Access applications in Container Service for Kubernetes through cloud-native gateway - Microservices Engine

The cloud-native gateway has integrated with the service discovery capabilities of Alibaba Cloud Container Service for Kubernetes (ACK). This allows you to easily expose applications deployed within ACK to external networks via the gateway, enabling efficient and secure service publishing. This article uses an application deployed in ACK as an example to help you get started with the cloud-native gateway.

Prerequisites

Create an ACK managed cluster and deployed a Deployment service and the corresponding Service in the cluster.

If you do not have a suitable application, refer to the following YAML to deploy a httpbin Deployment and a httpbin Service. See Create a stateless application using a Deployment for details.

View httpbin YAML

apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      containers:
        - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin
          args:
            - "--version=v1"
          imagePullPolicy: Always
          name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  namespace: default
spec:
  ports:
    - port: 8080
      protocol: TCP
  selector:
    app: httpbin

Configuration process

Cloud-native gateway can directly add application services deployed in ACK. The specific configuration process is as follows:

Create a cloud-native gateway
Create a cloud-native gateway instance in the same region as your ACK cluster.
Create a route
Create a routing policy and associate services and service sources.
Configure security groups
Grant necessary port range access permissions to the cloud-native gateway in the security group of the backend service.
Debug the route
Verify using the route debugging feature.

Step 1: Create a cloud-native gateway

Note

If you already have an available cloud-native gateway instance in the region where your ACK cluster is located, you can skip this step.

Log on to the MSE console. In the top navigation bar, select a region.
On the Gateways page, click Create Gateway.
On the cloud-native gateway purchase page, select the following configurations: For Region, select the same region as your ACK cluster. For VPC, select the same VPC as your ACK cluster. For Network Type, select Internet. Then, click Buy Now.
Note
The gateway creation may take 2 to 3 minutes.

Step 2: Create a route

Log on to the MSE console. In the top navigation bar, select a region.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
In the navigation pane on the left, click Routes, and then click Add Route on the Routes tab.
On the Add Route page, enter the Routing Rule Name. For Domain Name, select *. For Path matching rule, select Prefix and enter /. For Scenario, select Single Service. Click the input box under Service Name, and click Associate Service in the dropdown list.
On the Associate Service page, select Container Service as Source Type, select your ACK cluster name for Service Source, and select the application in your ACK cluster that you want to expose, such as httpbin, from the Service list. And then click OK.
Select Service Name as httpbin. Click Save And Publish.

Note

When creating a route, you can create and associate a domain name. For more information, see Create a domain name.
Cloud-native gateway seamlessly integrates with container and microservice ecosystems, supporting multiple service discovery methods such as K8s, MSE Nacos, and EDAS. For more information, see Associate service sources.

Step 3: Configure security groups

When purchasing a cloud-native gateway, select a VPC, and a security group type the same as your backend service. The cloud-native gateway will create a corresponding managed security group to manage the gateway's instance nodes. Since the nodes of the cloud-native gateway and backend services are in different security groups, you need to grant the necessary port range access permissions to the cloud-native gateway in the security group of the backend service. For information on how to configure the security group, see Configure security group rules.

Step 4: Debug the route

Log on to the MSE console. In the top navigation bar, select a region.
In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the ID of the gateway.
In the left-side navigation pane, click Routes. Then, click the Routes tab.
On the Routes page, click Debug in the Actions column of the target route named httpbin-demo to go to the debugging page.
Enter version as the interface parameter, click Send, and you will see the service interface return result as shown below.

Microservices Engine:Access applications in Container Service for Kubernetes through cloud-native gateway