Network Load Balancer (NLB) is a Layer 4 load balancer from Alibaba Cloud that provides high performance, auto-scaling, and high availability to improve the stability of your gateway traffic. ASM supports using NLB for its ingress gateways. When you set the Service type for an ASM ingress gateway to LoadBalancer, a Classic Load Balancer (CLB) is associated by default. This topic describes how to associate an NLB instead.
Prerequisites
An ACK cluster is added to an ASM instance, and the following conditions are met:
-
The Kubernetes cluster is version 1.24 or later and the Cloud Controller Manager (CCM) is version 2.5.0 or later.
-
The ASM instance is version 1.18 or later.
-
The ACK cluster's VPC has vSwitches in at least two zones.
Procedure
-
Log on to the ASM console. In the left-side navigation pane, choose .
-
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
-
You can create an ingress gateway by using the ASM console or a YAML template.
Console
On the Ingress Gateway page, click Create. This section describes only the NLB-specific parameters. For information about other parameters, see Create an ingress gateway.
Parameter
Description
NLB
This parameter is available only when Service Type is set to LoadBalancer.
Supports Internet Access and Private Access.
Create SLB Instance
-
The console defaults to Create SLB Instance, but you can select Use Existing CLB Instance as needed.
-
If you select this option, you must select vSwitches in at least two zones under Select Zones for NLB Instance.
Use Existing CLB Instance
If you select this option, you must select an existing NLB from the Select Existing Load Balancer Instance drop-down list.
ImportantAssign a dedicated load balancer to each Kubernetes service. Reusing a load balancer across multiple services has the following risks and limitations:
-
Reusing an existing load balancer overwrites its listeners, which can cause application outages.
-
You cannot reuse a load balancer that was automatically created by Kubernetes through a Service. You can only reuse a load balancer created manually in the console or by calling an OpenAPI.
-
Multiple services that reuse the same load balancer cannot have the same frontend listener port. Otherwise, a port conflict occurs.
-
When you reuse a load balancer, Kubernetes uses the names of the listener and vServer group as unique identifiers. Do not modify these names.
-
You cannot reuse a load balancer across different clusters or regions.
YAML
On the Ingress Gateway page, click Create from YAML, set the gateway name to ingressgateway-nlb-test, and select istio-system as the Namespaces. Then, enter the following YAML.
In the YAML file, you must set
loadBalancerClasstoalibabacloud.com/nlb. You do not need to specify an NLB specification, but you must specify at least two zones.After you create the gateway, its details appear on the page. Unlike a CLB-based gateway, an NLB-based gateway uses a domain name for its Service address, not an IP address. Also, because two zones were specified when the ingress gateway was created, the domain name is bound to two IP addresses.
After the gateway is created, you can view its instance information on the ingress gateway page. This information includes the gateway name (such as
ingressgateway-nlb-test), status, version, cluster ID, service address (NLB domain name), and port mapping (such as HTTP | 80:80 and HTTPS | 443:443). The page also provides links to management operations such as Edit Gateway, View Details, View YAML, and Delete, and to advanced features and observability options such as Gateway Security, Log Center, and Gateway Monitoring.You can log on to the NLB console to view the NLB instance's status. For more information about NLB, see Configure an NLB instance by using annotations and NLB billing.
-