Application Load Balancer (ALB) Ingresses allow you to use the alb.ingress.kubernetes.io/actions.<Service name> annotation to configure server groups for Services. You can associate pods deployed in a cluster and Elastic Compute Service (ECS) instances deployed outside the cluster with a Service by specifying the name of the Service or the ID of the server group. To associate ECS instances with an ALB instance deployed in a virtual private cloud (VPC) in a different region, use a combination of ALB, transit routers, and Cloud Enterprise Network (CEN). You can also use this method to associate on-premises servers with an ALB instance. This topic describes how to configure hybrid server groups, associate ECS instances with an ALB instance deployed in a different region, and associate on-premises servers with an ALB instance.
Table of contents
Usage notes
The Service name in the
alb.ingress.kubernetes.io/actions.<Service name>annotation must be the same as that below thebackendfield in therulessection.When you configure server groups, you must set the Service port name below the
backendfield in therulessection touse-annotation.You can use the
alb.ingress.kubernetes.io/actions.<Service name>annotation to associate multiple server groups with an ALB instance.You can associate up to five server groups with a basic ALB instance.
The
ServerGroupIDsetting prevails when you use both theServerGroupIDandServiceName+ServicePortsettings to associate server groups.
Scenario 1: Forward requests to multiple Services in an ACK cluster or ACK Serverless cluster
Prerequisites
A VPC named VPC1 is created in a region. Two vSwitches named VSW1 and VSW2 are created in different zones of VPC1. For more information, see Create and manage a VPC and Create and manage a vSwitch.
A Container Service for Kubernetes (ACK) cluster or ACK Serverless cluster is created in VPC1. For more information, see Create an ACK managed cluster and Create an ACK Serverless cluster.
The ALB Ingress controller is installed in the ACK cluster or ACK Serverless cluster. For more information, see Manage the ALB Ingress controller.
An ALB instance is created from an ALBConfig in the ACK cluster or ACK Serverless cluster and Services named
tea-svcandcoffee-svcare deployed in the cluster. For more information, see Access Services by using an ALB Ingress.
Scenario
In the following figure, the ServiceName+ServicePort setting is used to associate multiple server groups with the ALB Ingress. Multiple forwarding rules are configured for the ALB Ingress to forward requests to different Services in the cluster.
Procedure
Configure an ALB Ingress.
Create a file named
tea-ingress.yamland add the following content to the file. Deploy this file to forward requests to multiple Services in the cluster.# Forward requests to different Services based on the hostname and path of the requests and specify the weight of each Service. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 80, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotationAccess the Services by using a CLI. For more information, see Access Services.
Scenario 2: Forward requests to the pods deployed in an ACK cluster or ACK Serverless cluster and ECS instances deployed outside the cluster
Prerequisites
A VPC named VPC1 is created in a region. For more information, see Create and manage a VPC.
An ACK cluster or ACK Serverless cluster is created in VPC1. For more information, see Create an ACK managed cluster and Create an ACK Serverless cluster.
At least one ECS instance is created in VPC1, and a web service is deployed on the ECS instance. For more information, see Create an instance by using the wizard and Manually build an LNMP stack on an Alibaba Cloud Linux 2 instance.
A server group is created. For more information, see Create and manage server groups.
The ECS instance is added to the server group that you created. For more information, see Create and manage server groups.
The
alb.ingress.kubernetes.io/actions.<Service name>annotation is used to configure forwarding rules and associate the server group with the ALB Ingress.
Scenario
In the following figure, the ALB Ingress is used to forward requests to the pods deployed in the cluster and the ECS instance deployed outside the cluster. To do this, you need to create a server group in the ALB console or by calling the ALB API, and add the ECS instance to the server group. Then, record the server group ID and specify the ID in the configuration of the ALB Ingress.
Procedure
Configure an ALB Ingress.
Create a file named
tea-ingress.yamland add the following content to the file. Deploy this file to forward requests to the pods in the cluster and the ECS instance outside the cluster.apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 30, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }, { "ServerGroupID": "sgp-71aexb9y93ypo*****", "Weight": 30 }, { "ServerGroupID": "sgp-slygpbvm2cydo*****", "Weight": 20 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotationAccess the Service by using a CLI. For more information, see Access Services.
Scenario 3: Forward requests to the pods in a cluster and ECS instances in a VPC deployed in a different region
Prerequisites
Two VPCs are created in different regions. vSwitches are created in different zones of each VPC. For example, VPC1 is created in the China (Chengdu) region and VPC2 is created in the China (Hangzhou) region.
VSW1 and VSW2 are created in VPC1. VSW1 is deployed in Zone A and VSW2 is deployed in Zone B.
VSW3 and VSW4 are created in VPC2. VSW3 is deployed in Zone H and VSW4 is deployed in Zone I.
For more information, see Create and manage a VPC and Create and manage a vSwitch.
An ACK cluster or ACK Serverless cluster is created in VPC1, and an ALB instance is created from an ALBConfig in the cluster. For more information, see Create an ACK managed cluster and Create an ACK Serverless cluster.
At least one ECS instance is created in VPC2, and a web service is deployed on the ECS instance. For more information, see Create an instance by using the wizard and Manually build an LNMP stack on an Alibaba Cloud Linux 2 instance.
A CEN instance is created and a bandwidth plan is associated with the CEN instance. For more information, see CEN instances and Work with a bandwidth plan.
A transit router is created in the China (Chengdu) region. Another transit router is created in the China (Hangzhou) region. For more information, see Create a transit router.
Scenario
In the following figure, the ALB Ingress is used to forward requests to the pods in the cluster and the ECS instance in a VPC deployed in a different region. To do this, you need to create a CEN instance, attach VPC1 and VPC2 to the CEN instance, and add the ECS instance in VPC2 to a server group. Then, record the server group ID and specify the ID in the configuration of the ALB Ingress.
For example, an ACK cluster or ACK Serverless cluster is created in VPC1 in the China (Chengdu) region and an ALB instance is created from an ALBConfig in VPC1. You can use ALB together with CEN to forward requests to the ECS instance in VPC2 in the China (Hangzhou) region.
Procedure
Configure a CEN instance and create inter-region VPC connections.
For more information, see Specify an ECS instance in a VPC as a backend server of ALB in a different region.
Add the ECS instance in VPC2 to a server group of the ALB instance.
For more information, see Add backend servers.
Use the
alb.ingress.kubernetes.io/actions.<Service name>annotation to configure forwarding rules, associate the server group with the ALB Ingress, and forward requests to the pods in the cluster and the ECS instance in VPC2.Create a file named
tea-ingress.yamland add the following content to the file:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 30, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }, { "ServerGroupID": "sgp-71aexb9y93ypo*****", "Weight": 30 }, { "ServerGroupID": "sgp-slygpbvm2cydo*****", "Weight": 20 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotation
Scenario 4: Forward requests to the pods in a cluster and on-premises servers
Prerequisites
A CEN instance is created and a transit router is created for the CEN instance. For more information, see CEN instances and Create a transit router.
An Express Connect circuit and a virtual border router (VBR) are created. For more information, see Create and manage a dedicated connection over an Express Connect circuit and Create and manage a VBR.
Usage notes
For more information about the usage notes for associating on-premises servers with ALB instances, see Usage notes.
Scenario
In the following figure, the ALB Ingress is used to forward requests to the pods in the cluster and on-premises servers. To do this, you need to configure a CEN instance, an Express Connect circuit, and a VBR, and add on-premises servers to a server group. Then, record the server group ID and specify the ID in the configuration of the ALB Ingress.
For example, an ACK cluster or ACK Serverless cluster is deployed in VPC1 in the China (Chengdu) region and an ALB instance is created from an ALBConfig in the VPC. You can use a combination of ALB, CEN, VBRs, and Express Connect to forward requests to on-premises servers in the region. The following figure shows the architecture.
Procedure
Configure a CEN instance, attach the VBR and VPC1 in which the ALB instance resides to the transit router, and use the VBR to connect the data center to Alibaba Cloud. For more information, see Specify an on-premises server as a backend server of ALB.
Use the
alb.ingress.kubernetes.io/actions.<Service name>annotation to configure forwarding rules, associate the server group with the ALB Ingress, and forward requests to the pods in the cluster and on-premises servers.Create a file named
tea-ingress.yamland add the following content to the file:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 30, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }, { "ServerGroupID": "sgp-ihydxb9y93ypo*****", "Weight": 30 }, { "ServerGroupID": "sgp-pd0ipbvm2cydo*****", "Weight": 20 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotation