New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Alicloud Provider support which include SLB with https http h… #40334

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
8 participants
@aoxn
Contributor

aoxn commented Jan 24, 2017

Alicloud Provider

Alicloud provider enbales you with AlibabaCloud SLB capability. It support the most recent CloudProvider interface. And it is convenient in shifting to the newly controller based cloudprovider model.
You can create kubernetes service with SLB support. Through kubernetes annotation, you can define the SLB behavior by yourself, like supporting https ,health checking, bandwidth, address type .etc.
Storage support is in progress.

Configuration

Cloud config

Suppose configuration file located in /root/alicloud.conf

{
    "global": {
     "accessKeyID": "replace with your own access key id",
     "accessKeySecret": "replace with your own access key id",
     "kubernetesClusterTag": "hangzhou-kube",
     "region": "cn-hangzhou"
   }
}
  • accessKeyID and accessKeySecret must be provided for SLB creation matters.
  • region must be provided if you are in classic network. If your ECS located in VPC network, region won`t be nesscery. Thus, driver will detect it automatically.
  • Finally, set kubelet, controller-manager, api-server start parameters with --cloud-provider=alicloud --cloud-config=/root/alicloud.conf

Service configuration

See a demo with https LB. Suppose service filename is service.yml.

  • First, set service type:LoadBalancer ;
  • Second, set SLB to use https:443 protocol and port by annotate the service with "service.beta.kubernetes.io/alicloud-loadbalancer-ProtocolPort":"https:443". Remember, enable https feature needs cert file. You need to upload an certificate to AlibabaCloud first before you can use it. Once certificate has been uploaded, you can designate CertID with annotation "service.beta.kubernetes.io/alicloud-loadbalancer-CertID" : "1694972343341318_1593a66ec58".
  • Third, Adjust you SLB behavior with other annotation, like Bandwidth, AddressType,HealthCheckFlag.
  • Finally, kubectl apply -f service.yml. Once finished, your service file would look like something below.
{
    "kind": "Service",
    "apiVersion": "v1",
    "metadata": {
        "name": "my-service",
        "annotations": {
			   "service.beta.kubernetes.io/alicloud-loadbalancer-ProtocolPort" : "https:443",
			   "service.beta.kubernetes.io/alicloud-loadbalancer-Bandwidth" : "60",
			   "service.beta.kubernetes.io/alicloud-loadbalancer-CertID" : "1694972343341318_1593a66ec58",
			   "service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckFlag": "on",
			   "service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckInterval": "10"
		}
    },
    "spec": {
        "selector": {
            "app": "my-nginx"
        },
        "ports": [
            {
                "name": "http",
                "protocol": "TCP",
                "port": 443,
                "targetPort": 80
            }
        ],
        "type": "LoadBalancer"
    }
}

Enjoy you roll!

Annotations

Alicloud Provider support SLB with planty of features through annotations. Pls note for it is case sensitive.

Annotation Description Default
service.beta.kubernetes.io/alicloud-loadbalancer-ProtocolPort comma separated pair like "https:443,http:80" none
service.beta.kubernetes.io/alicloud-loadbalancer-AddressType Be "internet" or "intranet" "internet"
service.beta.kubernetes.io/alicloud-loadbalancer-ChargeType Be "paybytraffic" or "payby bandwidth" "paybybandwidth"
service.beta.kubernetes.io/alicloud-loadbalancer-Region Which region this SLB in
service.beta.kubernetes.io/alicloud-loadbalancer-Bandwidth SLB bandwidth 50
service.beta.kubernetes.io/alicloud-loadbalancer-CertID certification id on AlibabaCloud, you need to upload first ""
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckFlag "on" or "off" "off" tcp no need for this mark because it default to "on"
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckType see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckURI see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckConnectPort see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-HealthyThreshold see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-UnhealthyThreshold see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckInterval see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckConnectTimeout see HealthCheck
service.beta.kubernetes.io/alicloud-loadbalancer-HealthCheckTimeout see HealthCheck
Add Alicloud Provider support which include SLB with https http heal…
…thcheck . Also with various SLB parameters setting support.

Signed-off-by: yaoyao.xyy <yaoyao.xyy@alibaba-inc.com>
@k8s-ci-robot

This comment has been minimized.

Contributor

k8s-ci-robot commented Jan 24, 2017

Hi @spacexnice. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with @k8s-bot ok to test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-reviewable

This comment has been minimized.

k8s-reviewable commented Jan 24, 2017

This change is Reviewable

@k8s-merge-robot

This comment has been minimized.

Contributor

k8s-merge-robot commented Jan 24, 2017

[APPROVALNOTIFIER] Needs approval from an approver in each of these OWNERS Files:

We suggest the following people:
cc @lavalamp
You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@aoxn

This comment has been minimized.

Contributor

aoxn commented Jan 24, 2017

/approve

@bgrant0607 bgrant0607 assigned thockin and unassigned brendandburns Jan 24, 2017

@bgrant0607

This comment has been minimized.

Member

bgrant0607 commented Jan 24, 2017

@thockin Are we adding new in-tree cloudproviders at this point?

@thockin

This comment has been minimized.

Member

thockin commented Jan 24, 2017

Hi @spacexnice - thanks for the PR. I am super excited to get alicloud on-board, but we're not taking new in-tree providers right now. We're in the process of moving all of the CloudProvider code out of the main repository and into separate per-provider binaries. As such, we can not merge this PR.

If you have any free time to help, I am sure @wlan0 could use some help - he's driving the very large refactoring needed to make this happen. In the mean time, you can run almost all of this as a set of standalone controllers, rather than being plugged into the main controller loops. This is how everyone (even Google Cloud) will operate in the future.

@thockin thockin closed this Jan 24, 2017

@aoxn

This comment has been minimized.

Contributor

aoxn commented Feb 27, 2017

@thockin Pretty much thanks! @wlan0 Is there anything i can do to help?

@Crazykev

This comment has been minimized.

Contributor

Crazykev commented May 15, 2017

Hi @thockin @wlan0 Is there any open issue or discussion about where these separate CloudProvider codes should be? I also want to bring AliCloud other feature support to kubernetes.

We're in the process of moving all of the CloudProvider code out of the main repository and into separate per-provider binaries.

Is this done already? If there is anything I can help, please let me know.

@Crazykev

This comment has been minimized.

Contributor

Crazykev commented May 15, 2017

Hi @spacexnice are you still working on this? Very glad to help.

@aoxn

This comment has been minimized.

Contributor

aoxn commented May 16, 2017

@Crazykev https://github.com/AliyunContainerService/kubernetes here is Alibaba Cloud Provider fork. we will try to make a pr when K8s refactor has been finished. You are welcome to make PR to https://github.com/AliyunContainerService/kubernetes repository.

@Crazykev

This comment has been minimized.

Contributor

Crazykev commented May 16, 2017

@spacexnice Thanks, I'll check if I can do anything with it.

@aoxn aoxn referenced this pull request Nov 12, 2018

Closed

REQUEST: New membership for aoxn #236

6 of 6 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment