Associate an NLB instance with an ingress gateway - Alibaba Cloud Service Mesh

Alibaba Cloud Network Load Balancer (NLB) is a Layer 4 load balancing service intended for the Internet of Everything (IoE) era. NLB offers ultra-high performance and can automatically scale on demand. It supports higher availability and further improves the stability of gateway traffic. Ingress gateways support NLB. If you set ServiceType to LoadBalancer for an ingress gateway, a Classic Load Balancer (CLB) instance is associated as the load balancer of the ingress gateway by default. This topic describes how to associate an NLB instance with an ingress gateway.

Prerequisites

A Kubernetes cluster is added to an ASM instance, and the following conditions are met:

The version of the Kubernetes cluster is V1.24 or later and the cloud controller manager (CCM) version is V2.5.0 or later.
The version of the ASM instance is V1.18 or later.

Procedure

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.

On the Ingress Gateway page, click Create from YAML, set the Name parameter to ingressgateway-nlb-test, set Namespace to istio-system, and then configure the following YAML file.

In the YAML file, set loadBalancerClass to alibabacloud.com/nlb. You do not need to specify specifications for the NLB instance, but you must specify at least two zones.

Expand to view the YAML file

apiVersion: istio.alibabacloud.com/v1
kind: IstioGateway
metadata:
  name: ingressgateway-nlb-test
  namespace: istio-system
spec:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: istio
              operator: In
              values:
              - ingressgateway
          topologyKey: kubernetes.io/hostname
        weight: 1
  autoCreateGatewayYaml: false
  clusterIds:
  - ${IDs of the clusters that are added to the current ASM instance}
  disableContainerPortExposed: true
  dnsPolicy: ClusterFirst
  externalTrafficPolicy: Local
  gatewayType: ingress
  hostNetwork: false
  ports:
  - name: http-0
    port: 80
    protocol: HTTP
    targetPort: 80
  - name: https-1
    port: 443
    protocol: HTTPS
    targetPort: 443
  replicaCount: 2
  resources:
    limits:
      cpu: "2"
      memory: 4G
    requests:
      cpu: 200m
      memory: 256Mi
  rollingMaxSurge: 25%
  rollingMaxUnavailable: 25%
  runAsRoot: true
  serviceAnnotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain: "on"
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout: "10"
    service.beta.kubernetes.io/alicloud-loadbalancer-address-type: internet
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-zone-maps: ${ID of a zone}:${ID of a vSwitch in the zone},${ID of another zone}:${ID of a vSwitch in the zone} # Example: cn-hangzhou-g:vsw-bp1xxxxxxxxxx,cn-hangzhou-j:vsw-bp1xxxxxxxxxx
  serviceType: LoadBalancer
  loadBalancerClass: alibabacloud.com/nlb

The following figure shows the page after the ingress gateway is created. For an ingress gateway that is associated with a CLB instance, Service address is an IP address. For a gateway that is associated with an NLB instance, Service address is a domain name. If you specify two zones when you create an ingress gateway, two IP addresses are bound to the domain name.

You can log on to the NLB console to view the status of the NLB instance. For more information about NLB instances, see Configure NLB instances by using annotations and NLB billing.