Application Load Balancer (ALB) Ingresses provide traffic routing services based on ALB instances and are suitable for handling workloads that have fluctuating traffic. This topic describes how to use an ALB Ingress to expose Services in a Container Service for Kubernetes (ACK) cluster.

Background information

An Ingress provides a collection of rules that manage external access to Services in a cluster. You can configure forwarding rules to assign Services different externally-accessible URLs. However, NGINX Ingresses and Layer 4 Server Load Balancer (SLB) Ingresses cannot meet the requirements of cloud-native applications, such as complex routing, support for multiple application layer protocols (such as QUIC), and balancing of heavy traffic loads at Layer 7.

Prerequisites

  • ALB Ingresses are in public preview.
  • Source Network Address Translation (SNAT) is configured for the cluster.
    • If you want to create a new cluster, select Configure SNAT for VPC in the Configure SNAT field on the Cluster Configurations wizard page. This enables the cluster to download container images over the Internet.
    • If an existing cluster is used and SNAT is not configured for the cluster, configure SNAT for the cluster. For more information, see Enable an existing ACK cluster to access the Internet by using SNAT.
  • The ALB Ingress controller is installed.
    • If you want to create a new cluster, select ALB Ingress (Public Preview) in the Ingress field on the Component Configurations wizard page.
    • If an existing cluster is used and the ALB Ingress controller is not installed, install the ALB Ingress controller in the cluster. For more information, see Manage system components.
  • If you want to expose Services by using an ALB Ingress in a dedicated Kubernetes cluster, you must grant the required permissions to the ALB Ingress controller before you deploy the Services. For more information, see Grant permissions to the ALB Ingress controller in a dedicated Kubernetes cluster.
  • A kubectl client is connected to the cluster. For more information, see Connect to ACK clusters by using kubectl.

Precautions

If you use the Flannel network plug-in, the Services that run at the backend of the ALB Ingress must be of the NodePort or LoadBalancer type.

Step 1: Deploy Services

  1. Create a cafe-service.yaml file and copy the following content to the file. The file is used to deploy two Deployments named coffee and tea and two Services named coffee and tea.
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: coffee
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: coffee
      template:
        metadata:
          labels:
            app: coffee
        spec:
          containers:
          - name: coffee
            image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
            ports:
            - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: coffee-svc
    spec:
      ports:
      - port: 80
        targetPort: 80
        protocol: TCP
      selector:
        app: coffee
      type: NodePort
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: tea
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: tea
      template:
        metadata:
          labels:
            app: tea
        spec:
          containers:
          - name: tea
            image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
            ports:
            - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: tea-svc
      labels:
    spec:
      ports:
      - port: 80
        targetPort: 80
        protocol: TCP
      selector:
        app: tea
      type: NodePort
  2. Run the following command to deploy the Deployments and Services:
    kubectl apply -f cafe-service.yaml

    Expected output:

    deployment "coffee" created
    service "coffee-svc" created
    deployment "tea" created
    service "tea-svc" created
  3. Run the following command to query the status of the Services:
    kubectl get svc,deploy

    Expected output:

    NAME             TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
    coffee-svc   NodePort    172.16.231.169   <none>        80:31124/TCP   6s
    tea-svc      NodePort    172.16.38.182    <none>        80:32174/TCP   5s
    NAME            DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
    deploy/coffee   2         2         2            2           1m
    deploy/tea      1         1         1            1           1m

Step 2: Configure an Ingress

  1. Create a cafe-ingress.yaml and copy the following content to the file:
    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: cafe-ingress
      annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/name: ingress_test_base
        alb.ingress.kubernetes.io/address-type: internet
        alb.ingress.kubernetes.io/vswitch-ids: "vsw-k1akdsmts6njkvhas****,vsw-k1amdv9ax94gr5iwa****"
    spec:
      rules:
      - http:
          paths:
          #Configure context path.
          - path: /tea
            backend:
              serviceName: tea-svc
              servicePort: 80
          #Configure context path.
          - path: /coffee
            backend:
              serviceName: coffee-svc
              servicePort: 80
    The following table describes the parameters in the YAML template.
    Parameter Description
    (Optional) alb.ingress.kubernetes.io/name The name of the ALB instance that you want to use.
    (Optional) alb.ingress.kubernetes.io/address-type The type of IP address that the ALB instance uses to provide services. Valid values:
    • Internet: The ALB instance uses a public IP address. The domain name of the Ingress is resolved to the public IP address of the ALB instance. Therefore, the ALB instance is accessible over the Internet. This is the default value.
    • Intranet: The ALB instance uses a private IP address. The domain name of the Ingress is resolved to the private IP address of the ALB instance. Therefore, the ALB instance is accessible only within the virtual private cloud (VPC) where the ALB instance is deployed.
    alb.ingress.kubernetes.io/vswitch-ids The IDs of the vSwitches that are used by the ALB Ingress. You must specify at least two vSwitch IDs and the vSwitches must be deployed in different zones. For more information about the regions and zones that are supported by ALB Ingresses, see Supported regions and zones.
  2. Run the following command to configure an externally-accessible domain name and a path for the coffee and tea Services separately:
    kubectl apply -f cafe-ingress.yaml

    Expected output:

    ingress "cafe-ingress" created
  3. Run the following command to query the IP address of the ALB instance:
    kubectl get ing

    Expected output:

    NAME           CLASS    HOSTS   ADDRESS                                               PORTS   AGE
    cafe-ingress   <none>   *       alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com   80      50s

Step 3: Access the Services

  • After you obtain the IP address of the ALB instance, use one of the following methods to access the coffee Service:
    • Access the coffee Service by using a browser. 1
    • Access the coffee Service by using a CLI.
      curl http://alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com/coffee
  • After you obtain the IP address of the ALB instance, use one of the following methods to access the tea Service:
    • Access the tea Service by using a browser. SLB2
    • Access the tea Service by using a CLI.
      curl http://alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com/tea