Application Load Balancer (ALB) Ingresses support HTTP, HTTPS, and QUIC and meet the requirements for high elasticity and large-scale Layer 7 traffic management. ALB Ingresses are compatible with NGINX Ingresses. ALB Ingresses support complex routing and automatic TLS certificate management, and provide flexible traffic management. You can configure ALB Ingress routing rules to access different Services in Container Service for Kubernetes (ACK) clusters through different URLs.
Prerequisites
An ACK managed cluster or ACK dedicated cluster is created and the cluster runs Kubernetes 1.18 or later. For more information, see Create an ACK dedicated cluster or Create an ACK managed cluster.
Two vSwitches that reside in different zones are created and deployed in the virtual private cloud (VPC) of the ACK cluster. For more information, see Create and manage a vSwitch.
The ALB Ingress controller is installed in the cluster. For more information, see Manage the ALB Ingress controller.
NoteIf you want to use an ALB Ingress to access Services deployed in an ACK dedicated cluster, you need to first authorize the cluster to access the ALB Ingress controller. For more information, see Authorize an ACK dedicated cluster to access the ALB Ingress controller.
A kubectl client is connected to the cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
Usage notes
If you use the Flannel network plug-in, the backend Services of the ALB Ingress gateway must be of the NodePort or LoadBalancer type.
The names of AlbConfig objects, namespaces, Ingresses, and Services cannot start with aliyun.
Earlier NGINX Ingress controller versions cannot recognize the
spec:ingressClassName
field in the Ingress resource. If both NGINX Ingresses and ALB Ingresses are configured in your ACK cluster, the ALB Ingresses may be reconciled by an earlier version of the NGINX Ingress controller. To avoid this problem, update your NGINX Ingress controller at the earliest opportunity or use annotations to specify the IngressClasses of ALB Ingresses. For more information, see Update the NGINX Ingress controller or Advanced ALB Ingress configurations.
Step 1: Create an AlbConfig object
Create a file named alb-test.yaml and copy the following content to the file. The file is used to create an AlbConfig Object.
apiVersion: alibabacloud.com/v1 kind: AlbConfig metadata: name: alb-demo spec: config: name: alb-test addressType: Internet zoneMappings: - vSwitchId: vsw-uf6ccg2a9g71hx8go**** - vSwitchId: vsw-uf6nun9tql5t8nh15**** listeners: - port: 80 protocol: HTTP
Parameter
Description
spec.config.name
The name of the ALB instance. This parameter is optional.
spec.config.addressType
The type of IP address that the ALB instance uses to provide services. This parameter is required. Valid values:
Internet: The ALB instance uses a public IP address. The domain name of the Ingress is resolved to the public IP address of the ALB instance. Therefore, the ALB instance is accessible over the Internet. This is the default value.
Intranet: The ALB instance uses a private IP address. The domain name of the Ingress is resolved to the private IP address. Therefore, the ALB instance is accessible only within the VPC where the ALB instance is deployed.
spec.config.zoneMappings
The IDs of the vSwitches that are used by the ALB Ingress. You must specify at least two vSwitch IDs. The vSwitches must be deployed in different zones and in the VPC where the cluster resides. The zones of the vSwitches must be supported by ALB Ingresses. This parameter is required. For more information about the regions and zones that are supported by ALB Ingresses, see Supported regions and zones.
Run the following command to create an AlbConfig:
kubectl apply -f alb-test.yaml
Expected output:
albconfig.alibabacloud.com/alb-demo created
Create a file named alb.yaml and copy the following content to the file:
Clusters that run Kubernetes 1.19 or later
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: alb-demo
Clusters that run Kubernetes versions earlier than V1.19
apiVersion: networking.k8s.io/v1beta1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: alb-demo
Run the following command to create an IngressClass:
kubectl apply -f alb.yaml
Expected output:
ingressclass.networking.k8s.io/alb created
Step 2: Deploy Services
Create a file named cafe-service.yaml and copy and paste the following content to the file. The file is used to deploy two Deployments named
coffee
andtea
, and two Services namedcoffee
andtea
.apiVersion: apps/v1 kind: Deployment metadata: name: coffee spec: replicas: 2 selector: matchLabels: app: coffee template: metadata: labels: app: coffee spec: containers: - name: coffee image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: coffee-svc spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: coffee type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: tea spec: replicas: 1 selector: matchLabels: app: tea template: metadata: labels: app: tea spec: containers: - name: tea image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: tea-svc spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: tea type: NodePort
Run the following command to deploy the Deployments and Services:
kubectl apply -f cafe-service.yaml
Expected output:
deployment "coffee" created service "coffee-svc" created deployment "tea" created service "tea-svc" created
Run the following commands to query the status of applications and Services.
Run the following command to query the status of applications:
kubectl get deploy
Expected output:
NAME READY UP-TO-DATE AVAILABLE AGE coffee 1/2 2 1 2m26s tea 1/1 1 1 2m26s
Run the following command to query the status of Services:
kubectl get svc
Expected output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE coffee-svc NodePort 172.16.XX.XX <none> 80:32056/TCP 9m38s tea-svc NodePort 172.16.XX.XX <none> 80:31696/TCP 9m38s
Step 3: Configure an ALB Ingress
Create a file named cafe-ingress.yaml and copy the following content to the file:
Clusters that run Kubernetes 1.19 or later
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: cafe-ingress spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: # Configure a context path. - path: /tea pathType: ImplementationSpecific backend: service: name: tea-svc port: number: 80 # Configure a context path. - path: /coffee pathType: ImplementationSpecific backend: service: name: coffee-svc port: number: 80
Clusters that run Kubernetes versions earlier than V1.19
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: cafe-ingress spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: # Configure a context path. - path: /tea backend: serviceName: tea-svc servicePort: 80 # Configure a context path. - path: /coffee backend: serviceName: coffee-svc servicePort: 80
Run the following command to configure an externally-accessible domain name and a
path
for thecoffee
andtea
Services separately:kubectl apply -f cafe-ingress.yaml
Expected output:
ingress.networking.k8s.io/cafe-ingress created
Run the following command to query the domain name of the Ingress used to expose the ALB instance:
kubectl get ing
Expected output:
NAME CLASS HOSTS ADDRESS PORTS AGE cafe-ingress alb demo.domain.ingress.top alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com 80 50s
Step 4: Access the Services
After you obtain the address of the ALB instance, use the CLI to access the
coffee
Service:curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/coffee
After you obtain the address of the ALB instance, use the CLI to access the
tea
Service:curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/tea
References
For more information about advanced ALB Ingress configurations, such as forwarding requests destined for different domain names or URLs to different backend server groups, health checks, redirecting requests from HTTP to HTTPS, canary releases, and custom listener ports, see Advanced ALB Ingress configurations.
For more information about how to configure custom ALB Ingress routing rules, routing conditions, and actions, see Customize the routing rules of an ALB Ingress.
For more information about how to use HTTPS listeners to forward HTTPS requests, see Use an ALB Ingress to configure certificates for an HTTPS listener.
For more information about how to troubleshoot ALB Ingress issues, see ALB Ingress FAQ.