Both Container Service for Kubernetes (ACK) clusters and serverless Kubernetes (ASK) clusters support NGINX Ingresses andApplication Load Balancer (ALB) Ingresses. ALB Ingresses are fully managed by Alibaba Cloud, while NGINX Ingresses require manual maintenance. This topic describes the differences between NGINX Ingresses and ALB Ingresses from multiple perspectives.

The NGINX Ingress component requires manual maintenance. If you want to customize gateways, you can choose NGINX Ingresses. ALB Ingresses are implemented based on ALB instances. ALB Ingresses support auto scaling and are fully managed by Alibaba Cloud. An ALB instance supports one million queries per second (QPS), which provides ALB Ingresses with improved traffic routing capabilities. The following table describes the scenarios of NGINX Ingresses and ALB Ingresses.

Item Scenario
Nginx Ingress
  • Allows you to customize gateways.
  • Supports canary releases and blue-green deployments for cloud-native applications.
ALB Ingress
  • Supports high-performance auto scaling for Internet applications at Layer 7.
  • Supports canary releases and blue-green deployments for cloud-native applications.
  • Supports high QPS and a large number of concurrent connections.

The following table describes the differences between NGINX Ingresses and ALB Ingresses.

Item Nginx Ingress ALB Ingress
Service positioning
  • Provides traffic management and advanced routing features at Layer 7.
  • A cluster component that supports highly customized configuration.
  • Provides traffic management and advanced routing features at Layer 7.
  • Runs at the application layer, provides deep integration with containers, and supports different release policies, such as canary release, A/B testing, blue-green deployment, and traffic distribution by ratio.
  • Provides ultra-large capacities and supports auto scaling and automated O&M.
  • Supports integration with multiple cloud services, such as Web Application Firewall (WAF), Function Compute, PrivateLink, and transit routers.
Architecture Provides extended features based on NGINX and Lua.
  • Developed based on the Cloud Network Management platform.
  • Developed based on the CyberStar platform and supports auto scaling.
Basic routing
  • Supports content-based routing.
  • Supports HTTP rewrites, redirects, overwrites, and throttling.
  • Supports routing based on content and source IP addresses.
  • Supports HTTP rewrites, redirects, overwrites, throttling, cross-origin resource sharing (CORS), and session persistence.
  • Supports inbound and outbound forwarding rules.
Protocol HTTP and HTTPS are supported.
  • HTTP and HTTPS are supported.
  • Quick UDP Internet Connections (QUIC), WebSocket, WSS, and gRPC are supported.
Configuration change
  • Processes are reloaded when you change the certificate. This may interrupt persistent connections.
  • Configuration changes other than certificate changes are performed by using hot updates based on Lua.
  • Processes are reloaded when you change the configuration of the Lua plug-in.
Allows you to change the configuration by calling API operations. This method is more efficient than using the list-watch mechanism to modify the configuration.
Authentication
  • Supports Basic Auth-based authentication.
  • Supports the OAuth protocol.
Supports TLS-based authentication.
Performance
  • Requires manual tuning to optimize system parameters and NGINX parameters.
  • Requires proper configurations on the number of replicated pods and the amount of resources.
  • Supports one million QPS per instance.
  • Supports tens of millions of connections per instance.
  • Uses SSL hardware for acceleration.
Observability
  • Allows you to collect the access log.
  • Allows you to configure Prometheus monitoring.
  • Allows you to collect the access log by using Log Service.
  • Allows you to collect metrics by using CloudMonitor.
  • Allows you to configure alerting based on CloudMonitor.
O&M
  • Supports manual O&M for the component.
  • Allows you to configure Horizontal Pod Autoscaler (HPA)-based scaling.
  • Allows you to specify computing resource specifications for optimization.
  • Fully managed and O&M-free.
  • Supports auto scaling and automated configuration and provides ultra-large capacities.
  • Supports auto scaling for handling traffic spikes.
Security
  • Supports HTTPS.
  • Supports blacklists and whitelists.
  • Supports end-to-end data transfer over HTTPS, server Name Indication (SNI) for multiple certificates, Rivest-Shamir-Adleman (RSA) and elliptic-curve cryptography (ECC) certificates, TLS 1.3, and TLS cipher suites.
  • Supports WAF.
  • Supports Anti-DDoS.
  • Supports blacklists and whitelists.
Service governance
  • Supports service discovery in Kubernetes clusters.
  • Supports canary releases.
  • Supports traffic throttling for high availability.
  • Supports service discovery in Kubernetes clusters.
  • Supports canary releases.
  • Supports traffic throttling for high availability.
Extended features Supports Lua for configuring extended features. Supports AScript for configuring extended features. For more information, see Overview of AScript.
Cloud-native support
  • Supports NGINX Service Mesh
  • A component that requires manual maintenance and can be used in ACK clusters and ASK clusters.
  • Supports multiple cloud services, such as WAF, Function Compute, PrivateLink, and transit routers.
  • A managed component that can be used in Container Service for Kubernetes (ACK) clusters and serverless Kubernetes (ASK) clusters.