MSE Ingress overview
Built on deep integration between MSE cloud-native gateways and Container Service for Kubernetes (ACK), MSE Ingress manages externally accessible API objects in cluster Services and provides Layer 7 load balancing, canary releases, and stronger cluster ingress traffic management.
Assumes familiarity with Kubernetes pods, Services, and Ingress resources.
Prerequisites
Make sure you have:
-
An ACK or ACK Serverless cluster
-
MSE Ingress controller installed in your cluster
-
An MSE cloud-native gateway provisioned via an MseIngressConfig Custom Resource Definition (CRD)
How it works
The following diagram shows the request flow from client to backend pod.
At a high level:
-
The MSE Ingress controller watches MseIngressConfig CRDs and manages the lifecycle of MSE cloud-native gateways.
-
Each gateway's control plane monitors Ingresses, Ingress classes, and Services via the ACK API server. When these resources change, it pushes updated routing rules to the data plane in real time.
-
The data plane matches each incoming request against routing rules and forwards it to the appropriate backend Service pod.
Key concepts
| Concept | Description |
|---|---|
| Service | An abstraction of an application deployed across a group of replicated pods. |
| Ingress | Reverse proxy rules that route HTTP or HTTPS requests to Services — for example, by hostname or URL path. |
| Ingress class | Declares which Ingress processor handles a given Ingress. Associate an MseIngressConfig CRD with the IngressClass parameters field for MSE-based traffic management. |
| MseIngressConfig | A CRD provided by the MSE Ingress controller. Defines basic configuration for an MSE cloud-native gateway. |
| MSE Ingress controller | The control plane add-on installed in your ACK cluster. Manages MSE cloud-native gateway configurations. |
| MSE cloud-native gateway | The gateway provisioned from an MseIngressConfig CRD. Consists of a control plane (routing rule management) and a data plane (traffic processing). |
Why use MSE Ingress
In a Kubernetes cluster, Ingress is the primary entry point for external access to Services and carries most inbound service traffic. Standard Kubernetes Ingress only supports HTTP routing rules. Features like load balancing algorithms and session affinity require an Ingress controller.
Built on MSE cloud-native gateways, MSE Ingress extends standard Kubernetes Ingress with capabilities that NGINX Ingress does not provide:
| Capability | Standard Kubernetes Ingress | NGINX Ingress | MSE Ingress |
|---|---|---|---|
| HTTP routing rules | Yes | Yes | Yes |
| Load balancing algorithms | No | Yes | Yes |
| Session affinity | No | Yes | Yes |
| Canary releases | No | — | Yes |
| Service governance (rate limiting, circuit breaking, retries) | No | — | Yes |
| Comprehensive security protection | No | — | Yes |
| NGINX Ingress annotation compatibility | — | — | 50+ annotations, 90%+ of use cases |
For NGINX Ingress migrations, MSE Ingress is compatible with 50+ annotations and covers 90%+ of use cases.
MSE Ingress components
MSE Ingress controller
The MSE Ingress controller does not process service traffic — it only configures MSE cloud-native gateways. All traffic flows through the gateway data plane.
The MSE Ingress controller is a control plane add-on installed in your ACK or ACK Serverless cluster. It:
-
Monitors MseIngressConfig CRDs and manages the lifecycle of cloud-native gateways.
-
Manages gateway configurations based on MseIngressConfig CRDs.
-
Configures Ingress monitoring for the gateways.
See Manage components.
MSE cloud-native gateways
Each MSE cloud-native gateway is created from an MseIngressConfig CRD and consists of two planes:
-
Control plane: monitors resources such as Ingresses, Ingress classes, and Services. Pushes routing configurations to the data plane in real time.
-
Data plane: routes external requests to backend Service pods based on control plane routing rules.