MSE Ingress overview

Updated at:
Copy as MD

Built on deep integration between MSE cloud-native gateways and Container Service for Kubernetes (ACK), MSE Ingress manages externally accessible API objects in cluster Services and provides Layer 7 load balancing, canary releases, and stronger cluster ingress traffic management.

Note

Assumes familiarity with Kubernetes pods, Services, and Ingress resources.

Prerequisites

Make sure you have:

  • An ACK or ACK Serverless cluster

  • MSE Ingress controller installed in your cluster

  • An MSE cloud-native gateway provisioned via an MseIngressConfig Custom Resource Definition (CRD)

How it works

The following diagram shows the request flow from client to backend pod.

Scenario

At a high level:

  1. The MSE Ingress controller watches MseIngressConfig CRDs and manages the lifecycle of MSE cloud-native gateways.

  2. Each gateway's control plane monitors Ingresses, Ingress classes, and Services via the ACK API server. When these resources change, it pushes updated routing rules to the data plane in real time.

  3. The data plane matches each incoming request against routing rules and forwards it to the appropriate backend Service pod.

Key concepts

Concept Description
Service An abstraction of an application deployed across a group of replicated pods.
Ingress Reverse proxy rules that route HTTP or HTTPS requests to Services — for example, by hostname or URL path.
Ingress class Declares which Ingress processor handles a given Ingress. Associate an MseIngressConfig CRD with the IngressClass parameters field for MSE-based traffic management.
MseIngressConfig A CRD provided by the MSE Ingress controller. Defines basic configuration for an MSE cloud-native gateway.
MSE Ingress controller The control plane add-on installed in your ACK cluster. Manages MSE cloud-native gateway configurations.
MSE cloud-native gateway The gateway provisioned from an MseIngressConfig CRD. Consists of a control plane (routing rule management) and a data plane (traffic processing).

Why use MSE Ingress

In a Kubernetes cluster, Ingress is the primary entry point for external access to Services and carries most inbound service traffic. Standard Kubernetes Ingress only supports HTTP routing rules. Features like load balancing algorithms and session affinity require an Ingress controller.

Built on MSE cloud-native gateways, MSE Ingress extends standard Kubernetes Ingress with capabilities that NGINX Ingress does not provide:

Capability Standard Kubernetes Ingress NGINX Ingress MSE Ingress
HTTP routing rules Yes Yes Yes
Load balancing algorithms No Yes Yes
Session affinity No Yes Yes
Canary releases No Yes
Service governance (rate limiting, circuit breaking, retries) No Yes
Comprehensive security protection No Yes
NGINX Ingress annotation compatibility 50+ annotations, 90%+ of use cases

For NGINX Ingress migrations, MSE Ingress is compatible with 50+ annotations and covers 90%+ of use cases.

MSE Ingress components

MSE Ingress controller

Important

The MSE Ingress controller does not process service traffic — it only configures MSE cloud-native gateways. All traffic flows through the gateway data plane.

The MSE Ingress controller is a control plane add-on installed in your ACK or ACK Serverless cluster. It:

  • Monitors MseIngressConfig CRDs and manages the lifecycle of cloud-native gateways.

  • Manages gateway configurations based on MseIngressConfig CRDs.

  • Configures Ingress monitoring for the gateways.

See Manage components.

MSE cloud-native gateways

Each MSE cloud-native gateway is created from an MseIngressConfig CRD and consists of two planes:

  • Control plane: monitors resources such as Ingresses, Ingress classes, and Services. Pushes routing configurations to the data plane in real time.

  • Data plane: routes external requests to backend Service pods based on control plane routing rules.

Next steps