MSE Ingress gateways extend the standard Kubernetes Ingress model by integrating Microservices Engine (MSE) cloud-native gateways with Container Service for Kubernetes (ACK). This gives you advanced traffic management, service governance, and security capabilities beyond what standard Kubernetes Ingress resources support.
This topic covers the key concepts, architecture, and components of MSE Ingress gateways. It is intended for cluster operators and platform engineers who manage ingress traffic in ACK or Container Compute Service (ACS) clusters.
Key concepts
In a Kubernetes cluster, an Ingress acts as an access point that exposes Services and distributes inbound traffic to backend pods. Standard Kubernetes Ingress resources handle HTTP traffic routing only—advanced features such as load balancing algorithms and session affinity require an Ingress controller implementation.
MSE Ingress gateways are built on MSE cloud-native gateways and add the following capabilities beyond standard Kubernetes Ingress:
-
Compatible with NGINX Ingress gateways and more than 50 NGINX Ingress annotations, covering more than 90% of NGINX Ingress gateway use cases
-
Canary releases for multiple service versions simultaneously
-
Flexible service governance and comprehensive security protection
Features
For detailed feature information, see the following topics:
Usage notes
ACK managed clusters, ACK Serverless clusters, and ACS clusters all support MSE Ingress gateways for Layer-7 load balancing of external traffic.
Deploy MSE Ingress Controller in your cluster before using MSE Ingress gateways. MSE Ingress Controller listens to resources defined in MseIngressConfig CustomResourceDefinitions (CRDs) and dynamically manages the lifecycles, global settings, and Ingress listening items of MSE cloud-native gateways. The cloud-native gateways then convert Ingress resources into traffic management configurations, exposing cluster Services externally. For details, see Use MSE Ingress gateways to access services in ACK clusters and ACS clusters.
Kubernetes Ingress resources support only HTTP traffic management, with advanced features implemented through annotations. MSE Ingress gateways are compatible with NGINX Ingress annotations and provide additional annotations for traffic governance and security. For details, see Advanced usage of MSE Ingress.
How MSE Ingress gateways work
Components
MSE Ingress gateways consist of two main components:
MSE Ingress Controller
MSE Ingress Controller is the control plane for managing MSE cloud-native gateways and their configurations. It does not process service traffic directly—it works as a traffic bypass to coordinate MSE cloud-native gateways that handle service requests. Install MSE Ingress Controller in your ACK managed cluster, ACK Serverless cluster, or ACS cluster. It uses MseIngressConfig CRDs to manage cloud-native gateways via annotations and configure Ingress resource listening.
For installation instructions, see Manage the MSE Ingress Controller component.
MSE cloud-native gateways
MSE Ingress Controller creates MSE cloud-native gateways based on the MseIngressConfig CRDs you configure. Each gateway has two planes:
-
Control plane: Listens to Ingresses, Ingress classes, and Services in your cluster, parses the configurations, and sends routing rules to the data plane in real time.
-
Data plane: Receives external requests, matches them against governance rules from the control plane, and routes the requests to the correct backend Service.
Traffic flow
The following table describes how each component interacts when a request flows through an MSE Ingress gateway.
| Step | From → To | Action |
|---|---|---|
| 1 | MseIngressConfig CRD → MSE Ingress Controller | MSE Ingress Controller watches the MseIngressConfig CRD and maintains the lifecycle of the corresponding cloud-native gateway and its association with your cluster. |
| 2 | Cluster API server → Cloud-native gateway control plane | The control plane connects to the cluster API server to detect changes in Ingress resources, then updates gateway routing rules dynamically. |
| 3 | Client → Cloud-native gateway data plane | The data plane receives the request, matches it against Ingress routing rules, and forwards it to the pod of the matched backend Service. |
The following figure shows how these components interact.
Resource relationships
The following resources work together in a Kubernetes cluster to enable MSE Ingress gateway traffic management:
| Resource | Role |
|---|---|
| Service | An abstraction representing one or more identical backend pods. |
| Ingress | A set of reverse proxy rules that route HTTP or HTTPS requests to Services based on hostnames and URLs. |
| Ingress class | Declares which Ingress controller implementation processes a given set of Ingress resources. Associate an MseIngressConfig with the Ingress class Parameter field to apply traffic management rules. |
| MseIngressConfig | A CRD provided by MSE Ingress Controller that defines the configuration for an MSE cloud-native gateway. |
| MSE Ingress Controller | The control plane that watches MseIngressConfig CRDs and coordinates MSE cloud-native gateways to implement the traffic management rules parsed from Ingress resources. |
References
-
For installation instructions, see Manage the MSE Ingress Controller component.
-
For release history, see Release notes for MSE Ingress gateways.