APIG Ingress is the Enterprise Edition of Higress. It is compatible with Nginx Ingress and provides benefits such as low cost, high security, deep integration, and high availability. You can use an APIG Ingress to access Container Service for Kubernetes (ACK) and Container Compute Service clusters.
For security reasons, APIG Ingress does not allow you to expose services in the kube-system namespace.
Prerequisites
APIG Controller can be installed only in an ACK managed cluster.
An ACK managed cluster of version 1.18 or later is created. To upgrade a cluster, see Manually upgrade a cluster.
Permissions are granted to APIG Controller. For an ACK managed cluster, you can click the authorization link to grant the required permissions.
Step 1: Install APIG Controller
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the one you want to manage and click its name. In the left navigation pane, click Add-ons.
On the Add-ons page, enter
APIGin the search box. On the APIG Controller card, click Install.In the Install dialog box, configure the parameters and click OK.
Create:
A pay-as-you-go cloud-native API gateway instance with the apig.small.x1 specification is automatically created.
Select Existing VPC:
Select a pay-as-you-go cloud-native API gateway instance from the list. The instance must be in the same VPC as the container cluster and not associated with other clusters.
If the component installation fails with a prerequisite check failure, grant permissions to the APIG Controller.
Check whether the component is installed.
After the component is installed, an ApigConfig resource and a gateway instance are created by default. Both are named
apig-controller-pro-{clusterid}.Go to Workloads > Custom Resources. Click the Resource Objects tab. In the API Group search box, enter
apig. In the Actions column for the ApigConfig, click Edit YAML to view the status of theApigConfig. Wait for 3 to 5 minutes and make sure that the value of thephasefield is Listening in the YAML file. This indicates that the cloud-native API gateway is created, running, and automatically listening for Ingress resources in the cluster that have the IngressClass set to apig.The status of the
ApigConfigchanges in the following order: Pending > Running > Listening. The statuses are described as follows:Pending: The cloud-native API gateway is being created. This process takes about 3 minutes.
Running: The cloud-native API gateway is created and running.
Listening: The cloud-native API gateway is running and listening for Ingress resources in the cluster.
Failed: The cloud-native API gateway is in an invalid state. You can view the Message field in the Status section for more information.
ImportantIn Create mode, installing APIG Controller creates an ApigConfig resource by default. The lifecycle of this resource is bound to the cloud-native API gateway instance. If you delete the ApigConfig resource, the corresponding cloud-native API gateway instance is also deleted. Do not delete the ApigConfig resource.
If an IngressClass resource named apig already exists in the cluster before you install APIG Controller, the installation does not automatically create an ApigConfig resource or a cloud-native API gateway instance.
Log on to the Cloud-native API Gateway console. In the corresponding region, you can find the cloud-native gateway instance named
apig-controller-pro-{clusterid}.
Step 2: Deploy the backend service
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want to manage and click its name. In the left navigation pane, choose .
On the Deployments page, click Create from YAML. Use the following YAML template to deploy a Deployment named
httpbinand a Service namedhttpbin.apiVersion: apps/v1 kind: Deployment metadata: name: httpbin namespace: default spec: replicas: 1 selector: matchLabels: app: httpbin template: metadata: labels: app: httpbin version: v1 spec: containers: - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin args: - "--version=v1" imagePullPolicy: Always name: httpbin --- apiVersion: v1 kind: Service metadata: name: httpbin namespace: default spec: ports: - port: 8080 protocol: TCP selector: app: httpbinVerify that the Deployment and Service are deployed.
In the navigation pane on the left, choose . A Deployment named
httpbinis created. The Deployment is deployed when thePodsfield shows1/1.In the navigation pane on the left, choose . A Service named
httpbinis created, which indicates that the Service is deployed.
Step 3: Configure the APIG Ingress
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left navigation pane, choose .
On the Ingresses page, click Create Ingress.
In the Create Ingress dialog box, set Gateway Type to APIG Ingress, configure the associated backend service and annotations, and then click OK.
NoteSet Ingress Class to
apig. In the routing rule, select Prefix (Prefix-based Match), set the Path to/, and configure the rule to forward requests to thehttpbinservice.Log on to the Cloud-native API Gateway console. In the corresponding cloud-native API gateway instance, you can find an API whose name contains {gwid}-ingress.
Step 4: Access the service
Obtain the Network Load Balancer (NLB) domain name from the Ingress endpoint or the public IP address from the gateway.
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left navigation pane, choose .
On the Ingresses page, view the endpoint of the Ingress.
To test the service, use a browser or a command-line tool to access
<Endpoint>/versionor<Gateway public IP address>/version. For example, enterenv-******-cn-hangzhou.alicloudapi.com/versionin your browser.
Reference
For more information about the features of APIG Ingress and how it works, see Manage APIG Ingresses.