通过Annotation配置负载均衡类型的服务
更新时间 2025-08-05 18:51:23
最近更新时间: 2025-08-05 18:51:23
本节介绍网络的用户指南:通过Annotation配置负载均衡类型的服务。
通过在Service的Yaml文件中配置注解Annotation,您可以对天翼云负载均衡、监听转发等进行配置,本文介绍LoadBalancer类型Service支持配置的Annotation。
注解说明
| 注解名称 | 描述 | 示例 | 支持的CCM版本 |
|---|---|---|---|
| service.beta.kubernetes.io/ctyun-loadbalancer-id | 指定已有负载均衡,取值为负载均衡实例的ID。删除service时该 ELB不会被删除 | lb-******** | v1.0.1及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-spec | 指定新建负载均衡的规格,如elb.s2.small | elb.s2.small | v1.0.1及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-address-type | 指定新建负载均衡的公网私网类型,取值: intranet:负载均衡地址类型为私网,intranet为默认值 internet:负载均衡地址类型为公网 | internet | v1.0.1及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-protocol-port | 指定负载均衡监听HTTP协议或HTTPS协议,可指定多个监听,多个监听之间以逗号“,”分割 | https:443,http:80 | v1.0.4及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-ssl-cert | 指定SSL证书,取值为SSL证书ID,可在负载均衡控制台的证书管理页面查看证书ID。 仅监听协议为HTTPS协议时需要指定 | cert-******** | v1.0.4及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-xforwardedfor | 指定负载均衡监听器附加X-Forwarded-For头字段,通过开启该参数,后端服务可获取客户端源IP。取值为“true”或“false” 仅支持监听协议为HTTP和HTTPS协议 | "true" | v1.0.4及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-charge-type | 指定创建公网负载均衡时,公网的计费类型,取值: bandwidth:按带宽计费 traffic:按流量计费,traffic为默认值 | traffic | v1.0.5及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-bandwidth | 计费类型为“bandwidth”时,可指定带宽的大小,值为数字类型,默认为1 Mbps | 5 | v1.0.5及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-cycle-count | 指定负载均衡的计费周期,值为数字类型,表示购买月数,默认为1个月 | 1 | v1.0.5及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-eip-id | 指定新建公网负载均衡时,可指定绑定已有的弹性IP,取值为弹性IP的ID,可在网络控制台的弹性IP详情页面查看ID | eip-******** | v1.0.5及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-project-id | 指定新建负载均衡所属的企业项目,取值为企业项目ID,可在IAM控制台中企业项目详情查看ID | 0 | v1.0.5及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-enable-ipv6 | 指定新建负载均衡时,可指定开启负载均衡的ipv6 | "true" | v1.0.7及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-ipv6-bandwidth-id | 指定新建支持ipv6的公网负载均衡时,需指定IPv6带宽ID,可在网络控制台的IPv6带宽详情页面查看ID。如果没有IPv6带宽,请先创建一个 | v1.0.7及以上 | |
| service.beta.kubernetes.io/ctyun-loadbalancer-enable-listener-nat64 | 指定支持ipv6的负载均衡时,可指定开启监听器的nat64,支持负载均衡将ipv6流量转发到ipv4的后端 | "true" | v1.0.7及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-ipv6-address | 指定新建支持ipv6的负载均衡时,可指定负载均衡的ipv6地址(该地址为负载均衡所在子网的ipv6地址段中未被分配的ip),未指定则由系统随机分配 | v1.0.7及以上 | |
| service.beta.kubernetes.io/ctyun-loadbalancer-override-listeners | 指定已有负载均衡时,可指定是否强制覆盖已有监听 | "true" | v1.0.7及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-health-check-flag | 健康检查开关,取值off或on。off:不启用;on:启用 | on | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-health-check-option | 配置全局健康检查的选项,对service下所有端口配置起作用。内容为json类型数据,数据结构见下表“健康检查字段数据结构说明” 注意:使用该字段,需确保service下端口配置的protocol协议一致 |
| v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-health-check-options | 配置健康检查的选项,支持为service下单个端口或部分端口配置健康检查。内容为数组形式的json数据,数据结构参考表“健康检查字段数据结构说明” 注意:该字段不能与“service.beta.kubernetes.io/ctyun-loadbalancer-health-check-option”同时使用 | v1.0.8及以上 | |
| service.beta.kubernetes.io/ctyun-loadbalancer-acl-flag | 指定访问控制的类型,取值: inherit:继承已有ELB配置; all:允许所有IP访问; white:白名单; black:黑名单 | white | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-acl-status | 访问控制开关,值为on或off,只有为on时,黑/白名单才会生效 | on | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-acl-id | 指定访问策略组的ID,可在负载均衡控制台的访问策略组页面查看策略ID | ac-******** | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-establish-timeout | 指定建立连接超时时间,只用于TCP监听 | "30" | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-idle-timeout | 指定空闲超时时间,只作用于HTTP/HTTPS监听 | "30" | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-response-timeout | 指定响应超时时间,只作用于HTTP/HTTPS监听 | "5" | v1.0.8及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-proxy-protocol-flag | 指定是否开启后端主机组的Proxy Protocol,ProxyProtocol协议会携带客户端源地址到后端服务器。取值: on:开启 off:关闭 注意:该功能不支持在线平滑开启,切换到ProxyProtocol需要业务停服升级,请谨慎配置。 | on | v1.1.1及以上 |
| ervice.beta.kubernetes.io/ctyun-loadbalancer-ip-mode | 指定Service的External IP模式,值为 vip 或 proxy vip:集群内访问Service不会经过ELB,直接经由ipvs/iptables转发到Service对应的后端Pod proxy:集群内访问Service会先经过ELB,最终再转发到对应后端Pod 注意:该特性要求Kubernetes集群版本大于v1.29 | proxy | v1.2.0及以上 |
| service.beta.kubernetes.io/ctyun-loadbalancer-ip-type | 指定Service的External IP地址类型,值为 private 或 public private:设置ELB的私网IP为Service的External IP public:设置ELB的公网IP为Service的External IP | public | v1.2.0及以上 |
健康检查字段数据结构说明
| 参数 | 描述 | 类型 | 是否必填 |
|---|---|---|---|
| servicePort | 指定健康检查对应的端口配置的服务协议(spec.ports[].protocl)及端口(spec.ports[].port),如"TCP:80" | string | 是 |
| protocol | 健康检查的协议,取值:TCP/UDP/HTTP | string | 是 |
| interval | 健康检查时间间隔,取值范围:1-60s | string | 是 |
| maxRetry | 健康检查最大重试次数,取值范围:1-10次 | string | 是 |
| timeout | 健康检查超时时间,取值范围:2-60s | string | 是 |
| path | 健康检查的URL,protocol为“HTTP”时需要配置,默认为“/” | string | 否 |
| expectedCodes | 期望响应状态码,protocol为“HTTP”时需要配置,取值支持http_2xx/http_3xx/http_4xx/http_5xx,默认为http_2xx;多个响应状态码用逗号分隔,如"http_2xx,http_3xx" | string | 否 |
使用已有负载均衡
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}" #负载均衡ELB实例的ID
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer创建私网负载均衡
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-spec: "elb.s2.small" #新建负载均衡规格为标准型Ⅰ
service.beta.kubernetes.io/ctyun-loadbalancer-address-type: "intranet" #新建负载均衡为私网类型
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer新建公网负载均衡
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-spec: "elb.s2.small" #新建负载均衡规格为标准型Ⅰ
service.beta.kubernetes.io/ctyun-loadbalancer-address-type: "internet" #新建负载均衡为公网类型
service.beta.kubernetes.io/ctyun-loadbalancer-charge-type: "bandwidth" #公网计费按带宽计费
service.beta.kubernetes.io/ctyun-loadbalancer-bandwidth: "5" #公网带宽大小为5Mbps
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer配置监听HTTP协议
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "lb-***"
service.beta.kubernetes.io/ctyun-loadbalancer-protocol-port: "http:80" #监听HTTP的80端口
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer配置监听HTTPS协议
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
service.beta.kubernetes.io/ctyun-loadbalancer-protocol-port: "https:443" #监听HTTPS的443端口
service.beta.kubernetes.io/ctyun-loadbalancer-ssl-cert: "${YOUR_CERT_ID}" #SSL证书ID
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 443
targetPort: 80
type: LoadBalancer配置附加X-Forwarded-For请求头
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
service.beta.kubernetes.io/ctyun-loadbalancer-xforwardedfor: "true"
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
配置全局健康检查
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
service.beta.kubernetes.io/ctyun-loadbalancer-health-check-flag: "on"
service.beta.kubernetes.io/ctyun-loadbalancer-health-check-option: '{
"protocol":"TCP",
"interval":"5",
"timeout":"10",
"maxRetry":"3"
}'
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
- protocol: TCP
port: 90
targetPort: 90
type: LoadBalancer配置部分端口健康检查
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
service.beta.kubernetes.io/ctyun-loadbalancer-health-check-flag: "on"
service.beta.kubernetes.io/ctyun-loadbalancer-health-check-options: '[
{
"servicePort":"TCP:90", #指定监听协议为TCP、服务端口为90的端口配置
"protocol":"TCP", #指定健康检查协议为TCP
"interval":"5",
"timeout":"10",
"maxRetry":"3"
},
{
"servicePort":"TCP:80", #指定监听协议为TCP、服务端口为80的端口配置
"protocol":"HTTP", #指定健康检查协议为HTTP
"interval":"5",
"timeout":"10",
"maxRetry":"3",
"path":"/healthz",
"expectedCodes":"http_2xx"
},
]'
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
- protocol: TCP
port: 90
targetPort: 90
type: LoadBalancer配置访问控制黑/白名单
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
service.beta.kubernetes.io/ctyun-loadbalancer-acl-flag: "white" #白名单控制
service.beta.kubernetes.io/ctyun-loadbalancer-acl-status: "on" #开启访问控制
service.beta.kubernetes.io/ctyun-loadbalancer-acl-id: "${YOUR_ACL_ID}" #ELB的访问策略组ID
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer为TCP监听配置Proxy Protocol协议
kind: Service
apiVersion: v1
metadata:
name: nginx
annotations:
service.beta.kubernetes.io/ctyun-loadbalancer-id: "${YOUR_LOADBALANCER_ID}"
service.beta.kubernetes.io/ctyun-loadbalancer-proxy-protocol-flag: "on"
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
