress - Automatically Creating a Load Balancer.
Using HTTP/2¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.http2-enable | String | Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server. Options:
Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP. | v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later |
For details, see Configuring HTTP/2 for a LoadBalancer Ingress.
Configuring ELB Certificates¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.tls-certificate-ids | String | ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained. To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name. | v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later |
For details, see Using the ELB Certificate.
Interconnecting with HTTPS Backend Services¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.pool-protocol | String | To interconnect with HTTPS backend services, set this parameter to https. | v1.23.8, v1.25.3, or later |
For details, see Configuring HTTPS Backend Services for a LoadBalancer Ingress.
Configuring Timeout for an Ingress¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.keepalive_timeout | String | Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request. Value:
For UDP listeners, this parameter does not take effect. | Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later |
kubernetes.io/elb.client_timeout | String | Timeout for waiting for a request from a client. There are two cases:
The value ranges from 1 to 300 (in seconds). The default value is 60. This parameter is available only for HTTP and HTTPS listeners. Minimum value: 1 Maximum value: 300 Default value: 60 | Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later |
kubernetes.io/elb.member_timeout | String | Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout. The value ranges from 1 to 300 (in seconds). The default value is 60. This parameter is available only for HTTP and HTTPS listeners. Minimum value: 1 Maximum value: 300 Default value: 60 | Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later |
For details, see Configuring Timeout for a LoadBalancer Ingress.
Blocklist/Trustlist¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.acl-id | String |
| v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later |
kubernetes.io/elb.acl-status | String | Access control status. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
| v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later |
kubernetes.io/elb.acl-type | String | IP address list type. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
| v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later |
For details, see Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress.
Configuring a Custom Listening Port¶
A custom listening port can be configured for an ingress. In this way, both ports 80 and 443 can be exposed.
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.listen-ports | String | Create multiple listening ports for an ingress. The port number ranges from 1 to 65535. The following is an example for JSON characters: kubernetes.io/elb.listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
| v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later |
For example, if an existing ELB is used, the configuration is as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/elb.id: 2c623150-17bf-45f1-ae6f-384b036f547e # ID of an existing load balancer
kubernetes.io/elb.class: performance # Load balancer type
kubernetes.io/elb.listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]' # Multi-listener configuration
kubernetes.io/elb.tls-certificate-ids: 6cfb43c9de1a41a18478b868e34b0a82,6cfb43c9de1a41a18478b868e34b0a82 # HTTPS certificate configuration
name: test-https
namespace: default
spec:
ingressClassName: cce
rules:
- host: example.com
http:
paths:
- backend:
service:
name: test
port:
number: 8888
path: /
pathType: ImplementationSpecific
property:
ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
Configuring a Custom Header Forwarding Policy¶
Parameter | Type | Description | Supported Cluster Version |
---|---|---|---|
kubernetes.io/elb.headers.${svc_name} | String | Custom header of the Service associated with an ingress. ${svc_name} is the Service name. Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
| v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later |
For details, see Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress.
Parameters for Automatically Creating a Load Balancer¶
Parameter | Mandatory | Type | Description |
---|---|---|---|
name | No | String | Name of the automatically created load balancer. The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed. Default: cce-lb+service.UID |
type | No | String | Network type of the load balancer.
Default: inner |
bandwidth_name | Yes for public network load balancers | String | Bandwidth name. The default value is cce-bandwidth- The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed. |
bandwidth_chargemode | No | String | Bandwidth mode.
Default: traffic |
bandwidth_size | Yes for public network load balancers | Integer | Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region. The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
|
bandwidth_sharetype | Yes for public network load balancers | String | Bandwidth sharing mode.
|
eip_type | Yes for public network load balancers | String | EIP type.
The specific type varies with regions. For details, see the EIP console. |
vip_subnet_cidr_id | No | String | Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides. If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet. This field can be specified only for clusters of v1.21 or later. |
vip_address | No | String | Private IP address of the load balancer. Only IPv4 addresses are supported. The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block. This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions. |
available_zone | Yes | Array of strings | AZ where the load balancer is located. This parameter is available only for dedicated load balancers. |
l4_flavor_name | Yes | String | Flavor name of the layer-4 load balancer. This parameter is available only for dedicated load balancers. |
l7_flavor_name | No | String | Flavor name of the layer-7 load balancer. This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications. |
elb_virsubnet_ids | No | Array of strings | Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block. This parameter is available only for dedicated load balancers. Example: "elb_virsubnet_ids": [
"14567f27-8ae4-42b8-ae47-9f847a4690dd"
]
|
ipv6_vip_virsubnet_id | No | String | Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used. This parameter is available only for dedicated load balancers. |