Use MSE Ingresses to access applications in ACK clusters - Microservices Engine

MSE Ingress is built based on cloud-native gateways of Alibaba Cloud Microservices Engine (MSE). MSE Ingress is compatible with NGINX Ingress and NGINX Ingress annotations. MSE Ingress supports the canary release of multiple service versions, flexible service governance capabilities, and comprehensive security protection. You can use MSE Ingress to meet the requirements for traffic governance on a large number of cloud-native distributed applications. This topic describes how to use MSE Ingresses to access applications in Container Service for Kubernetes (ACK) clusters.

Prerequisites

The MSE Ingress Controller component is installed for ACK clusters. You can use one of the following methods to install the MSE Ingress Controller component:
- When you create a cluster, you can select MSE Ingress for Ingress in the Component Configurations step.
- If an existing cluster is available, you can install the MSE Ingress Controller component on the Add-ons page. For more information, see Install the MSE Ingress Controller component on the Add-ons page.
Note
The version of your cluster must be 1.16 or later. For more information about how to create a cluster, see Create an ACK dedicated cluster or Create an ACK managed cluster. For more information about how to upgrade a cluster, see Update the Kubernetes version of an ACK cluster.
Relevant permissions are granted to the MSE Ingress Controller component. For more information, see Grant permissions to MSE Ingress Controller in ACK or ASK clusters.
A kubectl client is connected to the ACK cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

Background information

In an ACK cluster, you can define Ingress resources to manage internal services that are externally exposed. An Ingress is a collection of rules that allow access to services in a cluster. You can define Ingress resources in a destination Kubernetes cluster to configure routing rules. This way, different URLs can be used to access different services in the cluster.

An Ingress is a collection of traffic governance rules. Ingress controllers such as NGINX Ingress Controller are used to run Ingress resources. However, NGINX Ingress Controller cannot meet specific requirements of cloud-native applications. The requirements include complex traffic routing, support for multiple application-layer protocols, and Layer-7 traffic balancing. Application-layer protocols include Dubbo and Quick UDP Internet Connections (QUIC).

MSE Ingresses are next-generation gateways that are developed by Alibaba Cloud. MSE Ingresses offer the advantages of low costs, security protection, high integration, and high availability. For more information about MSE Ingresses and the working principle of MSE Ingresses, see MSE Ingress overview.

Step 1: Configure an MSE cloud-native gateway by using an MseIngressConfig

An MseIngressConfig is a CustomResourceDefinition (CRD) that is provided by MSE Ingress Controller. MSE Ingress Controller uses an MseIngressConfig to manage the lifecycle and global configurations of an MSE cloud-native gateway.

You can use MSE Ingress Controller to create an MSE cloud-native gateway based on the MseIngressConfig configuration. For more information about MseIngressConfigs, see Introduction to MseIngressConfigs.

Important

One MseIngressConfig maps to one cloud-native gateway. If you need to use multiple cloud-native gateways, you must create multiple MseIngressConfigs.
If you delete an MseIngressConfig in scenarios, except for the reuse scenario, the MSE cloud-native gateway that maps to the MseIngressConfig is also deleted.

Run the following command to create an instance named mse-ingress. The instance contains three replicas and uses the default values for the VPC and vSwitch parameters. Each replica is configured with 2 vCPUs and 4 GB memory.

cat << EOF | kubectl apply -f -
apiVersion: mse.alibabacloud.com/v1alpha1
kind: MseIngressConfig
metadata:
  name: test
spec:
  name: mse-ingress
  common:
    instance:
      spec: 2c4g
      replicas: 3
EOF

The following table describes the parameters in spec.

Parameter	Description	Required	Example
spec.name	The name of the MSE cloud-native gateway that you want to create.	No	mse-ingress
spec.common.instance.spec	The specifications of the MSE cloud-native gateway that you want to create. The default value is 4c8g.	No	2c4g
spec.common.instance.replicas	The number of replicas of the MSE cloud-native gateway that you want to create. The default value is 3.	No	3

Step 2: Create an Ingress class

An Ingress class is the description of an Ingress controller. An Ingress class is used to declare the implementation of an Ingress controller in a Kubernetes cluster. The Ingress resources that are associated with the Ingress class are parsed by the Ingress controller. You must associate an MseIngressConfig with the Parameter field of the Ingress class to implement the traffic management rule that is specified in the parsed Ingress resource description. An MseIngressConfig maps to an MSE cloud-native gateway.

Run the following command to create an Ingress class and associate the Ingress class with the MseIngressConfig created in Step 1: Configure an MSE cloud-native gateway by using an MseIngressConfig in spec.parameters.

Clusters that run a Kubernetes version earlier than 1.19 Clusters that run Kubernetes 1.19 or later

cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
  name: mse
spec:
  controller: mse.alibabacloud.com/ingress
  parameters:
    apiGroup: mse.alibabacloud.com
    kind: MseIngressConfig
    name: test
EOF

cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: mse
spec:
  controller: mse.alibabacloud.com/ingress
  parameters:
    apiGroup: mse.alibabacloud.com
    kind: MseIngressConfig
    name: test
EOF

Run the following command to query the status of the MseIngressConfig. If the MseIngressConfig is in the Listening state, the cloud-native gateway is created and is running. The cloud-native gateway automatically monitors Ingress resources that are associated with the IngressClass resource mse in the cluster.
```
kubectl get MseIngressConfig test
```
Expected output:
```
NAME   STATUS      AGE
test   Listening   3m15s
```
Note
The status of the MseIngressConfig changes in the following order: Pending > Running > Listening. Status description:
- Pending: The cloud-native gateway is being created. You must wait about 3 minutes.
- Running: The cloud-native gateway is created and is running.
- Listening: The cloud-native gateway is running and monitors Ingress resources in the cluster.
- Failed: The cloud-native gateway is invalid. You can view Message in the Status field to identify the cause.

Step 3: Use the MSE Ingress gateway to access applications in the ACK cluster

Run the following command to deploy the backend service go-httpbin:

cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: go-httpbin
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: go-httpbin
  template:
    metadata:
      labels:
        app: go-httpbin
        version: v1
    spec:
      containers:
        - image: specialyang/go-httpbin:v3
          args:
            - "--port=8090"
            - "--version=v1"
          imagePullPolicy: Always
          name: go-httpbin
          ports:
            - containerPort: 8090
---
apiVersion: v1
kind: Service
metadata:
  name: go-httpbin
  namespace: default
spec:
  ports:
    - port: 80
      targetPort: 8090
      protocol: TCP
  selector:
    app: go-httpbin
EOF

Run the following command to create an Ingress. The /version routing rule in the domain name example.com in the code exposes the backend service go-httpbin.

Clusters that run a Kubernetes version earlier than 1.19 Clusters that run Kubernetes 1.19 or later

cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress
  namespace: default
spec:
  ingressClassName: mse
  rules:
   - host: example.com
     http:
      paths:
      - path: /version
        backend:
          serviceName: go-httpbin
          servicePort: 80
EOF

cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress
  namespace: default
spec:
  ingressClassName: mse
  rules:
  - host: example.com 
    http:
      paths:
      - backend:
          service:
            name: go-httpbin
            port:
              number: 80
        path: /version
        pathType: Prefix
EOF

View the IP address of the Ingress resource.

kubectl get ingress ingress

Expected output:

NAME      CLASS   HOSTS            ADDRESS         PORTS   AGE
ingress   mse     example.com      114.55.XX.XX   80      12m

Run the following command to perform an access test:
```
curl -H "host: example.com" 114.55.XX.XX/version
```
Expected output:
```
version:v1
```