An Application Load Balancer (ALB) instance can be integrated with an ingress gateway to access an Alibaba Cloud Container Service for Kubernetes (ACK) cluster that uses the Terway network plug-in on the data plane. This feature simplifies service management, ensures the security of communications between services, and improves observability, reducing development and O&M workloads. This topic describes how to integrate an ALB instance with an ingress gateway.
Prerequisites
- An ASM instance of Enterprise Edition is created. For more information, see Create an ASM instance.
- An ACK cluster that uses the Terway network plug-in is created.
- The Cloud Controller Manager (CCM) component of the ACK cluster is of v1.9.3.313-g748f81e-aliyun or later. For more information, see Cloud Controller Manager.
Step 1: Install the ALB Ingress Controller component for the ACK cluster
- If you want to create an ACK cluster, set the Ingress parameter to ALB Ingress in the Component Configurations step of the Create Cluster wizard. For more information, see Create an ACK managed cluster or Create an ACK dedicated cluster.
- If you want to use an existing ACK cluster whose Ingress parameter is not set to ALB Ingress when it was created, install the ALB Ingress Controller component. For more information about how to install the component, see Manage system components.
Step 2: Deploy a sample application
- Add the ACK cluster to the ASM instance.
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
- On the details page of the ASM instance, choose in the left-side navigation pane.
- Click Add, select the ACK cluster that you want to add, and then click OK.
- Deploy a sample application.
Step 3: Deploy an ingress gateway service
On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane. On the ASM Gateways page, click Create. Set SLB Instance Type to Private Access and Port to 80. For information about how to set other parameters, see Deploy an ingress gateway service.
Step 4: Create Istio resources
In this example, an Instio gateway and a virtual service are created.
- Create an Istio gateway.
- On the Gateway page, click Create. Configure the parameters, click Preview to confirm information in the YAML file, and then click Create.
Sample YAML file:apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: name: bookinfo-gateway namespace: default spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - '*'
- On the Gateway page, click Create. Configure the parameters, click Preview to confirm information in the YAML file, and then click Create.
- Create a virtual service and configure traffic routing
- On the VirtualService page, click Create to configure a virtual service for the bookinfo-gateway gateway. Configure the parameters, click Preview to confirm information in the YAML file, and click Create.
Sample YAML file:apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: bookinfo namespace: default spec: gateways: - bookinfo-gateway hosts: - '*' http: - match: - uri: exact: /productpage - uri: prefix: /static - uri: exact: /login - uri: exact: /logout - uri: prefix: /api/v1/products route: - destination: host: productpage port: number: 9080
- On the VirtualService page, click Create to configure a virtual service for the bookinfo-gateway gateway. Configure the parameters, click Preview to confirm information in the YAML file, and click Create.
Step 5: Create an AlbConfig object
Scenario 1: A standard ALB instance is integrated with the ingress gateway
- Obtain the ID of the ALB instance in the SLB console.
- Create an alb-demo.yaml file that contains the following content: Replace the value of
idin theconfigsection with the ID of your ALB instance.apiVersion: alibabacloud.com/v1 kind: AlbConfig metadata: name: default spec: config: id: alb-xxxxx forceOverride: false - Run the following command to create an AlbConfig object:
kubectl apply -f alb-demo.yaml
Scenario 2: You need to create an ALB instance and integrate it with the ingress gateway
- Create an alb-demo.yaml file that contains the following content: For more information, see Access Services by using an ALB Ingress. Set the name of the automatically created ALB instance to alb-demo.
apiVersion: alibabacloud.com/v1 kind: AlbConfig metadata: name: default spec: config: name: alb-demo addressType: Internet zoneMappings: - vSwitchId: vsw-uf6ccg2a9g71hx8go**** - vSwitchId: vsw-uf6nun9tql5t8nh15****The following table describes the parameters.
Parameter Description spec.config.name The name of the ALB instance that you want to create. addressType The type of the IP address that the ALB instance uses to provide services. This parameter is required. Valid values: - Internet: The ALB instance uses a public IP address. The domain name of the Ingress is resolved to the public IP address of the ALB instance. Therefore, the ALB instance is accessible over the Internet. This is the default value.
- Intranet: The ALB instance uses a private IP address. The domain name of the Ingress is resolved to the private IP address of the ALB instance. Therefore, the ALB instance is accessible only within the virtual private cloud (VPC) where the ALB instance is deployed.
zoneMappings The IDs of the vSwitches that are used by the ALB Ingress. You must specify at least two vSwitch IDs and the vSwitches must be deployed in different zones. The zones of the vSwitches must be supported by ALB Ingresses. This parameter is required. For more information about the regions and zones that are supported by ALB Ingresses, see Supported regions and zones. - Run the following command to create an AlbConfig object:
kubectl apply -f alb-demo.yaml
Step 6: Create an IngressClass resource
- Create an alb.yaml file that contains the following content:
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: default scope: Cluster - Run the following command to create an IngressClass resource:
kubectl apply -f alb.yamlExpected outputingressclass.networking.k8s.io/alb created
Step 7: Create an Ingress instance
The ingress gateway service is created in the istio-system namespace. You need to create an Ingress instance in the istio-system namespace in the ACK cluster on the data plane. The port number is 80, which is the same as that specified when you create the ingress gateway service.
- Create an asm-gateway-ingress.yaml file that contains the following content:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: asm-gateway-ingress namespace: istio-system spec: ingressClassName: alb rules: - http: paths: - backend: service: name: istio-ingressgateway port: number: 80 path: /* pathType: ImplementationSpecific - Run the following command to create an Ingress instance:
kubectl apply -f asm-gateway-ingress.yaml
Step 8: Access the ingress gateway service
- Run the following command to query the endpoint of the Ingress instance:
kubectl get ing -n istio-systemIn the following expected output, you can see that the endpoint of the Ingress instance isalb-xxxx.xxxx.alb.aliyuncs.com.NAME CLASS HOSTS ADDRESS PORTS AGE asm-gateway-ingress alb * alb-xxxx.xxxx.alb.aliyuncs.com 80 18h - Access the ingress gateway service by using one of the following methods:
- Method 1: Use
http://alb-xxxx.xxxx.alb.aliyuncs.com/productpage, the endpoint of the Ingress instance obtained in the previous step, to access the ingress gateway service. - Method 2: Log on to the ALB console to obtain the public IP address of the ALB instance and use it to access the ingress gateway. If the ALB instance is bound to a domain name, you can use the domain name to access the ingress gateway.
- Method 1: Use