This topic describes the basic features and advanced features of Application Load Balancer (ALB) Ingresses, and the features supported when ALB Ingresses work with other cloud services, such as Enterprise Distributed Application Service (EDAS) and Serverless App Engine (SAE).
An AlbConfig object is a CustomResourceDefinition (CRD) object that Container Service for Kubernetes (ACK) provides for the ALB Ingress controller. The ALB Ingress controller uses AlbConfig objects to configure ALB instances and listeners. The following table describes how to install and uninstall the ALB Ingress controller in ASK clusters, create and modify AlbConfig objects, and enable Log Service.
|ALB Ingress controller||Manage the ALB Ingress controller||
ASK clusters provide the managed Application Load Balancer (ALB) Ingress controller that implements Layer 7 forwarding rules.
You can install the ALB Ingress controller when you create an ASK cluster, or install the ALB Ingress controller on the Components page.
|Manage the ALB Ingress controller|
|Instance management||Create an AlbConfig object||
An AlbConfig object is a custom resource definition (CRD) object that the ALB Ingress controller uses to configure ALB instances and listeners.
An AlbConfig object is used to configure a specific ALB instance. If you want to configure multiple ALB instances, you must create multiple AlbConfig objects.
|Create an AlbConfig object|
|Associate an AlbConfig object with an Ingress||You can associate an AlbConfig object with an Ingress by using an IngressClass. To do this, you must first create an IngressClass.||Associate an AlbConfig object with an Ingress|
|Modify AlbConfig settings||You can modify the settings, such as the name and vSwitch, of an AlbConfig object.
After you save the settings, they are automatically applied.
|Enable Log Service for log collection||If you want to collect the access log of ALB Ingresses, set the
|Enable Log Service for log collection|
|Reuse an existing ALB instance||If you want to reuse an existing ALB instance, specify the ID of the ALB instance in the AlbConfig configuration.||Reuse an existing ALB instance|
|Use multiple ALB instances||If you want to use multiple ALB instances, specify multiple IngressClasses in the
||Use multiple ALB instances|
|Delete an ALB instance||An AlbConfig object is used to configure a specific ALB instance. Therefore, you can delete an ALB instance by deleting the corresponding AlbConfig object. Before you can delete an AlbConfig object, you must delete all Ingresses that are associated with the AlbConfig object.||Delete an ALB instance|
|Listener management||Specify a certificate for HTTPS connections||You can specify a certificate for an ALB instance by specifying the certificate ID
||Specify a certificate for HTTPS connections|
|Specify a TLS security policy||When you use an AlbConfig object to configure HTTPS listeners, you can specify a TLS security policy. Custom TLS security policies and default TLS security policies are supported. For more information, see TLS security policies.||Specify a TLS security policy|
An Ingress is an API object that you can use to provide Layer 7 load balancing to manage external access to Services in an ASK cluster. The following table describes how to use ALB Ingresses to forward requests to backend server groups based on domain names and URL paths, redirect HTTP requests to HTTPS, and implement canary releases.
|Forward requests based on domain names||You can create an Ingress with a domain name and an Ingress without a domain name, and then use the Ingresses to forward requests.||Forward requests based on domain names|
|Forward requests based on URL paths||ALB Ingresses can forward requests based on URL paths. You can use the
||Forward requests based on URL paths|
|Configure health checks||You can add annotations to ALB Ingresses to configure health checks. The health check parameters include path, protocol, method, httpcode, timeout, interval, and threshold.||Configure health checks|
|Configure automatic certificate discovery||The ALB Ingress controller supports automatic certificate discovery. You must first create a certificate in the SSL Certificates Service console. Then, specify the domain name of the certificate in the Transport Layer Security (TLS) configurations of the Ingress. This way, the ALB Ingress controller can automatically discover and match the certificate based on the TLS configurations of the Ingress.||Configure automatic certificate discovery|
|Redirect HTTP requests to HTTPS||You can configure an ALB Ingress to redirect HTTP requests to HTTPS (port 443) by
||Redirect HTTP requests to HTTPS|
|Configure the HTTPS or gRPC protocol||ALB Ingresses support the HTTPS or gRPC protocol. To configure HTTPS or gRPC, add
Note You cannot change the backend protocol. If you need to change the protocol, delete and rebuild the Ingress.
|Configure the HTTPS or gRPC protocol|
|Configure rewrite rules||ALB Ingresses support rewrite rules. To configure rewrite rules, add the
|Configure rewrite rules|
|Configure custom listening ports||ALB Ingresses allow you to configure custom listening ports. This allows you to use both port 80 and port 443 to expose a Service.||Configure custom listening ports|
|Configure forwarding rule priorities||You can add an annotation to the configuration of an Ingress to configure the priorities
of the forwarding rules of the Ingress.
Note The priority of each forwarding rule within a listener must be unique. You can use the
|Configure forwarding rule priorities|
|Use annotations to perform canary releases||ALB allows you to configure canary releases based on request headers, cookies, and
weights to handle complex traffic routing. You can add annotations to configure canary
You can add the
|Use annotations to perform canary releases|
|Configure session persistence||You can configure session persistence for an ALB Ingress by adding the
||Configure session persistence by using annotations|
|Specify a load balancing algorithm for backend server groups||You can specify a load balancing algorithm for backend server groups by adding the
||Specify a load balancing algorithm for backend server groups|
Integration with other cloud services
|EDAS||Create an ALB Ingress for an application||EDAS supports ALB Ingress routes. Based on Application Load Balancer (ALB), ALB Ingresses provides enhanced traffic management and are compatible with NGINX Ingresses. This enables ALB Ingresses to process complex routing and automatically discover certificates.||Create an ALB Ingress for an application|
|Function Compute||Specify a function from Function Compute as a backend server of ALB||After you add a function to an ALB server group, requests received by the server group are forwarded to Function Compute to invoke the specified function. After Function Compute runs the function, ALB returns the response from Function Compute to the client.||Specify a function from Function Compute as a backend server of ALB|