Migrate traffic from Nginx Ingress Controller to an ingress gateway - Alibaba Cloud Service Mesh

This topic describes how to migrate traffic from Nginx Ingress Controller to an ingress gateway.

Prerequisites

A Service Mesh (ASM) instance of Enterprise Edition or Ultimate Edition is created and the instance is of the latest version. For more information, see Create an ASM instance.
A Container Service for Kubernetes (ACK) cluster is added to the ASM instance. For more information, see Add a cluster to an ASM instance.

Traffic flow

ASM

Procedure

Step 1: Create an ingress gateway

Create the YAML file of the Istio gateway to reuse the Classic Load Balancer (CLB) instance that is associated with Nginx Ingress Controller. Take note of the following items:

Note

For more information about the reuse of CLB instances that are created by using the LoadBalancer service type, see FAQ.

Edit the settings related to the CLB instance for the serviceAnnotations parameter in the YAML file.
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: specifies the CLB instance that you want to reuse.
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: specifies whether to overwrite the existing listeners of the CLB instance. Set the value to false.
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: specifies the vServer groups of the CLB instance that you want to reuse. Separate multiple ports and vServer groups with commas (,). Example: "${YOUR_VGROUP_ID_1}:80, ${YOUR_VGROUP_ID_2}:443".
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: specifies the weight of the ingress gateway. You can set the weight to 0 when the routing rule has not been configured for the ingress gateway or exceptions occur. When you set the weight to 0, the CLB instance does not forward traffic to the ingress gateway. Before you specify this parameter, make sure that the scheduling algorithm for the CLB instance is weighted round-robin (WRR).

Sample configurations of service annotations:

 serviceAnnotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "lb-xxxxx"  //Replace lb-xxxxx with the ID of the CLB instance that you created in the CLB console. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: 'false'  //Set the value to false because existing listeners are overwritten by default based on the Istio gateway. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"   //Replace ${YOUR_VGROUP_ID} with the ID of the vServer group of the CLB instance. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "60"   //If you set the weight to 0, the ingress gateway no longer receives traffic.

Step 2: Manually translate Ingress configurations to Istio resource configurations such as VirtualService and DestinationRule configurations

The following YAML codes provide an example of how to translate Ingress configurations to VirtualService configurations:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: helloworld
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  rules:
    - http:
        paths:
          - backend:
              serviceName: helloworld
              servicePort: 80
            path: /helloworld(/|$)(.*)
      host: example.com

Translated VirtualService configurations:

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: example-vs
spec:
  gateways:
  - istio-system/ingressgateway  ## your gateway name
  hosts:
  - example.com
  http:
  - name: route-helloworld
    match:
    - uri:
        prefix: /helloworld/
    - uri:
        prefix: /helloworld
    rewrite:
      uri: /
    route:
    - destination:
        host: helloworld
        port:
          number: 80

VirtualService and DestinationRule can be deployed in the same namespace as the corresponding service deployment. If you deploy them in a different namespace, set the value of destination.host in the FQDN format.

Step 3: Verify the configurations

Verify that the configurations are valid and take effect by checking the traffic flow. Create a CLB instance, send traffic to the CLB instance, and check whether the traffic flow meets expectations. For more information, see Traffic flow.

Step 4: Adjust the weight of each backend instance attached to the CLB instance that is associated with Nginx Ingress Controller to gradually migrate traffic to the ingress gateway

We recommend that you first set the weight of the ingress gateway to a small value, such as 1, and check whether the traffic flow meets expectations. Then, increase the weight gradually until all the traffic is routed to the ingress gateway.

Methods of adjusting the weight:

To adjust the weight of the ingress gateway, edit the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation.
To adjust the weight of a backend instance attached to the CLB instance that is associated with Nginx Ingress Controller, edit the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation of the related Service. If no weight-related annotation is configured for the Service, go to the CLB console to adjust the weight.