The Application Load Balancer (ALB) Ingress controller is a fully managed component that Container Service for Kubernetes (ACK) provides to control the traffic forwarding of registered clusters based on Layer 7 forwarding rules provided by ALB. This topic introduces the ALB Ingress controller, and describes the usage notes and release notes for the ALB Ingress controller.
Introduction
The ALB Ingress controller is compatible with NGINX Ingresses and provides powerful traffic management capabilities based on ALB instances. The ALB Ingress controller supports complex routing, automatic certificate discovery, and the HTTP, HTTPS, and Quick UDP Internet Connection (QUIC) protocols. These features meet the requirements of cloud-native applications for ultra-high elasticity and balancing of heavy traffic loads at Layer 7.
How the ALB Ingress controller works
The ALB Ingress controller retrieves the changes to Ingresses from the API server and dynamically generates AlbConfig objects when Ingresses changes are detected. Then, the ALB Ingress controller performs the following operations in sequence: create ALB instances, configure listeners, create Ingress rules, and configure backend server groups. The Service, Ingress, and AlbConfig objects interact with each other in the following ways:
Release notes
November 2023
Version number | Release date | Description | Impact |
v2.11.1-aliyun.1 | 2023-11-20 | The issue that the ALB Ingress controller may crash when no IngressClass is specified is fixed. | No impact on workloads |
October 2023
Version number | Release date | Description | Impact |
v2.11.0-aliyun.1 | 2023-10-31 | Rate limiting for source IP addresses is supported. Managed Service for OpenTelemetry is supported. Custom headers are supported by access logs. Mutual authentication is supported. The AlbConfig is no longer automatically updated when Ingress rules are updated. You cannot remove listeners that are configured with Ingress rules from the AlbConfig. Resource deletion in scenarios where the ALB instance is reused is optimized. The certificate association logic is optimized and multiple certificates are supported. The error that occurs when you enable HTTP/2 is fixed. The issue that the ALB Ingress controller may crash when forwarding actions are not properly configured is fixed. The issue that backend server groups may not be updated promptly when the ALB Ingress controller restarts is fixed.
| No impact on workloads |
August 2023
Version number | Release date | Description | Impact |
v2.10.0-aliyun.1 | 2023-08-15 | Hash values can be added to Ingresses and the AlbConfig to ensure that no unexpected changes occur when the ALB Ingress controller restarts. The exposure of abnormal events is optimized. The reconciliation process is optimized for scenarios in which reserved fields are used. The issue that the cache is not synchronized after Ingress resources are deleted is fixed. The issue that node event handling is interrupted is fixed. The synchronization logic of server groups is optimized.
| No impact on workloads |
July 2023
Version number | Release date | Description | Impact |
v2.9.0-aliyun.1 | 2023-07-11 | API throttling can be avoided when multiple server groups are reconciled with a Service. Service reconciliation events are exposed. The use of the ssl-redirect annotation is optimized. ShangMi (SM) certificates can be automatically discovered and filtered. The issue related to the reconciliation of CookieConfig in custom forwarding rules is fixed. The following issue is fixed: The ALB Ingress controller crashes if the http field of an Ingress is not configured. The following issue is fixed: Configuration updates fail if multiple actions are specified in the configuration of an Ingress.
| No impact on workloads |
June 2023
Version number | Release date | Description | Impact |
v2.8.3-aliyun.1 | 2023-06-05 | | No impact on workloads |
May 2023
Version number | Release date | Description | Impact |
v2.8.2-aliyun.1 | 2023-05-25 | The issue that forwarding rules may be deleted when the pods of the component are restarted is fixed. Internet Shared Bandwidth instances are no longer deleted during the reconciliation process. The network type of the ALB instance used by the component cannot be changed. This is a temporary change.
| No impact on workloads |
v2.8.1-aliyun.1 | 2023-05-09 | By default, the managed ALB Ingress controller is deployed in multiple replicated pods to ensure high availability. Resource groups can be specified when you create ALB instances. Multiple status codes are supported by health checks. Consistent hashing is supported for distributing traffic to backend server groups. The use-regex annotation is supported. The ALB Ingress controller can be deployed in a single zone. The network types of ALB instances can be changed. Internet Shared Bandwidth instances can be associated with ALB instances. Asynchronous API operations are optimized. Error messages are optimized. The issue that the default certificates displayed in the console are different from the actual default certificates used by ALB instances and the issue that the default certificates used by ALB instances are repeatedly specified are fixed.
| No impact on workloads |
March 2023
Version number | Release date | Description | Impact |
v2.7.0-aliyun.1 | 2023-03-14 | The reconciliation process and rule priorities are optimized to accelerate rule synchronization. Event notifications are optimized. Services can be reconciled with backend server groups. Network access control lists (ACLs) can be associated with ALB instances by specifying the IDs of the network ACLs. HTTPS and QUIC services can be deployed on the same port. Multiple server groups, rewrites, and uppercase and lowercase letters are supported by custom actions. Certificates that are configured by using Secrets have higher priorities than AlbConfigs. Hard-coded timeout values are removed. Configuration errors of Gzip compression are fixed.
| No impact on workloads |
December 2022
Version number | Release date | Description | Impact |
v2.6.0-aliyun.1 | 2022-12-23 | Custom tags can be added to ALB instances. Event notifications are optimized. No finalizers are configured for Ingress deletions. This fixes the issue that Ingresses are stuck when you delete them. Issues that occur when you switch the network type of an ALB instance to IPv6 are fixed. The issue that Ingress certificates are repeatedly discovered is fixed. The issue that the tags of backend server groups become invalid during canary releases is fixed.
| No impact on workloads |
November 2022
Version number | Release date | Description | Impact |
v2.5.0-aliyun.1 | 2022-11-23 | Secret certificates can be uploaded. Custom headers and cookies are supported. Network ACLs can be configured as whitelists. The processing logic of listeners is optimized. Errors that occur on listening port 443 do not affect reconciliations of port 80.
| No impact on workloads |
August 2022
Version number | Release date | Description | Impact |
v2.4.0-aliyun.1 | 2022-08-10 | Cross-origin resource sharing (CORS) is supported. Persistent connections to backend servers are supported. The processing logic of listener deletion is optimized.
| No impact on workloads |
June 2022
Version number | Release date | Description | Impact |
v2.3.0-aliyun.1 | 2022-06-23 | | No impact on workloads |
April 2022
Version number | Release date | Description | Impact |
v2.2.0-aliyun.1 | 2022-04-13 | Rewrite rules are supported. You can add annotations to configure rewrite rules. For more information, see Configure rewrite rules. TCP can be specified as the health check protocol. The ALB instance sends SYN packets to a backend server to check whether the port of the backend server is available to receive requests. For more information, see Configure health checks. TLS security policies are supported. When you use an AlbConfig to configure HTTPS listeners, you can specify a TLS security policy. For more information, see Specify a custom TLS security policy.
| No impact on workloads |