Add an Ingress Gateway to an ACK Cluster

By Wang Xining

This article is the fourth edition in the ASM Public Preview Series, a collection of articles that describes key capabilities of Alibaba Cloud Service Mesh (ASM). To access a deployed application through the Internet, you need to deploy an ingress gateway in the cluster where the application runs. This article demonstrates how to add an ingress gateway to an Alibaba Cloud Kubernetes ACK cluster in an Alibaba Cloud Service Mesh (ASM) instance. Find below the links to other articles in this series:

Background

An ingress gateway provides Kubernetes clusters with layer-7 gateway features and a unified layer-7 service entry. Based on the content of HTTP requests, the ingress gateway distributes requests from the same TCP port to different Kubernetes services.

Procedure

In the Data Plane area, click Deploy Ingress Gateway.
On the Deploy Ingress Gateway page, add an ingress gateway.
From the Cluster drop-down list, select the cluster where the ingress gateway needs to be deployed.
Select Internet Access or Intranet Access for SLB Type.
Select Use Existing SLB or Create SLB.

1) Use Existing SLB: Select an SLB instance from the list of existing SLB instances.
2) Create SLB: Click Create SLB and select the required SLB type from the drop-down list.

Note: We recommend assigning an SLB instance for each Kubernetes service. If the same SLB instance is shared among multiple Kubernetes services, the following risks and restrictions occur:

i) If an existing SLB instance is reused, existing listeners will be forcibly overwritten. Consequently, the application becomes inaccessible.
ii) Only the SLB instances that are manually created in the console or via an API can be reused. If an SLB instance is automatically created by the system for a service, it cannot be reused by any other services.
iii) The multiple services that share the same SLB instance cannot have the same frontend listening port. Otherwise, port conflicts occur.
iv) The listener and virtual server group names of a reused SLB instance are used as unique identifiers in ACK and cannot be modified.
v) An SLB instance cannot be reused by services across Kubernetes clusters.

Configure port mapping. Click Add Port, and enter the service port and container port in the port addition line.

Note: We recommend specifying the same service and container ports and enabling this port in the Istio gateway resource definition. The console provides four common Istio ports by default. However, it allows you to add or delete ports based on actual requirements.

Click OK.

Results

After adding the ingress gateway, log on to the Container Service Console and view service information about the added ingress gateway.
After logging on to the Container Service console, choose Ingresses and Load Balancing > Service in the left-side navigation pane.
On the Service page, select the cluster from the Cluster drop-down list and istio-system from the Namespace drop-down list. For more information, click Details in the Actions column.

To view pod information about the added ingress gateway, choose Applications > Pod after logging on to the Container Service console.
On the Pod page, select the cluster from the Cluster drop-down list and istio-system from the Namespace drop-down list. For more information, click Details in the Actions column.

After creating an ASM instance and adding an ACK cluster to the instance, deploy applications to the cluster and use the service mesh functions.

Community

Add an Ingress Gateway to an ACK Cluster

Background

Procedure

Results

Read previous post:

Read next post:

Xi Ning Wang(王夕宁)

You may also like

Comments

Xi Ning Wang(王夕宁)

Related Products

Server Load Balancer

Container Service for Kubernetes

ACK One

ApsaraDB for MyBase