ALB Ingresses provide access to Services by using Application Load Balancer (ALB).
ALB Ingresses are suitable for handling traffic fluctuations. This topic describes
how to use an ALB Ingress to expose Services in a Container Service for Kubernetes
(ACK) cluster.
Background information
An Ingress provides a collection of rules that manage external access to Services
in a cluster. You can configure forwarding rules to assign Services different externally-accessible
URLs. However, NGINX Ingresses and Layer 4 Server Load Balancer (SLB) Ingresses cannot
meet the requirements of cloud-native applications, such as complex routing, multiple
application layer protocols support (such as QUIC), and balancing of heavy traffic
loads at Layer 7.
Prerequisites
- The ALB Ingress controller is installed.
- When you create an ACK cluster, select ALB Ingress in the Ingress field on the Component Configurations wizard page.
- If you use an existing cluster that does not have the ALB Ingress controller installed,
refer to Manage system components and install the ALB Ingress controller in the cluster.
- If you want to expose Services in an ACK dedicated cluster by using an ALB Ingress,
you must grant the required permissions to the ALB Ingress controller that is installed
in the cluster before you deploy the Services. For more information, see Grant permissions to the ALB Ingress controller in a dedicated Kubernetes cluster.
- A kubectl client is connected to the cluster. For more information, see Connect to ACK clusters by using kubectl.
Precautions
If you use the Flannel network plug-in, the backend Services of the ALB Ingress must
be of the NodePort or LoadBalancer type.
Step 1: Create an AlbConfig object
- Create a file named alb-test.yaml and copy the following content into the file. The file is used to create an AlbConfig
Object.
apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
name: default
spec:
config:
name: alb-test
addressType: Internet
zoneMappings:
- vSwitchId: vsw-uf6ccg2a9g71hx8go****
- vSwitchId: vsw-uf6nun9tql5t8nh15****
Parameter |
Description |
spec.config.name |
The name of the ALB instance. This parameter is optional. |
addressType |
The type of IP address that the ALB instance uses to provide services. This parameter
is required. Valid values:
- Internet: The ALB instance uses a public IP address. The domain name of the Ingress
is resolved to the public IP address of the ALB instance. Therefore, the ALB instance
is accessible over the Internet. This is the default value.
- Intranet: The ALB instance uses a private IP address. The domain name of the Ingress
is resolved to the private IP address of the ALB instance. Therefore, the ALB instance
is accessible only within the virtual private cloud (VPC) where the ALB instance is
deployed.
|
zoneMappings |
The IDs of the vSwitches that are used by the ALB Ingress. You must specify at least
two vSwitch IDs and the vSwitches must be deployed in different zones. This parameter
is required. For more information about the regions and zones that are supported by
ALB Ingresses, see Supported regions and zones.
|
- Run the following command to create an AlbConfig object:
kubectl apply -f alb-test.yaml
Expected output:
AlbConfig.alibabacloud.com/default created
- Create a file named alb.yaml and copy the following content into the file:
- Run the following command to create an IngressClass:
kubectl apply -f alb.yaml
Expected output:
ingressclass.networking.k8s.io/alb created
Step 2: Deploy applications
- Create a cafe-service.yaml file and copy the following content into the file. The file is used to deploy two
Deployments named
coffee
and tea
and two Services named coffee
and tea
. apiVersion: apps/v1
kind: Deployment
metadata:
name: coffee
spec:
replicas: 2
selector:
matchLabels:
app: coffee
template:
metadata:
labels:
app: coffee
spec:
containers:
- name: coffee
image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: coffee-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: coffee
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tea
spec:
replicas: 1
selector:
matchLabels:
app: tea
template:
metadata:
labels:
app: tea
spec:
containers:
- name: tea
image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: tea-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: tea
type: NodePort
- Run the following command to deploy the Deployments and Services:
kubectl apply -f cafe-service.yaml
Expected output:
deployment "coffee" created
service "coffee-svc" created
deployment "tea" created
service "tea-svc" created
- Run the following command to query the status of the Services that you created:
kubectl get svc,deploy
Expected output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
coffee-svc NodePort 172.16.231.169 <none> 80:31124/TCP 6s
tea-svc NodePort 172.16.38.182 <none> 80:32174/TCP 5s
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/coffee 2 2 2 2 1m
deploy/tea 1 1 1 1 1m
Step 3: Configure an Ingress
- Create a cafe-ingress.yaml and copy the following content to the file:
- Run the following command to configure an externally-accessible domain name and a
path
for the coffee
and tea
Services separately: kubectl apply -f cafe-ingress.yaml
Expected output:
ingress "cafe-ingress" created
- Run the following command to query the IP address of the ALB instance:
kubectl get ing
Expected output:
NAME CLASS HOSTS ADDRESS PORTS AGE
cafe-ingress <none> * alb-m551oo2zn63yov****.cn-hangzhou.alb.aliyuncs.com 80 50s
Step 4: Access the service
- After you obtain the IP address of the ALB instance, use one of the following methods
to access the
coffee
Service:
- After you obtain the IP address of the ALB instance, use one of the following methods
to access the
tea
Service: