Expose NGINX via ALB Ingress on ACK Auto Mode - Container Service for Kubernetes

Prerequisites

Before you begin, ensure that you have:

An ACK managed cluster (Auto Mode). See Create an ACK managed cluster.
kubectl connected to the cluster. See Connect to a cluster.

Step 1: Create a namespace

Create a dedicated namespace to keep the sample resources isolated from other workloads in the cluster.

Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the left navigation pane, click Namespaces and Quotas.
Click Create. In the dialog box, enter a namespace name (this tutorial uses my-nginx-namespace), configure other settings as needed, and click OK.

Step 2: Deploy the NGINX application and create a Service

Deploy an NGINX Deployment named my-nginx with two replicas and a ClusterIP Service named my-nginx-svc to expose it within the cluster.

Deployment: 2 replicas, NGINX container image, port 80.
Service: ClusterIP type, routes port 80 to the container's port 80, selected by the app: nginx label.

For more details on creating workloads and Services, see Deploy a workload and Service management.

Create my-nginx.yaml with the following content:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx    # The name of the sample application.
  namespace: my-nginx-namespace  # Replace with the name of the namespace you created.
  labels:
    app: nginx
spec:
  replicas: 2       # The number of replicated pods.
  selector:
    matchLabels:
      app: nginx     # Must match the selector in the Service.
  template:
    metadata:
      labels:
        app: nginx
    spec:
    #  nodeSelector:
    #    env: test-team
      containers:
      - name: nginx
        image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
        ports:
        - containerPort: 80         # Must be exposed in the Service.
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: my-nginx-namespace  # Replace with the name of the namespace you created.
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: ClusterIP   # If Flannel is used, change this to NodePort.

Apply the manifest:
```
kubectl apply -f my-nginx.yaml
```

Verify the Deployment and Service are running:

Check the Deployment:

kubectl get deployment my-nginx -n my-nginx-namespace

Expected output:

NAME       READY   UP-TO-DATE   AVAILABLE   AGE
my-nginx   2/2     2            2           4m36s

Check the Service:

kubectl get svc my-nginx-svc -n my-nginx-namespace

Expected output:

NAME           TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)   AGE
my-nginx-svc   ClusterIP   192.XX.XX.164     <none>        80/TCP    42s

Step 3: Create an ALB Ingress and its associated resources

ALB Ingress routes external traffic to applications inside the cluster. It requires three resources working together:

Resource	Role
ALB Ingress controller	Manages Ingress resources. Installed automatically when Auto Mode is enabled.
AlbConfig	Declares the configuration of an ALB instance (address type, zones, listeners). Each AlbConfig corresponds to one ALB instance.
IngressClass	Links an ALB Ingress to a specific AlbConfig, applying the corresponding routing and load balancing configuration.

Before creating an ALB Ingress, review its concepts and requirements. See ALB Ingress management.

Create an AlbConfig

The AlbConfig provisions the ALB instance. In this tutorial, the instance uses the Internet address type, making it publicly accessible. It listens on port 80 over HTTP and spans two vSwitches in different zones for high availability.

Key fields:

Field	Value	Description
`addressType`	`Internet`	The ALB instance gets a public IP address and is accessible over the internet.
`vSwitchId`	vSwitch IDs	Two vSwitches in different zones, both in the same Virtual Private Cloud (VPC) as the cluster and in zones supported by ALB.
`port` / `protocol`	`80` / `HTTP`	The listener configuration.

Create alb.yaml with the following content:

Get vSwitch IDs on the vSwitch page of the VPC console. To create a vSwitch, see Create and manage vSwitches.

apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
  name: alb
spec:
  config:
    name: alb
    addressType: Internet  # Internet-facing ALB instance.
    zoneMappings:
    - vSwitchId: vsw-uf6ccg2a9g71hx8go****  # Replace with your vSwitch ID.
    - vSwitchId: vsw-uf6nun9tql5t8nh15****  # Replace with your vSwitch ID.
  listeners:
    - port: 80
      protocol: HTTP

Apply the manifest:
```
kubectl apply -f alb.yaml
```

Verify the AlbConfig and note the DNS name:

PORT&PROTOCOL and CERTID are only populated after an HTTPS listener is configured. Empty values here are expected.

kubectl get AlbConfig alb

Expected output:

NAME   ALBID        DNSNAME                                  PORT&PROTOCOL   CERTID   AGE
alb    alb-******   alb-******.<regionID>.alb.aliyuncs.com                            60s

Create an IngressClass

The IngressClass links ALB Ingresses to the AlbConfig created above. All ALB Ingresses that reference this IngressClass use the same ALB instance.

Create ingress_class.yaml with the following content:

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
spec:
  controller: ingress.k8s.alibabacloud/alb
  parameters:
    apiGroup: alibabacloud.com
    kind: AlbConfig
    name: alb  # Must match the name of the AlbConfig.

Apply the manifest:
```
kubectl apply -f ingress_class.yaml
```

Create an ALB Ingress

Create the ALB Ingress using the ACK console. The Ingress ties the Service to the ALB instance through the IngressClass.

Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the left navigation pane, choose Network > Ingresses.

On the Ingresses page, select the namespace you created, then click Create Ingress. In the Create Ingress dialog box, configure the following parameters: Keep the default values for all other parameters. For additional parameter details and domain name resolution configuration, see Step 3: Create an ALB Ingress.

Parameter	Value
Gateway Type	Select ALB Ingress.
Name	Enter a name, such as `my-albingress`.
Ingress Class	Select the IngressClass you created.
Rules > Service	Select `my-nginx-svc`.
Rules > Port	Select port `80`.

After creation completes, return to Ingresses in the left navigation pane. Wait about 1 minute for the ALB to provision, then copy the ALB DNS name from the Endpoint column.

How ALB Ingress works

When you create an ALB Ingress, ACK Auto Mode:

Reads the IngressClass to identify the target AlbConfig.
Provisions or reuses the ALB instance declared by the AlbConfig.
Configures routing rules on the ALB listener to forward traffic on port 80 to my-nginx-svc.

The ALB instance becomes the public entry point for the application, and ACK manages the lifecycle of the underlying nodes automatically.

Step 4: Verify the deployment

Before accessing the application, confirm that all layers are healthy.

Check that all pods are running:

kubectl get pods -n my-nginx-namespace

Expected output (all pods in Running state):

NAME                        READY   STATUS    RESTARTS   AGE
my-nginx-XXXXXXXXX-XXXXX    1/1     Running   0          5m
my-nginx-XXXXXXXXX-XXXXX    1/1     Running   0          5m

Check that the Ingress has an endpoint:

If ADDRESS is empty, wait another minute and retry. ALB provisioning typically takes about 1 minute.

kubectl get ingress my-albingress -n my-nginx-namespace

Expected output (the ADDRESS field shows the ALB DNS name):

NAME             CLASS   HOSTS   ADDRESS                                       PORTS   AGE
my-albingress    alb     *       alb-******.<regionID>.alb.aliyuncs.com        80      2m

Paste the ALB DNS name into a browser. The NGINX welcome page confirms the deployment is successful.

Troubleshooting

If the application is not accessible, use the following commands to diagnose the issue.

Symptom	Command	What to check
Pods not running	`kubectl get pods -n my-nginx-namespace`	All pods should be in `Running` state. If not, run `kubectl describe pod <pod-name> -n my-nginx-namespace`.
Ingress has no endpoint	`kubectl describe ingress my-albingress -n my-nginx-namespace`	Check the `Events` section for provisioning errors.
AlbConfig not ready	`kubectl describe AlbConfig alb`	Check the `Status` and `Events` sections for configuration errors.
Browser returns connection error	`kubectl get ingress my-albingress -n my-nginx-namespace`	Confirm the `ADDRESS` field is populated. The ALB may still be provisioning — wait about 1 minute and retry.

(Optional) Step 5: Clean up resources

To delete all resources created in this tutorial, run the following commands. Replace resource names with your actual names if different.

kubectl delete deployment my-nginx -n my-nginx-namespace
kubectl delete Service my-nginx-svc -n my-nginx-namespace
kubectl delete ALBIngress my-albingress -n my-nginx-namespace
kubectl delete AlbConfig alb
kubectl delete IngressClass alb

After deleting the above resources, delete the namespace to remove any remaining objects:

kubectl delete namespace my-nginx-namespace

Container Service for Kubernetes:Deploy workloads and configure load balancing in ACK managed clusters (Auto Mode)

Prerequisites

Step 1: Create a namespace

Step 2: Deploy the NGINX application and create a Service

Step 3: Create an ALB Ingress and its associated resources

Create an AlbConfig

Create an IngressClass

Create an ALB Ingress

How ALB Ingress works

Step 4: Verify the deployment

Troubleshooting

(Optional) Step 5: Clean up resources

Related topics