How ALB Ingress Controller Works in Registered Clusters - ACK

The Application Load Balancer (ALB) Ingress controller manages Layer 7 traffic routing for Services in an ACK cluster using ALB instances. It supports HTTP, HTTPS, and QUIC protocols, complex routing rules, and automatic certificate discovery for cloud-native applications with requirements for ultra-high elasticity and balancing of heavy traffic loads at Layer 7.

What is an Ingress

An Ingress is a Kubernetes resource object that exposes Services in a cluster to external traffic. It acts as an access point that distributes network traffic to the backend pods of different Services based on configurable forwarding rules.

How it works

The ALB Ingress controller watches for Ingress changes from the API server and automatically provisions and configures the required ALB resources:

Detects Ingress changes from the API server.
Generates an AlbConfig object for each ALB instance to be created.
Creates ALB instances.
Configures listeners on the ALB instances.
Creates Ingress rules.
Configures backend server groups.

The following diagram shows how the Service, Ingress, and AlbConfig objects interact:

Key objects

Object	Role
Service	An abstraction of an application running across a group of replicated pods.
Ingress	Contains reverse proxy rules that control how HTTP and HTTPS requests are routed to Services, based on hosts and URLs.
AlbConfig	A CustomResourceDefinition (CRD) object that configures an ALB instance and its listeners. One AlbConfig object maps to one ALB instance.

Warning

ALB instances that serve Ingresses are fully managed by the ALB Ingress controller. Do not modify these instances directly in the ALB console—manual changes may cause service interruptions. For ALB quota information, see Limits.

Capabilities

The ALB Ingress controller is compatible with the NGINX Ingress controller, and provides improved traffic routing capabilities based on ALB instances.

Prerequisites

Before installing the ALB Ingress controller in a registered cluster, make sure that:

The cluster runs a Kubernetes version later than 1.18.
The cluster is deployed in a region and zone supported by ALB. See Supported regions and zones.
The self-managed Kubernetes cluster is connected to the registered cluster over an internal network.
ALB Ingresses are associated with pods on elastic container instances, or with pods that use elastic network interfaces (ENIs) in a hybrid cluster running the Terway network plug-in.

What's next

Install or uninstall the controller: Manage the ALB Ingress controller
Route traffic to Services using URL-based rules: Access Services by using an ALB Ingress
Set up domain-based routing, HTTP-to-HTTPS redirects, and canary releases: Advanced ALB Ingress configurations
Create and manage AlbConfig objects and enable Simple Log Service: Use AlbConfigs to configure ALB instances