Deploy a workload and configure load balancing in an ACK managed cluster (auto mode) - Container Service for Kubernetes

This topic describes how to deploy a workload in a Container Service for Kubernetes (ACK) managed cluster (auto mode) and enable public access using an Application Load Balancer (ALB) Ingress. After the deployment is complete, you can access the application using a domain name. This enables efficient management and load balancing of external traffic.

This topic guides you through the following operations.

Create a namespace for the sample application.
Deploy an NGINX sample application and create a Service to expose the application to the cluster network.
Create an ALB Ingress to enable public access to the application using an ALB instance. You must manually create an AlbConfig to manage the ALB instance and an IngressClass to associate it with the AlbConfig.
Verify that the deployment is successful and access the application using a browser. Clean up the resources if they are no longer needed.

After you complete these operations, the following results are achieved.

An NGINX sample application with two replicas is running.
A stable public entry point for the application is provided by an ALB Ingress and a Service.
In auto mode, ACK automatically scales the application based on the workload. ACK also manages the node lifecycle to reduce your Operations and Maintenance (O&M) burden.

Prerequisites

Step 1: Create a namespace

Create a namespace for this example to isolate resources.

Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left-side navigation pane, click Namespaces and Quotas.
Click Create. In the dialog box that appears, set a custom name for the namespace (this topic uses my-nginx-namespace as an example), configure the other parameters as prompted, and then click OK.

Step 2: Deploy the NGINX application and create a Service

This section describes how to deploy an NGINX sample deployment named my-nginx and a Service named my-nginx-svc to expose the application.

Deployment: The number of replicas is 2. The image is a sample NGINX application. Port 80 is exposed to accept HTTP network traffic.
Service: The Service type is ClusterIP. Port 80 of the Service is mapped to port 80 of the pod's container. The Service uses a Label Selector to match pods.

This section provides a sample procedure. For more information about how to create workloads and Services, see Create a workload and Manage Services.

Create a file named my-nginx.yaml and add the following content. This configuration deploys the Deployment and Service in the namespace.

apiVersion: apps/v1 
kind: Deployment
metadata:
  name: my-nginx    # The name of the sample application.
  namespace: my-nginx-namespace  # Replace this with the name of the namespace that you created.
  labels:
    app: nginx
spec:
  replicas: 2       # The number of replicas.
  selector:
    matchLabels:
      app: nginx     # The value must be the same as the value of the selector in the Service to expose this application.
  template:
    metadata:
      labels:
        app: nginx
    spec:
    #  nodeSelector:
    #    env: test-team
      containers:
      - name: nginx
        image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
        ports:
        - containerPort: 80         # This port must be exposed in the Service.
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: my-nginx-namespace  # Replace this with the name of the namespace that you created.
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: ClusterIP   # If you use Flannel, you must use NodePort.

Deploy the Deployment and Service.
```
kubectl apply -f my-nginx.yaml
```

Check the status of the Deployment and Service.

Check the status of the Deployment.

kubectl get deployment my-nginx -n my-nginx-namespace

Expected output:

NAME       READY   UP-TO-DATE   AVAILABLE   AGE
my-nginx   2/2     2            2           4m36s

Check the status of the Service.

kubectl get svc my-nginx-svc -n my-nginx-namespace

Expected output:

NAME           TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)   AGE
my-nginx-svc   ClusterIP   192.XX.XX.164   <none>        80/TCP    42s

Step 3: Create an ALB Ingress and its associated resources

To manage external traffic to cluster applications using an ALB Ingress, you must prepare the following resources.

Before you create an ALB Ingress, make sure that you understand its principles and requirements. For more information, see Manage ALB Ingresses.

ALB Ingress controller: A component that manages Ingress resources. The ALB Ingress controller is installed by default after you enable auto mode for the cluster.
AlbConfig: A CustomResourceDefinition (CRD) created by the ALB Ingress controller to declare the configuration of an ALB instance. Each AlbConfig corresponds to one ALB instance. The ALB instance serves as the entry point for user traffic and forwards requests to backend Services.
IngressClass: When you create an ALB Ingress, you can specify this IngressClass to reference the corresponding AlbConfig. This lets you implement specific application routing configurations and load balancing policies.

Create an AlbConfig

Create a file named alb.yaml and add the following content to the file. The content is used to create an AlbConfig.
- This AlbConfig sets addressType to Internet. This means that the ALB instance has a public IP address. The DNS domain name can be resolved to the public IP address and accessed from the Internet.
- Set vSwitchId to the IDs of two vSwitches in different zones. The vSwitches must be in the same virtual private cloud (VPC) as the cluster and in zones that are supported by ALB.
  You can find the vSwitch ID on the vSwitch page in the VPC console. To create a vSwitch, see Create and manage vSwitches
```
apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
  name: alb
spec:
  config:
    name: alb
    addressType: Internet  # The address type of the load balancer. The Internet type can be accessed over the public network.
    zoneMappings:               
    - vSwitchId: vsw-uf6ccg2a9g71hx8go****  # Replace this with the ID of your vSwitch.
    - vSwitchId: vsw-uf6nun9tql5t8nh15****  # Replace this with the ID of your vSwitch.
  listeners:
    - port: 80
      protocol: HTTP
```
Create the AlbConfig.
```
kubectl apply -f alb.yaml
```

You can view the AlbConfig resource.

kubectl get AlbConfig alb

Expected output:

NAME   ALBID        DNSNAME                                  PORT&PROTOCOL   CERTID   AGE
alb    alb-******   alb-******.<regionID>.alb.aliyuncs.com                            60s

Note

The PORT&PROTOCOL and CERTID fields are empty until you create an HTTPS listener and configure a certificate for it.

Create an IngressClass

Create a file named ingress_class.yaml and add the following content to create an IngressClass.

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
spec:
  controller: ingress.k8s.alibabacloud/alb
  parameters:
    apiGroup: alibabacloud.com
    kind: AlbConfig
    name: alb # The name of the AlbConfig associated with the IngressClass.

Create the IngressClass.
```
kubectl apply -f ingress_class.yaml
```

Create an ALB Ingress

Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the navigation pane on the left, choose Network > Ingresses.

On the Ingresses page, select the namespace that you created. Click Create Ingress. In the Create Ingress dialog box, configure the Ingress as prompted.

The following table describes the key parameters. For more information about the parameters and related operations, such as configuring domain name resolution, see Create an ALB Ingress.

Parameter	Description
Gateway Type	Select ALB Ingress.
Name	Enter a custom Ingress name, such as my-albingress.
Ingress Class	Select the IngressClass that you created to reference the corresponding AlbConfig.
Rule	Name: Select the target service, which is the Service that you created. Port: Select the port to expose for the service. This example uses port 80. Keep the default values for other parameters.

After the Ingress is created, choose Ingresses in the navigation pane on the left to check whether the Ingress is deployed. Wait for about one minute. Then, find and copy the ALB DNS endpoint from the Endpoint column.

Step 4: Access the application

Paste the ALB DNS endpoint into your browser to access the NGINX application.

(Optional) Step 5: Clean up resources

The resources created in this topic include a Deployment, a Service, an AlbConfig, an IngressClass, and an ALB Ingress. Run the following commands to clean up the resources.

The resource names in the following commands are examples. Replace them with the actual resource names when you run the commands.

kubectl delete deployment my-nginx -n my-nginx-namespace
kubectl delete Service my-nginx-svc -n my-nginx-namespace
kubectl delete ALBIngress my-albingress -n my-nginx-namespace
kubectl delete AlbConfig alb
kubectl delete IngressClass alb

References

For detailed parameter descriptions for creating workloads, see Create a workload. For configuration recommendations, see Recommended workload configurations.
When you use the HTTPS protocol for a listener, you must configure an SSL/TLS certificate. For more information about the certificate configuration methods that ALB Ingress supports, see Configure an HTTPS certificate for encrypted communication.
You can customize the configuration of an ALB instance by configuring the AlbConfig resource. For more information, see ALB Ingress configuration dictionary.