ALB Ingress supports using the alb.ingress.kubernetes.io/actions.<service-name> annotation to configure backend server groups. Backend server groups can be attached by service name or server group ID, which enables hybrid attachment of Pods within a K8s cluster and ECS instances outside the cluster. By combining products such as ALB, Cloud Enterprise Network (CEN), and transit routers, you can enable ALB to forward requests to servers in VPCs of other regions for cross-region attachment, or to on-premises IDC servers for on-premises IDC attachment. This topic describes how to use ALB Ingress to implement hybrid, cross-region, and on-premises IDC attachments.
Table of contents
Usage notes
The service name in the
alb.ingress.kubernetes.io/actions.<service-name>annotation must match the service name of thebackendin therulefield.When you configure a backend server group, in the
rulefield, the service port name underbackendmust beuse-annotation.You can use the
alb.ingress.kubernetes.io/actions.<service name>annotation to attach multiple server groups to an ALB instance.A basic ALB instance supports a maximum of five server groups.
When you attach a server group by using both
ServerGroupIDandServiceName+ServicePort, the system prioritizesServerGroupIDto match the backend server group.
Scenario 1: Forward requests to multiple services
Prerequisites
A VPC named VPC1 is created in a region. Two vSwitches, VSW1 and VSW2, are created in different zones within VPC1. For more information, see Create and manage a VPC and Create and manage vSwitches.
An ACK or ACK Serverless cluster is created in VPC1. For more information, see Create an ACK managed cluster and Create an ACK Serverless cluster.
The ALB Ingress Controller is installed in the ACK or ACK Serverless cluster. For more information, see Manage the ALB Ingress Controller component.
You have already created an ALB instance in an ACK or ACK Serverless cluster by using an ALBConfig, and deployed the
tea-svcandcoffee-svcbackend services. For more information, see Create and use an ALB Ingress to expose services.
Scenario
As shown in the following figure, with the multi-server group forwarding action of ALB Ingress, you can create or attach multiple backend server groups by configuring ServiceName+ServicePort to forward requests to multiple Services within the cluster.
Procedure
Configure the ALB Ingress.
Deploy the following content to the
tea-ingress.yamlfile. This defines how requests are forwarded to multiple Services within the cluster.# This Ingress forwards requests to different backend server groups based on the hostname and path, with traffic distributed according to weights. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 80, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotationAccess the service from the command line. For more information, see Access the service.
Scenario 2: Forward to cluster pods and external ECS
Prerequisites
A VPC named VPC1 is created in a region. For more information, see Create and manage a VPC.
An ACK or ACK Serverless cluster is created in VPC1. For more information, see Create an ACK managed cluster and Create an ACK Serverless cluster.
At least one ECS instance is created in VPC1, the same VPC where the ALB instance is deployed. A web service is deployed on the ECS instance. For more information, see Create a custom instance and Deploy an LNMP stack.
A server group is created. For more information, see Create and manage server groups.
The external ECS instance is added to the server group. For more information, see Create and manage server groups.
The
alb.ingress.kubernetes.io/actions.<service-name>annotation is used to configure a forwarding action and attach a created server group.
Scenario
This scenario shows how to forward requests to both pods within a cluster and external ECS instances in the same VPC. You create a server group in the ALB console or by using the API, add the external ECS instance to it, and then reference its ServerGroupID in the Ingress annotation. This creates a hybrid backend, as shown in the following figure.
Procedure
Configure the ALB Ingress.
Deploy the following content to the
tea-ingress.yamlfile. This defines a service that forwards requests to both Pods within the cluster and ECS instances outside the cluster.apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 30, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }, { "ServerGroupID": "sgp-71aexb9y93ypo*****", "Weight": 30 }, { "ServerGroupID": "sgp-slygpbvm2cydo*****", "Weight": 20 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotationAccess the service from the command line. For more information, see Access the service.
Scenario 3: Forward to cluster pods and cross-region ECS
Prerequisites
Two VPCs are created in different regions, with vSwitches created in different zones within each VPC. For example, VPC1 is created in the China (Chengdu) region, and VPC2 is created in the China (Hangzhou) region.
In VPC1, vSwitch VSW1 is in Zone A and vSwitch VSW2 is in Zone B.
In VPC2, vSwitch VSW3 is in Zone H and vSwitch VSW4 is in Zone I.
For more information, see Create and manage a VPC and Create and manage vSwitches.
An ACK or ACK Serverless cluster is created in VPC1, and an ALB instance is created using an AlbConfig in the cluster. For more information, see Create an ACK managed cluster and Create and use an ALB Ingress to expose services.
At least one ECS instance is created in VPC2, and a web service is deployed on the ECS instance. For more information, see Create a custom instance and Deploy an LNMP stack.
A CEN instance is created, and a bandwidth plan is purchased for it. For more information, see Create a CEN instance and Purchase a bandwidth plan.
A transit router instance is created in both the China (Chengdu) and China (Hangzhou) regions. For more information, see Create a transit router instance.
Scenario
This scenario demonstrates how to use CEN to establish a cross-region connection between VPCs. This lets you add an ECS instance from a different region to a server group. By referencing its ServerGroupID in the Ingress, you can route traffic to both in-cluster pods and the cross-region ECS instance, as shown in the following figures.
For example, an ACK or ACK Serverless cluster and an ALB instance are deployed in VPC1 in the China (Chengdu) region. You can use a combination of ALB and CEN to forward requests to an ECS instance in VPC2 in the China (Hangzhou) region.
Procedure
Configure CEN and create a cross-region VPC connection.
For more information, see Attach cross-region servers to an ALB instance.
Add the cross-region ECS instance to the ALB server group.
For more information, see Add or remove backend servers.
Use the
alb.ingress.kubernetes.io/actions.<service-name>annotation to configure a forwarding action and associate an existing server group. When a service is requested, this action forwards requests to Pods within the cluster and to ECS servers in a cross-region VPC outside the cluster.Deploy the following content to the
tea-ingress.yamlfile.apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 30, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }, { "ServerGroupID": "sgp-71aexb9y93ypo*****", "Weight": 30 }, { "ServerGroupID": "sgp-slygpbvm2cydo*****", "Weight": 20 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotation
Scenario 4: Forward to cluster pods and on-premises servers
Prerequisites
A CEN instance and a transit router for the instance are created. For more information, see Create a CEN instance and Create a transit router instance.
An Express Connect and a VBR are created. For more information, see Apply for an Express Connect circuit and Create and manage VBRs.
Usage notes
For limitations on attaching on-premises servers to an ALB instance, see Limitations.
Scenario
This scenario shows how to use CEN, an Express Connect, and a VBR to connect your on-premises data center to Alibaba Cloud. This lets you add on-premises servers to a server group. By referencing the ServerGroupID in the Ingress, you can route traffic to both in-cluster pods and your on-premises servers, as shown in the following figures.
For example, an ACK or ACK Serverless cluster and an ALB instance are deployed in VPC1 in the China (Chengdu) region. You can use a combination of ALB, CEN, a VBR, and an Express Connect to forward requests to on-premises servers in the same region.
Procedure
Configure CEN to connect the VPC where the ALB instance resides and the VBR to the transit router. This connects your on-premises data center to Alibaba Cloud through the VBR. For more information, see Attach on-premises servers in the same region to an ALB instance.
Use the
alb.ingress.kubernetes.io/actions.<service-name>annotation to configure a forwarding action and attach a specified, existing server group. This forwards requests to Pods within the cluster and to on-premises Internet Data Center (IDC) servers outside the cluster.Deploy the following content to the
tea-ingress.yamlfile.apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: tea-ingress annotations: alb.ingress.kubernetes.io/actions.forward: | [{ "type": "ForwardGroup", "ForwardConfig": { "ServerGroups" : [{ "ServiceName": "tea-svc", "Weight": 30, "ServicePort": 80 }, { "ServiceName": "coffee-svc", "Weight": 20, "ServicePort": 80 }, { "ServerGroupID": "sgp-ihydxb9y93ypo*****", "Weight": 30 }, { "ServerGroupID": "sgp-pd0ipbvm2cydo*****", "Weight": 20 }] } }] spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /path pathType: Prefix backend: service: name: forward port: name: use-annotation