Configure ALB Ingress for Registered Clusters to Route Traffic - ACK

Application Load Balancer (ALB) Ingresses support HTTP, HTTPS, and QUIC protocols and provide high elasticity and Layer 7 traffic management for cloud-native applications at scale. ALB Ingresses are compatible with NGINX Ingresses and support complex routing rules and automatic TLS certificate management. Use this guide to configure an ALB Ingress end-to-end and access backend Services in your cluster by path-based routing.

Prerequisites

Before you begin, make sure that you have:

A registered cluster with an external cluster deployed in a data center connected to it. For more information, see Create a registered cluster in the ACK console.
The ALB Ingress controller installed.
Your Kubernetes cluster version available. Steps 1 and 3 include separate manifests for clusters running Kubernetes versions earlier than 1.19 and for clusters running Kubernetes 1.19 or later.

How it works

Configuring ALB Ingress involves creating three Kubernetes objects in sequence:

AlbConfig — defines the ALB instance (address type, vSwitch assignments).
IngressClass — links the alb class name to the AlbConfig.
Ingress — maps URL paths to backend Services, referencing the IngressClass.

Once applied, the ALB Ingress controller provisions an ALB instance and configures forwarding rules based on the Ingress spec.

Note The YAML syntax for IngressClass and Ingress differs between Kubernetes versions. Steps 1 and 3 include separate manifests for clusters running Kubernetes versions earlier than 1.19 and for clusters running Kubernetes 1.19 or later.

Step 1: Create an AlbConfig object

Create a file named alb-test.yaml with the following content:

apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
  name: alb-demo
spec:
  config:
    name: alb-test
    addressType: Internet
    zoneMappings:
    - vSwitchId: vsw-uf6ccg2a9g71hx8go****
    - vSwitchId: vsw-uf6nun9tql5t8nh15****

Parameter	Required	Description
`spec.config.name`	No	Name of the ALB instance.
`spec.config.addressType`	Yes	Type of IP address the ALB instance uses. `Internet` (default): uses a public IP address, accessible over the internet. `Intranet`: uses a private IP address, accessible only within the virtual private cloud (VPC) where the instance is deployed.
`spec.config.zoneMappings`	Yes	vSwitch IDs for the ALB Ingress. Specify at least two vSwitch IDs in different zones within the VPC where the cluster resides. The zones of the vSwitches must be supported by ALB Ingresses. For supported regions and zones, see Supported regions and zones.

Apply the AlbConfig:

kubectl apply -f alb-test.yaml

Expected output:

albconfig.alibabacloud.com/alb-demo created

Create a file named alb.yaml to define the IngressClass. Clusters running Kubernetes versions earlier than 1.19

apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
  name: alb
spec:
  controller: ingress.k8s.alibabacloud/alb
  parameters:
    apiGroup: alibabacloud.com
    kind: AlbConfig
    name: alb-demo

Clusters running Kubernetes 1.19 or later

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
spec:
  controller: ingress.k8s.alibabacloud/alb
  parameters:
    apiGroup: alibabacloud.com
    kind: AlbConfig
    name: alb-demo

Apply the IngressClass:

kubectl apply -f alb.yaml

Expected output:

ingressclass.networking.k8s.io/alb created

Step 2: Deploy Services

Create a file named cafe-service.yaml with the following content. This deploys two Deployments (coffee and tea) and their corresponding Services.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: coffee
spec:
  replicas: 2
  selector:
    matchLabels:
      app: coffee
  template:
    metadata:
      labels:
        app: coffee
    spec:
      containers:
      - name: coffee
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: coffee-svc
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: coffee
  clusterIP: None
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tea
  template:
    metadata:
      labels:
        app: tea
    spec:
      containers:
      - name: tea
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: tea-svc
  labels:
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: tea
  clusterIP: None

Apply the file:

kubectl apply -f cafe-service.yaml

Expected output:

deployment "coffee" created
service "coffee-svc" created
deployment "tea" created
service "tea-svc" created

Verify that the Deployments and Services are running. Check Deployment status:

kubectl get deploy

Expected output:

NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
coffee                           1/2     2            1           2m26s
tea                              1/1     1            1           2m26s

Check Service status:

kubectl get svc

Expected output:

NAME                          TYPE           CLUSTER-IP       EXTERNAL-IP           PORT(S)                 AGE
coffee-svc                    NodePort       172.16.XX.XX     <none>                80:32056/TCP            9m38s
tea-svc                       NodePort       172.16.XX.XX     <none>                80:31696/TCP            9m38s

Step 3: Configure an ALB Ingress

Create a file named cafe-ingress.yaml with the following content. Clusters running Kubernetes versions earlier than 1.19

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: cafe-ingress
spec:
  ingressClassName: alb
  rules:
   - host: demo.domain.ingress.top
     http:
      paths:
      # Configure a context path.
      - path: /tea
        backend:
          serviceName: tea-svc
          servicePort: 80
      # Configure a context path.
      - path: /coffee
        backend:
          serviceName: coffee-svc
          servicePort: 80

Clusters running Kubernetes 1.19 or later

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cafe-ingress
spec:
  ingressClassName: alb
  rules:
   - host: demo.domain.ingress.top
     http:
      paths:
      # Configure a context path.
      - path: /tea
        pathType: ImplementationSpecific
        backend:
          service:
            name: tea-svc
            port:
              number: 80
      # Configure a context path.
      - path: /coffee
        pathType: ImplementationSpecific
        backend:
          service:
            name: coffee-svc
            port:
              number: 80

Apply the Ingress:

kubectl apply -f cafe-ingress.yaml

Expected output:

ingress.networking.k8s.io/cafe-ingress created

Retrieve the domain name assigned to the ALB Ingress:

kubectl get ing

Expected output:

NAME           CLASS    HOSTS                         ADDRESS                                               PORTS   AGE
cafe-ingress   alb      demo.domain.ingress.top       alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com   80      50s

The ALB instance is ready when the ADDRESS field is populated. This may take a few minutes.

Step 4: Access the Services

Use the ALB domain name from the previous step to send requests to each Service.

Access the coffee Service:

curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/coffee

Access the tea Service:

curl -H Host:demo.domain.ingress.top http://alb-lhwdm5c9h8lrcm****.cn-hangzhou.alb.aliyuncs.com/tea

What's next

For advanced configurations such as forwarding requests by domain name or URL, health checks, HTTP-to-HTTPS redirects, canary releases, and custom listener ports, see Advanced ALB Ingress configurations.
To learn how AlbConfig works with the ALB Ingress controller to configure ALB instances and listeners, see Use AlbConfigs to configure ALB instances.