Application Load Balancer (ALB) Ingresses support HTTP, HTTPS, and QUIC and meet the requirement of cloud-native applications for high elasticity and Layer 7 traffic management on a large scale. ALB Ingresses are also compatible with NGINX Ingresses. In addition, ALB Ingresses support complex routes and automatic TLS certificate management to allow you to flexibly manage traffic. You can configure Ingress rules to access different Services in a cluster through different URLs.
Prerequisites
A registered cluster is created and an external cluster that is deployed in a data center is connected to the registered cluster. For more information, see Create a registered cluster in the ACK console.
Step 1: Create an AlbConfig object
Create a file named alb-test.yaml and copy the following content to the file. The file is used to create an AlbConfig Object.
apiVersion: alibabacloud.com/v1 kind: AlbConfig metadata: name: alb-demo spec: config: name: alb-test addressType: Internet zoneMappings: - vSwitchId: vsw-uf6ccg2a9g71hx8go**** - vSwitchId: vsw-uf6nun9tql5t8nh15****Parameter
Description
spec.config.name
The name of the ALB instance. This parameter is optional.
spec.config.addressType
The type of IP address that the ALB instance uses to provide services. This parameter is required. Valid values:
Internet: The ALB instance uses a public IP address. The domain name of the Ingress is resolved to the public IP address of the ALB instance. Therefore, the ALB instance is accessible over the Internet. This is the default value.
Intranet: The ALB instance uses a private IP address. The domain name of the Ingress is resolved to the private IP address. Therefore, the ALB instance is accessible only within the virtual private cloud (VPC) where the ALB instance is deployed.
spec.config.zoneMappings
The IDs of the vSwitches that are used by the ALB Ingress. You must specify at least two vSwitch IDs. The vSwitches must be deployed in different zones and in the VPC where the cluster resides. The zones of the vSwitches must be supported by ALB Ingresses. This parameter is required. For more information about the regions and zones that are supported by ALB Ingresses, see Supported regions and zones.
Run the following command to create an AlbConfig object:
kubectl apply -f alb-test.yamlExpected output:
albconfig.alibabacloud.com/alb-demo createdCreate a file named alb.yaml and add the following content to the file. The file is used to create an IngressClass.
Clusters that run Kubernetes versions earlier than 1.19
apiVersion: networking.k8s.io/v1beta1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: alb-demoClusters that run Kubernetes 1.19 or later
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: alb-demoRun the following command to create an IngressClass:
kubectl apply -f alb.yamlExpected output:
ingressclass.networking.k8s.io/alb created
Step 2: Deploy Services
Create a file named cafe-service.yaml and copy and paste the following content to the file. The file is used to deploy two Deployments named
coffeeandtea, and two Services namedcoffeeandtea.apiVersion: apps/v1 kind: Deployment metadata: name: coffee spec: replicas: 2 selector: matchLabels: app: coffee template: metadata: labels: app: coffee spec: containers: - name: coffee image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: coffee-svc spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: coffee clusterIP: None --- apiVersion: apps/v1 kind: Deployment metadata: name: tea spec: replicas: 1 selector: matchLabels: app: tea template: metadata: labels: app: tea spec: containers: - name: tea image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: tea-svc labels: spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: tea clusterIP: NoneRun the following command to deploy the Deployments and Services:
kubectl apply -f cafe-service.yamlExpected output:
deployment "coffee" created service "coffee-svc" created deployment "tea" created service "tea-svc" createdQuery the status of applications and Services.
Run the following command to query the status of applications:
kubectl get deployExpected output:
NAME READY UP-TO-DATE AVAILABLE AGE coffee 1/2 2 1 2m26s tea 1/1 1 1 2m26sRun the following command to query the status of Services:
kubectl get svcExpected output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE coffee-svc NodePort 172.16.XX.XX <none> 80:32056/TCP 9m38s tea-svc NodePort 172.16.XX.XX <none> 80:31696/TCP 9m38s
Step 3: Configure an ALB Ingress
Create a file named cafe-ingress.yaml and copy the following content to the file:
Clusters that run Kubernetes versions earlier than 1.19
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: cafe-ingress spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: # Configure a context path. - path: /tea backend: serviceName: tea-svc servicePort: 80 # Configure a context path. - path: /coffee backend: serviceName: coffee-svc servicePort: 80Clusters that run Kubernetes 1.19 or later
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: cafe-ingress spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: # Configure a context path. - path: /tea pathType: ImplementationSpecific backend: service: name: tea-svc port: number: 80 # Configure a context path. - path: /coffee pathType: ImplementationSpecific backend: service: name: coffee-svc port: number: 80Run the following command to configure an accessible domain name and a
pathfor thecoffeeandteaServices:kubectl apply -f cafe-ingress.yamlExpected output:
ingress.networking.k8s.io/cafe-ingress createdRun the following command to query the domain name of the ALB Ingress:
kubectl get ingExpected output:
NAME CLASS HOSTS ADDRESS PORTS AGE cafe-ingress alb demo.domain.ingress.top alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com 80 50s
Step 4: Access the Services
After you obtain the domain name, use the CLI to access the
coffeeService:curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/coffeeAfter you obtain the domain name, use the CLI to access the
teaService:curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/tea
References
For more information about advanced ALB Ingress configurations, such as forwarding requests destined for different domain names or URLs to different backend server groups, health checks, redirecting requests from HTTP to HTTPS, canary releases, and custom listener ports, see Advanced ALB Ingress configurations.
An AlbConfig is a CustomResourceDefinition (CRD) that Container Service for Kubernetes (ACK) provides for the Application Load Balancer (ALB) Ingress controller. The ALB Ingress controller uses AlbConfigs to configure ALB instances and listeners. For more information, see Use AlbConfigs to configure ALB instances.