All Products
Search
Document Center

Container Service for Kubernetes:Access Services in registered clusters through ALB Ingresses

Last Updated:Jan 05, 2024

Application Load Balancer (ALB) Ingresses support HTTP, HTTPS, and QUIC and meet the requirement of cloud-native applications for high elasticity and Layer 7 traffic management on a large scale. ALB Ingresses are also compatible with NGINX Ingresses. In addition, ALB Ingresses support complex routes and automatic TLS certificate management to allow you to flexibly manage traffic. You can configure Ingress rules to access different Services in a cluster through different URLs.

Prerequisites

Step 1: Create an AlbConfig object

  1. Create a file named alb-test.yaml and copy the following content to the file. The file is used to create an AlbConfig Object.

    apiVersion: alibabacloud.com/v1
    kind: AlbConfig
    metadata:
      name: alb-demo
    spec:
      config:
        name: alb-test
        addressType: Internet
        zoneMappings:
        - vSwitchId: vsw-uf6ccg2a9g71hx8go****
        - vSwitchId: vsw-uf6nun9tql5t8nh15****

    Parameter

    Description

    spec.config.name

    The name of the ALB instance. This parameter is optional.

    spec.config.addressType

    The type of IP address that the ALB instance uses to provide services. This parameter is required. Valid values:

    • Internet: The ALB instance uses a public IP address. The domain name of the Ingress is resolved to the public IP address of the ALB instance. Therefore, the ALB instance is accessible over the Internet. This is the default value.

    • Intranet: The ALB instance uses a private IP address. The domain name of the Ingress is resolved to the private IP address. Therefore, the ALB instance is accessible only within the virtual private cloud (VPC) where the ALB instance is deployed.

    spec.config.zoneMappings

    The IDs of the vSwitches that are used by the ALB Ingress. You must specify at least two vSwitch IDs. The vSwitches must be deployed in different zones and in the VPC where the cluster resides. The zones of the vSwitches must be supported by ALB Ingresses. This parameter is required. For more information about the regions and zones that are supported by ALB Ingresses, see Supported regions and zones.

  2. Run the following command to create an AlbConfig object:

    kubectl apply -f alb-test.yaml

    Expected output:

    albconfig.alibabacloud.com/alb-demo created
  3. Create a file named alb.yaml and add the following content to the file. The file is used to create an IngressClass.

    Clusters that run Kubernetes versions earlier than 1.19

    apiVersion: networking.k8s.io/v1beta1
    kind: IngressClass
    metadata:
      name: alb
    spec:
      controller: ingress.k8s.alibabacloud/alb
      parameters:
        apiGroup: alibabacloud.com
        kind: AlbConfig
        name: alb-demo

    Clusters that run Kubernetes 1.19 or later

    apiVersion: networking.k8s.io/v1
    kind: IngressClass
    metadata:
      name: alb
    spec:
      controller: ingress.k8s.alibabacloud/alb
      parameters:
        apiGroup: alibabacloud.com
        kind: AlbConfig
        name: alb-demo
  4. Run the following command to create an IngressClass:

      kubectl apply -f alb.yaml

    Expected output:

    ingressclass.networking.k8s.io/alb created

Step 2: Deploy Services

  1. Create a file named cafe-service.yaml and copy and paste the following content to the file. The file is used to deploy two Deployments named coffee and tea, and two Services named coffee and tea.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: coffee
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: coffee
      template:
        metadata:
          labels:
            app: coffee
        spec:
          containers:
          - name: coffee
            image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
            ports:
            - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: coffee-svc
    spec:
      ports:
      - port: 80
        targetPort: 80
        protocol: TCP
      selector:
        app: coffee
      clusterIP: None
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: tea
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: tea
      template:
        metadata:
          labels:
            app: tea
        spec:
          containers:
          - name: tea
            image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
            ports:
            - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: tea-svc
      labels:
    spec:
      ports:
      - port: 80
        targetPort: 80
        protocol: TCP
      selector:
        app: tea
      clusterIP: None
  2. Run the following command to deploy the Deployments and Services:

    kubectl apply -f cafe-service.yaml

    Expected output:

    deployment "coffee" created
    service "coffee-svc" created
    deployment "tea" created
    service "tea-svc" created
  3. Query the status of applications and Services.

    1. Run the following command to query the status of applications:

      kubectl get deploy

      Expected output:

      NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
      coffee                           1/2     2            1           2m26s
      tea                              1/1     1            1           2m26s

    2. Run the following command to query the status of Services:

      kubectl get svc

      Expected output:

      NAME                          TYPE           CLUSTER-IP       EXTERNAL-IP           PORT(S)                 AGE
      coffee-svc                    NodePort       172.16.XX.XX     <none>                80:32056/TCP            9m38s
      tea-svc                       NodePort       172.16.XX.XX     <none>                80:31696/TCP            9m38s

Step 3: Configure an ALB Ingress

  1. Create a file named cafe-ingress.yaml and copy the following content to the file:

    Clusters that run Kubernetes versions earlier than 1.19

    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: cafe-ingress
    spec:
      ingressClassName: alb
      rules:
       - host: demo.domain.ingress.top
         http:
          paths:
          # Configure a context path. 
          - path: /tea
            backend:
              serviceName: tea-svc
              servicePort: 80
          # Configure a context path. 
          - path: /coffee
            backend:
              serviceName: coffee-svc
              servicePort: 80

    Clusters that run Kubernetes 1.19 or later

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: cafe-ingress 
    spec:
      ingressClassName: alb
      rules:
       - host: demo.domain.ingress.top
         http:
          paths:
          # Configure a context path.
          - path: /tea
            pathType: ImplementationSpecific
            backend:
              service:
                name: tea-svc
                port:
                  number: 80
          # Configure a context path.
          - path: /coffee
            pathType: ImplementationSpecific
            backend:
              service:
                name: coffee-svc
                port: 
                  number: 80
  2. Run the following command to configure an accessible domain name and a path for the coffee and tea Services:

    kubectl apply -f cafe-ingress.yaml

    Expected output:

    ingress.networking.k8s.io/cafe-ingress created
  3. Run the following command to query the domain name of the ALB Ingress:

    kubectl get ing

    Expected output:

    NAME           CLASS    HOSTS                         ADDRESS                                               PORTS   AGE
    cafe-ingress   alb      demo.domain.ingress.top       alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com   80      50s

Step 4: Access the Services

  • After you obtain the domain name, use the CLI to access the coffee Service:

    curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/coffee
  • After you obtain the domain name, use the CLI to access the tea Service:

    curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/tea

References

  • For more information about advanced ALB Ingress configurations, such as forwarding requests destined for different domain names or URLs to different backend server groups, health checks, redirecting requests from HTTP to HTTPS, canary releases, and custom listener ports, see Advanced ALB Ingress configurations.

  • An AlbConfig is a CustomResourceDefinition (CRD) that Container Service for Kubernetes (ACK) provides for the Application Load Balancer (ALB) Ingress controller. The ALB Ingress controller uses AlbConfigs to configure ALB instances and listeners. For more information, see Use AlbConfigs to configure ALB instances.