This topic describes the basic features and advanced features of Application Load Balancer (ALB) Ingresses, and the features supported when ALB Ingresses work with other cloud services, such as Enterprise Distributed Application Service (EDAS) and Serverless App Engine (SAE).

Basic features

An AlbConfig object is a CustomResourceDefinition (CRD) object that Container Service for Kubernetes (ACK) provides for the ALB Ingress controller. The ALB Ingress controller uses AlbConfig objects to configure ALB instances and listeners. The following table describes how to install and uninstall the ALB Ingress controller in ASK clusters, create and modify AlbConfig objects, and enable Log Service.

Object Feature Description References
ALB Ingress controller Manage the ALB Ingress controller

ASK clusters provide the managed Application Load Balancer (ALB) Ingress controller that implements Layer 7 forwarding rules.

You can install the ALB Ingress controller when you create an ASK cluster, or install the ALB Ingress controller on the Components page.

Manage the ALB Ingress controller
Instance management Create an AlbConfig object

An AlbConfig object is a custom resource definition (CRD) object that the ALB Ingress controller uses to configure ALB instances and listeners.

An AlbConfig object is used to configure a specific ALB instance. If you want to configure multiple ALB instances, you must create multiple AlbConfig objects.

Create an AlbConfig object
Associate an AlbConfig object with an Ingress You can associate an AlbConfig object with an Ingress by using an IngressClass. To do this, you must first create an IngressClass. Associate an AlbConfig object with an Ingress
Modify AlbConfig settings You can modify the settings, such as the name and vSwitch, of an AlbConfig object.

After you save the settings, they are automatically applied.

Enable Log Service for log collection If you want to collect the access log of ALB Ingresses, set the logProject and logStore parameters in the AlbConfig configuration.
Note
  • Log Service projects must be manually created. For more information, see Manage a project.
  • Set logStore to a value that starts with alb_. If the specified Logstore does not exist, the system automatically creates one with the specified name.
Enable Log Service for log collection
Reuse an existing ALB instance If you want to reuse an existing ALB instance, specify the ID of the ALB instance in the AlbConfig configuration. Reuse an existing ALB instance
Use multiple ALB instances If you want to use multiple ALB instances, specify multiple IngressClasses in the spec.ingressClassName field of the Ingress configuration. Use multiple ALB instances
Delete an ALB instance An AlbConfig object is used to configure a specific ALB instance. Therefore, you can delete an ALB instance by deleting the corresponding AlbConfig object. Before you can delete an AlbConfig object, you must delete all Ingresses that are associated with the AlbConfig object. Delete an ALB instance
Listener management Specify a certificate for HTTPS connections You can specify a certificate for an ALB instance by specifying the certificate ID in the listeners parameter of the corresponding AlbConfig object. The certificate is used for HTTPS connections. Specify a certificate for HTTPS connections
Specify a TLS security policy When you use an AlbConfig object to configure HTTPS listeners, you can specify a TLS security policy. Custom TLS security policies and default TLS security policies are supported. For more information, see TLS security policies. Specify a TLS security policy

Advanced features

An Ingress is an API object that you can use to provide Layer 7 load balancing to manage external access to Services in an ASK cluster. The following table describes how to use ALB Ingresses to forward requests to backend server groups based on domain names and URL paths, redirect HTTP requests to HTTPS, and implement canary releases.

Feature Description References
Forward requests based on domain names You can create an Ingress with a domain name and an Ingress without a domain name, and then use the Ingresses to forward requests. Forward requests based on domain names
Forward requests based on URL paths ALB Ingresses can forward requests based on URL paths. You can use the pathType parameter to configure different URL match policies. The valid values of pathType are Exact, ImplementationSpecific, and Prefix. Forward requests based on URL paths
Configure health checks You can add annotations to ALB Ingresses to configure health checks. The health check parameters include path, protocol, method, httpcode, timeout, interval, and threshold. Configure health checks
Configure automatic certificate discovery The ALB Ingress controller supports automatic certificate discovery. You must first create a certificate in the SSL Certificates Service console. Then, specify the domain name of the certificate in the Transport Layer Security (TLS) configurations of the Ingress. This way, the ALB Ingress controller can automatically discover and match the certificate based on the TLS configurations of the Ingress. Configure automatic certificate discovery
Redirect HTTP requests to HTTPS You can configure an ALB Ingress to redirect HTTP requests to HTTPS (port 443) by adding the alb.ingress.kubernetes.io/ssl-redirect: "true" annotation. Redirect HTTP requests to HTTPS
Configure the HTTPS or gRPC protocol ALB Ingresses support the HTTPS or gRPC protocol. To configure HTTPS or gRPC, add the alb.ingress.kubernetes.io/backend-protocol: "grpc" or alb.ingress.kubernetes.io/backend-protocol: "https" annotation. If you want to use an Ingress to distribute requests to a gRPC service, you must configure an SSL certificate for the gRPC service and use the TLS protocol to communicate with the gRPC service.
Note You cannot change the backend protocol. If you need to change the protocol, delete and rebuild the Ingress.
Configure the HTTPS or gRPC protocol
Configure rewrite rules ALB Ingresses support rewrite rules. To configure rewrite rules, add the alb.ingress.kubernetes.io/rewrite-target: /path/${2} annotation.
Note
  • To configure rewrite rules, Submit a ticket to apply to be added to a whitelist.
  • In the rewrite-target annotation, you must set the type of the path parameter to Prefix for a capturing group of the ${number} type.
  • By default, the path parameter does not support characters that are supported by regular expressions, such as asterisks (*) and question marks (?). To specify characters that are supported by regular expressions in the path parameter, you must add the rewrite-target annotation.
  • The value of the path parameter must start with a forward slash (/).
Configure rewrite rules
Configure custom listening ports ALB Ingresses allow you to configure custom listening ports. This allows you to use both port 80 and port 443 to expose a Service. Configure custom listening ports
Configure forwarding rule priorities You can add an annotation to the configuration of an Ingress to configure the priorities of the forwarding rules of the Ingress.
Note The priority of each forwarding rule within a listener must be unique. You can use the alb.ingress.kubernetes.io/order annotation to specify the priorities of the forwarding rules of an Ingress. Valid values: 1 to 1000. A lower value indicates a higher priority.
Configure forwarding rule priorities
Use annotations to perform canary releases ALB allows you to configure canary releases based on request headers, cookies, and weights to handle complex traffic routing. You can add annotations to configure canary releases.

You can add the alb.ingress.kubernetes.io/canary: "true" annotation to enable the canary release feature. Then, you can use the following annotations to configure different canary release rules.

Use annotations to perform canary releases
Configure session persistence You can configure session persistence for an ALB Ingress by adding the alb.ingress.kubernetes.io/sticky-session and alb.ingress.kubernetes.io/sticky-session-type annotations. Configure session persistence by using annotations
Specify a load balancing algorithm for backend server groups You can specify a load balancing algorithm for backend server groups by adding the alb.ingress.kubernetes.io/backend-scheduler annotation. Specify a load balancing algorithm for backend server groups

Integration with other cloud services

Cloud service Feature Description References
EDAS Create an ALB Ingress for an application EDAS supports ALB Ingress routes. Based on Application Load Balancer (ALB), ALB Ingresses provides enhanced traffic management and are compatible with NGINX Ingresses. This enables ALB Ingresses to process complex routing and automatically discover certificates. Create an ALB Ingress for an application
Function Compute Specify a function from Function Compute as a backend server of ALB After you add a function to an ALB server group, requests received by the server group are forwarded to Function Compute to invoke the specified function. After Function Compute runs the function, ALB returns the response from Function Compute to the client. Specify a function from Function Compute as a backend server of ALB