APIG Ingress is the Enterprise Edition of Higress, compatible with Nginx Ingress. Use it to expose services in Container Service for Kubernetes (ACK) and Container Compute Service clusters through a cloud-native API gateway, with built-in low cost, high security, high availability, and deep integration with Alibaba Cloud.
APIG Ingress does not support exposing services in the kube-system namespace.
In this tutorial, you will:
-
Install the APIG Controller add-on in your ACK cluster
-
Deploy a sample backend service
-
Configure an APIG Ingress to route external traffic to the service
-
Access and verify the service through the gateway endpoint
Prerequisites
Before you begin, ensure that you have:
-
An ACK managed cluster running version 1.18 or later. To upgrade, see Manually upgrade a cluster.
-
You have created an ACS cluster.
-
Permissions granted to APIG Controller. For an ACK managed cluster, click the authorization link to grant the required permissions.
APIG Controller can only be installed in an ACK managed cluster.
Step 1: Install APIG Controller
-
Log on to the ACK console. In the left navigation pane, click Clusters.
-
Log on to the ACS console. In the left navigation pane, click Clusters.
Log on to the ACK console. In the left navigation pane, click Clusters.
-
On the Clusters page, click the name of your cluster. In the left navigation pane, click Add-ons.
-
On the Add-ons page, enter
APIGin the search box. On the APIG Controller card, click Install. -
In the Install dialog box, select an installation mode and click OK.
If installation fails with a prerequisite check error, grant the required permissions to APIG Controller and retry.
Mode Description Create Automatically creates a pay-as-you-go Cloud-native API Gateway instance with the apig.small.x1specification.Select Existing VPC Select an existing pay-as-you-go Cloud-native API Gateway instance. The instance must be in the same VPC as the cluster and not associated with other clusters. -
Verify that the installation succeeded. After installation, an ApigConfig resource and a gateway instance are created, both named
apig-controller-pro-{clusterid}. To check the status: Thephasefield transitions in this order:-
Go to Workloads > Custom Resources. Click the Resource Objects tab.
-
In the API Group search box, enter
apig. -
In the Actions column for the ApigConfig resource, click Edit YAML.
-
Check the
phasefield in the YAML. Wait 3–5 minutes untilphaseshows Listening.
ImportantIn Create mode, the ApigConfig resource is bound to the gateway instance lifecycle — deleting the ApigConfig also deletes the gateway instance. Do not delete the ApigConfig resource. If an IngressClass named
apigalready exists in the cluster before you install APIG Controller, the installation does not automatically create an ApigConfig resource or a gateway instance.Phase Description Pending The gateway is being created. This typically takes about 3 minutes. Running The gateway is created and running. Listening The gateway is running and listening for Ingress resources with ingressClassName: apig.Failed The gateway is in an error state. Check the messagefield understatusfor details. -
-
To verify that the gateway instance is created, log on to the Cloud-native API Gateway console. In the corresponding region, confirm that an instance named
apig-controller-pro-{clusterid}appears.
Step 2: Deploy the backend service
-
Log on to the ACK console. In the left navigation pane, click Clusters.
-
On the Clusters page, click the name of your cluster. In the left navigation pane, choose Workloads > Deployments.
-
On the Deployments page, click Create from YAML. Apply the following manifest to create a Deployment and a Service named
httpbinin thedefaultnamespace.apiVersion: apps/v1 kind: Deployment metadata: name: httpbin namespace: default spec: replicas: 1 selector: matchLabels: app: httpbin template: metadata: labels: app: httpbin version: v1 spec: containers: - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin args: - "--version=v1" imagePullPolicy: Always name: httpbin --- apiVersion: v1 kind: Service metadata: name: httpbin namespace: default spec: ports: - port: 8080 protocol: TCP selector: app: httpbin -
Verify that the Deployment and Service are running.
-
Go to Workloads > Deployments. The
httpbinDeployment is ready when the Pods column shows1/1. -
Go to Network > Services. Confirm that a Service named
httpbinappears in the list.
-
Step 3: Configure the APIG Ingress
Using the console
-
Log on to the ACK console. In the left navigation pane, click Clusters.
-
On the Clusters page, click the name of your cluster. In the left navigation pane, choose Network > Ingresses.
-
On the Ingresses page, click Create Ingress.
-
In the Create Ingress dialog box, set the following options and click OK.
-
Gateway Type: APIG Ingress
-
Ingress Class:
apig -
Routing rule: Prefix (Prefix-based Match), Path:
/, backend service:httpbin
-
-
To confirm the Ingress is synced to the gateway, log on to the Cloud-native API Gateway console. In the corresponding gateway instance, an API whose name contains
{gwid}-ingressshould appear.
Using kubectl (optional)
If you prefer a CLI or GitOps workflow, apply the following Ingress manifest directly:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin-ingress
namespace: default
spec:
ingressClassName: apig
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpbin
port:
number: 8080Step 4: Access the service
-
Get the gateway endpoint. In the ACK console, go to Network > Ingresses and note the endpoint shown for the Ingress you created. The endpoint is the Network Load Balancer (NLB) domain of the gateway. Alternatively, get the public IP address directly from the Cloud-native API Gateway console.
-
Test the service by accessing
<endpoint>/versionin a browser or withcurl.curl http://<endpoint>/version
What's next
To learn more about APIG Ingress features and how it works, see Manage APIG Ingresses.