An Ingress is an API object that provides Layer-7 load balancing to manage external access to services in a Kubernetes cluster. This topic describes the basic concepts and usage instructions of Ingresses. This topic also describes how Ingresses work.

Background information

In a Kubernetes cluster, an Ingress functions as an access point that exposes services in the cluster. The Ingress distributes most of the network traffic that is destined for the services in the cluster. An Ingress is a Kubernetes resource. It manages external access to the services in a Kubernetes cluster. You can configure routing rules for an Ingress to route network traffic to backend pods of different services in the Kubernetes cluster.
Note You can configure only HTTP traffic routing rules for Ingresses. You cannot configure advanced features, such as load balancing algorithms and session affinity, for Ingresses. To use the advanced features, you must configure these features on Ingress controllers.

MSE Cloud-native Gateway (MSE Ingress Controller)

Microservices Engine (MSE) Cloud-native Gateway is a next-generation gateway product that is developed by Alibaba Cloud. MSE Cloud-native Gateway offers the advantages of low costs, security protection, high integration, and high availability. MSE Cloud-native Gateway integrates traditional traffic gateways with microservices gateways to provide fine-grained traffic governance capabilities at low resource costs. MSE Cloud-native Gateway supports service discovery by using Container Service for Kubernetes (ACK) clusters, Nacos instances, Eureka instances, fixed IP addresses, or function as a service (FaaS). MSE Cloud-native Gateway supports multiple logon authentication methods to provide security protection. MSE Cloud-native Gateway establishes a comprehensive and multidimensional monitoring system that provides features such as metric monitoring, log analysis, and tracing analysis. MSE Cloud-native Gateway can parse standard Ingress resources when one or more Kubernetes clusters are deployed. This way, you can perform centralized traffic governance based on annotations in cloud-native application scenarios.

MSE Ingress Controller is a component that is provided by MSE Cloud-native Gateway. MSE Ingress Controller helps you use conventional Kubernetes custom resources to manage the lifecycle of cloud-native gateways and the parameters that are used to listen to Ingress resources.

Features

For more information about the features of MSE Cloud-native Gateway, see the following topics:

Components

MSE Cloud-native Gateway uses Kubernetes custom resources to manage cloud-native gateways. The overall solution architecture consists of MSE Ingress Controller and cloud-native gateways that are managed by MSE Ingress Controller. MSE Ingress Controller is deployed in clusters.

  • Optional:MSE Ingress Controller: You can install MSE Ingress Controller in ACK clusters by using Helm packages. After MSE Ingress Controller is installed, you can use the MseIngressConfig CustomResourceDefinition (CRD) that is provided by MSE Ingress Controller to manage cloud-native gateways by using annotation-based configurations and to configure the parameters that are used for gateways to listen to Ingress resources. You can also associate a cloud-native gateway with an ACK cluster and configure parameters that are related to Ingresses in the MSE console. MSE Ingress Controller has been published to the Marketplace page in the ACK console.
  • MSE cloud-native gateways: A cloud-native gateway consists of a control panel and a data panel.
    • Control panel: The control panel is used to listen to the traffic governance configurations that are sent from the MSE console, and to listen to resources such as services, nodes, Ingresses, and Ingress classes in the associated ACK cluster. After the cloud-native gateway parses the resources, the control panel sends the parsing result to the data panel of the gateway in real time.
    • Data panel: The data panel is used to implement traffic governance. The data panel processes external requests based on the governance rules that are sent from the control panel, and routes the requests to your destination backend services.

Implementation

MSE Ingress Controller listens to the resource that is defined by MseIngressConfig in an ACK cluster, and dynamically maintains the lifecycle of the cloud-native gateway that corresponds to the resource and the association between the cloud-native gateway and ACK cluster in real time.

The control panel of the cloud-native gateway obtains the changes of Ingress resources by using the API server of the associated ACK cluster, and dynamically updates the routing rules of the gateway. After the cloud-native gateway receives a request, the gateway matches the request with an Ingress routing rule and routes the request to the pod that corresponds to the backend service based on the matched routing rule.

In a Kubernetes cluster, services, Ingresses, and MSE Ingress Controller work in the following process:

  • A service is an abstraction of an application that is deployed in a group of replicated pods.
  • An Ingress contains reverse proxy rules. The Ingress specifies the service to which HTTP or HTTPS requests are routed. For example, an Ingress routes requests to different services based on the hostnames and URLs in the requests.
  • MseIngressConfig is a CRD that is provided by MSE Ingress Controller. MseIngressConfig provides the basic information about a cloud-native gateway.
  • MSE Ingress Controller listens to the resource that is defined by MseIngressConfig in an ACK cluster and dynamically maintains the lifecycle of the cloud-native gateway that corresponds to the resource and the association between the gateway and ACK cluster in real time.

The following figure shows the scenario in which MSE Cloud-native Gateway works for Ingresses in multiple ACK clusters.

Scenario