Attach a Classic Load Balancer (CLB) instance to an SAE application to control public or private network access. Each CLB instance maps to a Kubernetes Service of type LoadBalancer. This topic covers all service lifecycle operations—create, view, update, and delete—and describes every K8s YAML configuration item.
Prerequisites
Before you begin, ensure that you have:
Installed the saectl tool with your AccessKey ID, AccessKey secret, and application deployment region configured. See Install and configure the saectl tool
How it works
When you create a service, SAE maps a CLB instance to a Kubernetes Service of type LoadBalancer. The annotation sae.aliyun.com/loadbalancer-address-type controls whether the CLB instance is on the public network (internet) or private network (intranet). SAE either creates a new CLB instance automatically or attaches an existing one—depending on whether you specify sae.aliyun.com/loadbalancer-id in the YAML.
Most configuration items are locked at creation time and cannot be changed later. Review the K8s YAML configuration items table before writing your YAML file.
Create a service
Create a file named
svc.yamlwith the following content. Adjust the annotations and port definitions for your application.apiVersion: v1 kind: Service metadata: annotations: # Network type: internet for public network, intranet for private network. Required. Cannot be changed after creation. sae.aliyun.com/loadbalancer-address-type: internet # CLB instance ID. Omit this annotation to let SAE create a new CLB instance automatically. sae.aliyun.com/loadbalancer-id: ${clb-id} # HTTPS certificate IDs, keyed by port name. Required only when a port uses HTTPS. sae.aliyun.com/loadbalancer-cert-ids: '{"port-443": "certId-1"}' # Service name format: ${network-type}-${application-name} name: internet-test-app spec: ports: - name: port-80 # Fixed format: port-${external-port} port: 80 protocol: HTTP targetPort: 80 - name: port-443 port: 443 protocol: HTTPS targetPort: 443 selector: sae.aliyun.com/app-name: test-app # Application name type: LoadBalancerIn the directory where
svc.yamlis located, run:saectl apply -f svc.yaml
View the service list
saectl get service -l sae.aliyun.com/app-name=<deployment-name> -n <namespace>Replace <deployment-name> with your application name and <namespace> with your namespace ID. Omit -l to list CLB instances for all applications in scope. Omit -n to use the default namespace.
| Field | Description |
|---|---|
| NAME | Service name in ${network-type}-${application-name} format. internet = public network; intranet = private network. |
| TYPE | Service type. LoadBalancer indicates a load balancer. |
| EXTERNAL-IP | IP address for network access to the application. |
| PORT(S) | Port for network access to the application. |
| BOUND | Application name. |
| AGE | Time since the service was created. |
View service details
Use get to retrieve the full service configuration in YAML or JSON format. Use describe to get a human-readable summary of the service configuration items.
Get service configuration
saectl get service <service-name> -o {yaml | json} -n <namespace>Describe service
saectl describe service <service-name> -n <namespace>Update a service
Use edit for quick, one-off changes directly in your terminal. Use apply when you manage configurations in version control or need to apply changes from a file.
Most configuration items cannot be changed after creation. See K8s YAML configuration items for the full list of immutable fields.
Edit a service in the terminal
Open the service configuration for inline editing:
saectl edit service <service-name> -n <namespace>Modify the editable fields in the YAML file that opens. Save and close the file to apply the changes.
Apply changes from a configuration file
Modify svc.yaml and run the following command from the directory where the file is located:
saectl apply -f svc.yamlDelete a service
saectl delete service <service-name> -n <namespace>K8s YAML configuration items
All CLB-based services use the Kubernetes Service resource type. The following table describes every configuration item, whether it is required at creation, and whether it can be modified later.
| Configuration item | Description | Required at creation | Modifiable |
|---|---|---|---|
metadata.name | Service name. Format: ${network-type}-${application-name} | — | No |
metadata.namespace | Namespace where the service resides. | — | No |
metadata.annotations: sae.aliyun.com/loadbalancer-address-type | Network type. internet = public network; intranet = private network. | Yes | No |
metadata.annotations: sae.aliyun.com/loadbalancer-id | ID of an existing CLB instance to attach. Omit this annotation to let SAE create a new CLB instance. | Optional | No |
metadata.annotations: sae.aliyun.com/loadbalancer-cert-id | HTTPS certificate IDs, keyed by port name. Example: '{"port-443": "certId-1", "port-444": "certId-2"}' | Yes, if any port uses HTTPS | — |
metadata.uid | Internal identifier. Format: ${application-ID}/${network-type} | — | No |
spec.ports[i].name | Port name. Format: port-${network-access-port}, for example port-80. | Yes | No |
spec.ports[i].port | Network access port number. | Yes | No |
spec.ports[i].protocol | Protocol for network access. Valid values: HTTP, HTTPS, TCP, UDP. | Yes | No |
spec.ports[i].targetPort | Container port number. | Yes | No |
spec.selector | Selector that binds the service to an application. Format: sae.aliyun.com/app-name: ${application-name} | Yes | No |
spec.type | Service type. Always set to LoadBalancer. | — | — |
status.loadbalancer.ingress[i].ip | Network access IP address. Populated automatically after provisioning. | Not supported | No |