×
Community Blog Configuring Ingress Controller of Container Service for Kubernetes to Use an Intranet SLB Instance

Configuring Ingress Controller of Container Service for Kubernetes to Use an Intranet SLB Instance

This article describes how to configure the Ingress Controller of Container Service for Kubernetes to use an intranet SLB instance.

After you create a Kubernetes cluster on Container Service, a set of Nginx Ingress Controllers is automatically deployed during the cluster initialization. By default, the Ingress Controllers are mounted to an Internet Server Load Balancer (SLB) instance.

1

Configure the Nginx Ingress Controller to Use an Intranet SLB Instance Only

If you want to restrict the services in the cluster to only one VPC, modify the configurations of the Nginx Ingress Controller service.

2

1. Apply for an intranet SLB instance.

Apply for an SLB instance with expected specifications on the network of the corresponding VPC.

2. Configure the Nginx Ingress Controller service.

After an intranet SLB instance is obtained, configure the Nginx Ingress Controller to use the instance.

service.beta.kubernetes.io/alicloud-loadbalancer-id

Note:

  1. If you set alicloud-loadbalancer-id to specify an existing SLB instance for use, the manually configured listener may be overwritten.
  2. The SLB instance will not be automatically deleted when the kube-system/nginx-ingress-lb service is deleted.

For more information, see the figure below.

# nginx ingress slb service
apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-lb
  namespace: kube-system
  labels:
    app: nginx-ingress-lb
  annotations:
    # Set the SLB instance address type to intranet.
    service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
    # Change the SLB instance ID to that of the intranet SLB instance.
    service.beta.kubernetes.io/alicloud-loadbalancer-id: <YOUR_INTRANET_SLB_ID>
    # Specify whether to create an SLB port listener automatically or manually. If the listener is created automatically, the original port listener will be overwritten.
    #service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'true'
spec:
  type: LoadBalancer
  # route traffic to other nodes
  externalTrafficPolicy: "Cluster"
  ports:
  - port: 80
    name: http
    targetPort: 80
  - port: 443
    name: https
    targetPort: 443
  selector:
    # select app=ingress-nginx pods
    app: ingress-nginx

After the kube-system/nginx-ingress-lb service configuration is modified, the specified intranet SLB instance can be used.

Configure the Nginx Ingress Controller to Use Either an Internet or Intranet SLB Instance

In some specific scenarios, you may want services in the cluster to be accessible to both the Internet and the VPC to which the services belong (not through the Internet).

3

To achieve this, deploy another kube-system/nginx-ingress-lb-intranet service.

Note: By default, a kube-system/nginx-ingress-lb service has been deployed during the cluster initialization and it has been mounted to an Internet SLB instance.

1. Apply for an intranet SLB instance.

Apply for an SLB instance with expected specifications on the network of the corresponding VPC.

2. Create a new Nginx Ingress Controller service for the intranet SLB instance.

After an intranet SLB instance is obtained, create a new kube-system/nginx-ingress-lb-intranet service through YAML.

# intranet nginx ingress slb service
apiVersion: v1
kind: Service
metadata:
  # Name the service nginx-ingress-lb-intranet.
  name: nginx-ingress-lb-intranet
  namespace: kube-system
  labels:
    app: nginx-ingress-lb-intranet
  annotations:
    # Set the SLB instance address type to intranet.
    service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
    # Change the SLB instance ID to that of the intranet SLB instance.
    service.beta.kubernetes.io/alicloud-loadbalancer-id: <YOUR_INTRANET_SLB_ID>
    # Specify whether to create an SLB port listener automatically or manually. If the listener is created automatically, the original port listener will be overwritten.
    #service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'true'
spec:
  type: LoadBalancer
  # route traffic to other nodes
  externalTrafficPolicy: "Cluster"
  ports:
  - port: 80
    name: http
    targetPort: 80
  - port: 443
    name: https
    targetPort: 443
  selector:
    # select app=ingress-nginx pods
    app: ingress-nginx

The following shows the two Nginx Ingress Controller services mounted to the Internet SLB instance and intranet SLB instance, respectively.

  kubectl -n kube-system get svc | grep nginx-ingress-lb
nginx-ingress-lb            LoadBalancer   172.19.9.26    47.96.223.50   80:31456/TCP,443:30016/TCP   5h
nginx-ingress-lb-intranet   LoadBalancer   172.19.4.140   192.168.2.88   80:32394/TCP,443:31000/TCP   7m

After the configuration, services exposed by Ingress can be accessed through either the Internet or intranet SLB instance.

To learn more about Alibaba Cloud Container Service for Kubernetes, visit https://www.alibabacloud.com/product/kubernetes

0 0 0
Share on

Alibaba Container Service

149 posts | 28 followers

You may also like

Comments

Alibaba Container Service

149 posts | 28 followers

Related Products