This topic describes how to create Application Load Balancer (ALB) Ingresses on self-managed Kubernetes clusters. This way, the Kubernetes clusters can use the ALB service.
Scenarios
The following scenario is used as an example in this topic. You created a self-managed Kubernetes cluster based on Alibaba Cloud resources, and you want the cluster to forward requests by using an ALB Ingress.
You can deploy alb-ingress-controller in the self-managed Kubernetes cluster and create Ingresses and Services. alb-ingress-controller synchronizes the Ingresses to ALB as forwarding rules based on the configurations of the Kubernetes cluster. alb-ingress-controller also monitors subsequent changes of the Ingresses by listening to the API Server of the cluster, and synchronizes the changes to ALB. After the changes are synchronized, ALB forwards requests to the specified pods in the cluster. For more information, see ALB Ingress overview.
Prerequisites
- A self-managed Kubernetes cluster whose version is 1.20 or higher is created on Alibaba Cloud. kubectl can be used to connect to the cluster. For more information about how to download and install kubectl, see Install and configure kubectl.
- The cluster can access the Internet by using SNAT. For more information, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
- To use a controller image for the self-managed cluster, take note of the following information:
- If you want to use a private image, you can compile and upload the image based on the information in Deploy the controller from source code.
- Clusters that use the general x86 architecture support open source images of Alibaba Cloud.
Procedure
The following steps require you to modify files. The following table describes the files and their purposes.
| Step | File name | Purpose |
|---|---|---|
| Step 1: Deploy alb-ingress-controller | load-balancer-controller.yaml Modified based on the template. | Used to deploy alb-ingress-controller. |
| Step 2: Create an AlbConfig object and an IngressClass | alb.yaml Created and modified. | Used to create an AlbConfig object and an IngressClass. After you create the resources, an ALB instance is created. |
| Step 3: Deploy a test application | test-service.yaml Created and modified. | Used to deploy test Services. |
| Step 4: Create an Ingress | test-ingress.yaml Created and modified. | Used to create an Ingress. |
Step 1: Deploy alb-ingress-controller
In this topic, alb-ingress-controller is deployed in InCluster mode. You can configure permissions on Services, endpoints, and nodes, and then use load-balancer-controller.yaml to deploy alb-ingress-controller. The service account, Deployment, and ConfigMap are preset, and you need to only modify them based on your business requirements.
- Modify the load-balancer-controller.yaml file and change the image corresponding to the Deployment to an available image address. load-balancer-controller.yaml is used to deploy alb-ingress-controller.Before the modification:
image: registry.cn-beijing.aliyuncs.com/wg/alb:pure-ctlAfter the modification:image: acmg-registry.us-west-1.cr.aliyuncs.com/alibaba/load-balancer-controller:v1.0.0 #A compiled image that is compatible with the x86 architecture. - Modify the load-balancer-controller.yaml file and configure the AccessKey ID and AccessKey secret in the ConfigMap file. Note You can log on to the RAM console by using the Alibaba Cloud account with which you want to create an ALB instance. Then, you can view the AccessKey ID and AccessKey secret on the AccessKey page.Before the modification:
apiVersion: v1 kind: ConfigMap metadata: name: load-balancer-config namespace: kube-system data: cloud-config.conf: |- { "Global": { "routeTableIDs": "" } }After the modification:apiVersion: v1 kind: ConfigMap metadata: name: load-balancer-config namespace: kube-system data: cloud-config.conf: |- { "Global": { "AccessKeyID": "VndV***", #Enter the AccessKey ID. The AccessKey ID must be encoded in Base64. "AccessKeySecret": "UWU0NnUyTFdhcG***" #Enter the AccessKey secret. The AccessKey secret must be encoded in Base64. } } - Connect to the cluster by using kubectl and run the following command to submit the modified load-balancer-controller.yaml file for deployment:
kubectl apply load-balancer-controller.yamlExpected output:
clusterrole.rbac.authorization.k8s.io/system:load-balancer-controller created serviceaccount/load-balancer-controller created clusterrolebinding.rbac.authorization.k8s.io/system:load-controller-manager created configmap/load-balancer-config created deployment.apps/load-balancer-controller created - Run the following command to verify the result:
kubectl -n kube-system get all | grep load-balancerAs shown in the following figure, the pod is in the Running state, which indicates that alb-ingress-controller is deployed.
Step 2: Create an AlbConfig object and an IngressClass
After an AlbConfig object and an IngressClass are created, an ALB instance is created at the same time.
- Create a file named alb.yaml and copy the following content to the file: alb.yaml is used to create an AlbConfig object and an IngressClass.
apiVersion: alibabacloud.com/v1 kind: AlbConfig metadata: name: alb-demo spec: config: name: alb-test #alb-test is the name of the ALB instance. addressType: Internet #Intranet specifies an internal-facing ALB instance. Internet specifies an Internet-facing ALB instance. zoneMappings: - vSwitchId: vsw-uf6ccg2a9g71hx8go**** #vSwitches in at least two zones must be specified. - vSwitchId: vsw-uf6nun9tql5t8nh15**** --- apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: alb-demo #The AlbConfig object.Note Take note of the following parameters:- albconfig.spec.config.addressType: specifies the network type of the ALB instance. Valid values:
- Internet (default): specifies an Internet-facing ALB instance. If you create an Internet-facing ALB instance, a public IP address and a private IP address are assigned to each zone. Internet-facing ALB instances use EIPs to provide services over the Internet. You are charged instance fees and bandwidth fees or data transfer fees for EIPs.
- EIPs are used to provide services over the Internet and expose ALB instances to the Internet.
- Private IP addresses allow Elastic Compute Service (ECS) instances in virtual private clouds (VPCs) to access ALB instances.
- Intranet: specifies an internal-facing ALB instance. If you create an internal-facing ALB instance, a private IP address is assigned to each zone. The ALB instance is accessible only over the internal network.
- Internet (default): specifies an Internet-facing ALB instance. If you create an Internet-facing ALB instance, a public IP address and a private IP address are assigned to each zone. Internet-facing ALB instances use EIPs to provide services over the Internet. You are charged instance fees and bandwidth fees or data transfer fees for EIPs.
- spec.config.zoneMappings: specifies the IDs of the vSwitches for the ALB Ingress. You must specify at least two vSwitches in different zones. The zones must be supported by ALB. For more information about the regions and zones supported by ALB, see Supported regions and zones.
- albconfig.spec.config.addressType: specifies the network type of the ALB instance. Valid values:
- Use kubectl to connect to the cluster and run the following command to submit the alb.yaml file for deployment:
kubectl apply -f alb.yamlExpected output:
AlbConfig.alibabacloud.com/alb-demo created ingressclass.networking.k8s.io/alb created - Check whether the ALB instance is created.
- Method 1: Run the following command to view the ID of the ALB instance.
kubectl get albconfig alb-demo
- Method 2: Log on to the ALB console and view the ALB instance in the console. Note You must use the Alibaba Cloud account configured in the ConfigMap file in Step 1: Deploy alb-ingress-controller to log on to the console.
- Method 1: Run the following command to view the ID of the ALB instance.
Step 3: Deploy a test application
In this topic, a test image is used to create a Deployment and the Deployment is used to deploy a test application.
- Create test-service.yaml and copy the following content to the file: test-service.yaml is used to deploy two Deployments named test01 and test02 and two Services named test01 and test02.
apiVersion: apps/v1 kind: Deployment metadata: name: test01 spec: replicas: 2 selector: matchLabels: app: test01 template: metadata: labels: app: test01 spec: containers: - name: test01 image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: test01-service spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: test01 type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: test02 spec: replicas: 1 selector: matchLabels: app: test02 template: metadata: labels: app: test02 spec: containers: - name: test02 image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: test02-service spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: test02 type: NodePort - Connect to the cluster by using kubectl and run the following command to submit the test-service.yaml file for deployment:
kubectl apply -f test-service.yamlExpected output:
deployment "test01" created service "test01-service" created deployment "test02" created service "test02-service" created - Run the following command to verify that the test Service is deployed:
If you receive the following response, the test Service is deployed.kubectl get svc,deploy
Step 4: Create an Ingress
An Ingress corresponds to a forwarding rule in a ALB instance. In this topic, the Ingress forwards requests based on paths. For more information, see ALB Ingress user guide.
- Create test-ingress.yaml and copy the following content to the file: The test-ingress.yaml file is used to create an Ingress.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: test-ingress spec: ingressClassName: alb rules: - host: demo.domain.ingress.top http: paths: - path: /test01 pathType: Prefix backend: service: name: test01-service port: number: 80 - path: /test02 pathType: Prefix backend: service: name: test02-service port: number: 80 - Connect to the cluster by using kubectl and run the following command to submit the test-ingress.yaml file for deployment:
kubectl apply -f test-ingress.yamlExpected output:ingress "test-ingress" created - Run the following command to verify that the Ingress is created:
If the following response is returned, the Ingress is created.kubectl get ingress
Step 5: Verify the result
The following section describes two methods that you can use to verify that the ALB Ingress can access the backend Services.
Method 1: Access Services by using the domain name of the ALB instance
- Run the following command to obtain the domain name of the ALB instance:
kubectl get ingressExpected output:NAME CLASS HOSTS ADDRESS PORTS AGE test-ingress alb demo.domain.ingress.top alb-3lzokczr3c******z7.cn-hangzhou.alb.aliyuncs.com 80 50s - Run the following command to use the ALB instance to access the Service named test01.
curl -H Host:demo.domain.ingress.top http://alb-3lzokczr3c******z7.cn-hangzhou.alb.aliyuncs.com/test01 - Run the following command to use the ALB instance to access the Service named test02.
curl -H Host:demo.domain.ingress.top http://alb-3lzokczr3c******z7.cn-hangzhou.alb.aliyuncs.com/test02
Method 2: Access Services by using a custom domain name
- Create a CNAME record to map a custom domain name to the domain name of the ALB instance created in Step 2. For more information, see Step 4: Optional. Create a CNAME record. In this example, the custom domain name
http://demo.domain.ingress.topis mapped to the public domain name of the ALB instance. - Run the following command to use the ALB instance to access the Service named test01.
curl http://demo.domain.ingress.top/test01
- Run the following command to use the ALB instance to access the Service named test02.
curl http://demo.domain.ingress.top/test02
References
ALB Ingress overview and features:
Source code documentation: