An Ingress is an API object that provides Layer-7 load balancing to manage external access to services in a Kubernetes cluster. This topic describes the basic concepts and usage instructions of Ingresses. This topic also describes how Ingresses work.
MSE Cloud-native Gateway (MSE Ingress Controller)
Microservices Engine (MSE) Cloud-native Gateway is a next-generation gateway product that is developed by Alibaba Cloud. MSE Cloud-native Gateway offers the advantages of low costs, security protection, high integration, and high availability. MSE Cloud-native Gateway integrates traditional traffic gateways with microservices gateways to provide fine-grained traffic governance capabilities at low resource costs. MSE Cloud-native Gateway supports service discovery by using Container Service for Kubernetes (ACK) clusters, Nacos instances, Eureka instances, fixed IP addresses, or function as a service (FaaS). MSE Cloud-native Gateway supports multiple logon authentication methods to provide security protection. MSE Cloud-native Gateway establishes a comprehensive and multidimensional monitoring system that provides features such as metric monitoring, log analysis, and tracing analysis. MSE Cloud-native Gateway can parse standard Ingress resources when one or more Kubernetes clusters are deployed. This way, you can perform centralized traffic governance based on annotations in cloud-native application scenarios.
MSE Ingress Controller is a component that is provided by MSE Cloud-native Gateway. MSE Ingress Controller helps you use conventional Kubernetes custom resources to manage the lifecycle of cloud-native gateways and the parameters that are used to listen to Ingress resources.
MSE Cloud-native Gateway uses Kubernetes custom resources to manage cloud-native gateways. The overall solution architecture consists of MSE Ingress Controller and cloud-native gateways that are managed by MSE Ingress Controller. MSE Ingress Controller is deployed in clusters.
- Optional:MSE Ingress Controller: You can install MSE Ingress Controller in ACK clusters by using Helm packages. After MSE Ingress Controller is installed, you can use the MseIngressConfig CustomResourceDefinition (CRD) that is provided by MSE Ingress Controller to manage cloud-native gateways by using annotation-based configurations and to configure the parameters that are used for gateways to listen to Ingress resources. You can also associate a cloud-native gateway with an ACK cluster and configure parameters that are related to Ingresses in the MSE console. MSE Ingress Controller has been published to the Marketplace page in the ACK console.
- MSE cloud-native gateways: A cloud-native gateway consists of a control panel and
a data panel.
- Control panel: The control panel is used to listen to the traffic governance configurations that are sent from the MSE console, and to listen to resources such as services, nodes, Ingresses, and Ingress classes in the associated ACK cluster. After the cloud-native gateway parses the resources, the control panel sends the parsing result to the data panel of the gateway in real time.
- Data panel: The data panel is used to implement traffic governance. The data panel processes external requests based on the governance rules that are sent from the control panel, and routes the requests to your destination backend services.
MSE Ingress Controller listens to the resource that is defined by MseIngressConfig in an ACK cluster, and dynamically maintains the lifecycle of the cloud-native gateway that corresponds to the resource and the association between the cloud-native gateway and ACK cluster in real time.
The control panel of the cloud-native gateway obtains the changes of Ingress resources by using the API server of the associated ACK cluster, and dynamically updates the routing rules of the gateway. After the cloud-native gateway receives a request, the gateway matches the request with an Ingress routing rule and routes the request to the pod that corresponds to the backend service based on the matched routing rule.
In a Kubernetes cluster, services, Ingresses, and MSE Ingress Controller work in the following process:
- A service is an abstraction of an application that is deployed in a group of replicated pods.
- An Ingress contains reverse proxy rules. The Ingress specifies the service to which HTTP or HTTPS requests are routed. For example, an Ingress routes requests to different services based on the hostnames and URLs in the requests.
- MseIngressConfig is a CRD that is provided by MSE Ingress Controller. MseIngressConfig provides the basic information about a cloud-native gateway.
- MSE Ingress Controller listens to the resource that is defined by MseIngressConfig in an ACK cluster and dynamically maintains the lifecycle of the cloud-native gateway that corresponds to the resource and the association between the gateway and ACK cluster in real time.
The following figure shows the scenario in which MSE Cloud-native Gateway works for Ingresses in multiple ACK clusters.