This topic describes how to migrate workloads from a self-managed NGINX Ingress to an Application Load Balancer (ALB) Ingress.
Background Information
ALB provides Ingresses that are ideal for handling traffic fluctuations. Compared with NGINX Ingresses, ALB Ingresses enhance traffic management in terms of the following advantages:
Fully managed and maintenance-free: ALB is a fully managed cloud service that does not require manual maintenance.
Automatic scaling: ALB is developed on top of the CyberStar framework and supports high-performance automatic scaling, which helps your services handle traffic spikes.
Ultra-high capabilities: Each ALB instance supports up to one million queries per second (QPS) and tens of millions of concurrent connections. SSL hardware acceleration is used by default.
Integration with cloud services: ALB can work together with various cloud services, such as Web Application Firewall (WAF), Function Compute, PrivateLink, transit routers, Enterprise Distributed Application Service (EDAS), Serverless App Engine (SAE), and Service Mesh (ASM).
Hot updates of configurations: Hot updates of configurations do not require process reloading to ensure that persistent connections remain unaffected.
Scenarios
The following scenario is an example. A company created an Internet-facing Classic Load Balancer (CLB) instance in the China (Hangzhou) region. The company used the NGINX Ingress controller to configure Ingress forwarding rules, including redirect rules, domain-based forwarding rules, and URL-based forwarding rules. The CLB instance provides Internet-facing services through a domain name. When requests are sent to the domain name www.example.net
, the requests are redirected to the CLB instance based on an A record. The CLB instance forwards the requests to the pods associated with the Service based on the forwarding rules created on the Ingress.
Due to business development, the company needs to migrate the NGINX Ingress to an ALB Ingress. To ensure service stability, the enterprise does not want to change the domain name that is used to provide services or the IP addresses of the backend servers. To meet this requirement, the company can install the ALB Ingress controller in a Container Service for Kubernetes (ACK) or ACK Serverless cluster. Then, the company can create Ingress rules on the controller to ensure that the ALB Ingress and the NGINX Ingress use the same forwarding rules, and configure weighted DNS records. This allows the company to migrate the NGINX Ingress to the ALB Ingress.
Usage notes
Make sure that a kubectl client is connected to the cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
CLB and ALB use the pay-as-you-go billing method. The billable items and pricing of CLB and ALB are different. After you migrate services from CLB to ALB, the fees change. For more information, see the following topics:
Procedure
Step 1: Create an ALB Ingress
Log on to the ACK console and install the ALB Ingress controller. For more information, see Step 1: Install the ALB Ingress controller.
The ALB Ingress controller must be installed in the ACK cluster or ACK Serverless cluster where the NGINX Ingress that you want to migrate is deployed.
Use the kubectl client to log on to the ACK cluster or ACK Serverless cluster where the NGINX Ingress is deployed and create an AlbConfig.
Create a file named albconfig.yaml and copy the following content to the file:
apiVersion: alibabacloud.com/v1 kind: AlbConfig metadata: name: alb-demo spec: config: name: alb-test addressType: Internet zoneMappings: - vSwitchId: vsw-wz9e2usil7e5an1xi**** - vSwitchId: vsw-wz92lvykqj1siwvif**** listeners: - port: 80 protocol: HTTP
zoneMappings: the IDs of the vSwitches used by the ALB Ingress. You must specify at least two vSwitches that belong to different zones. The vSwitches that you specify must belong to the same virtual private cloud (VPC) as your cluster.
NoteIf the NGINX Ingress that you want to migrate supports IPv6, you can set addressIpVersion to DualStack in the configuration of the AlbConfig. For more information, see Use AlbConfigs to configure ALB instances.
Run the following command to create an AlbConfig:
kubectl apply -f albconfig.yaml
Run the following command to check whether the ALB instance is created:
kubectl get albconfig
Expected output:
NAME ALBID DNSNAME PORT&PROTOCOL CERTID AGE alb-demo alb-a8mmh2tqbmrm11**** alb-a8mmh2tqbmrm11****.cn-hangzhou.alb.aliyuncs.com 27s
Create an IngressClass.
Create a file named ingressclass.yaml and copy the following content to the file:
apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: alb spec: controller: ingress.k8s.alibabacloud/alb parameters: apiGroup: alibabacloud.com kind: AlbConfig name: alb-demo
parameters.name: the name of the AlbConfig that you want to use.
Run the following command to create an IngressClass:
kubectl apply -f ingressclass.yaml
Create an ALB Ingress.
ImportantIf advanced forwarding rules are configured on the NGINX Ingress, you can enable the advanced features of the ALB Ingress to forward requests that are destined for different domain names or URLs to different backend servers, redirect requests from HTTP to HTTPS, and perform canary releases. For more information, see ALB Ingress advanced features.
Create a file named albingress.yaml and copy the following content to the file:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demo-ingress-alb namespace: default spec: ingressClassName: alb rules: - host: www.example.net http: paths: - backend: service: name: nginx port: number: 80 path: / pathType: Prefix
name: the name of the Ingress. In the same namespace, the name of the ALB Ingress must be different from the name of the NGINX Ingress.
ingressClassName: the name of the IngressClass that you want to use.
Run the following command to create an ALB Ingress:
kubectl apply -f albingress.yaml
Run the following command to query ALB Ingress resources:
kubectl get ing
Expected output:
NAME CLASS HOSTS ADDRESS PORTS AGE demo-ingress-alb alb www.example.net alb-a8mmh2tqbmrm11****.cn-hangzhou.alb.aliyuncs.com 80 10m 46s
The output contains the endpoint of the ALB Ingress. Example: alb-a8mmh2tqbmrm11****.cn-hangzhou.alb.aliyuncs.com.
Run the following command to access the backend services from the ALB Ingress to test the traffic volume.
curl -H "Host: www.example.net" http://alb-a8mmh2tqbmrm11****.cn-hangzhou.alb.aliyuncs.com
If the expected output is returned, the ALB Ingress can access the backend services.
Step 2: Switch network traffic to the ALB Ingress
Before you switch network traffic to the ALB Ingress, compare the forwarding rules generated by the NGINX Ingress with the forwarding rules generated by the ALB Ingress to make sure that the forwarding rules are the same. All the configurations must be tested in case issues arise.
We recommend that you switch network traffic during off-peak hours.
Before you switch traffic, an A record must be configured for the CLB instance. The A record maps the service domain name to the IP address of the CLB instance.
After you install the ALB Ingress controller, configure the same forwarding rules as the NGINX Ingress for the ALB Ingress, and then test all configurations, you can switch network traffic to the ALB Ingress. Alibaba Cloud DNS is used as an example to show how to switch network traffic. The following steps show how to switch network traffic to the ALB instance. For more information about Alibaba Cloud DNS, see Alibaba Cloud DNS.
Step 1. Configure a temporary domain name for the CLB instance
We recommend that you add a CNAME record for the ALB instance. To meet the conditions for configuring weighted DNS records, you must add a CNAME record for the temporary domain name and point the temporary domain name to the IP address of the CLB instance.
To configure weights for different DNS records of the same domain name, the DNS records must be of the same type and have the same hostname and ISP line. The supported types are A, CNAME, and AAAA.
Log on to the Alibaba Cloud DNS console.
On the Domain Name Resolution page, find and click the domain name
www.example.net
. The domain name points to the CLB instance.On the DNS Settings page, click Add DNS Record. In the Add DNS Record panel, configure the following parameters and click OK.
Parameter
Example
Record Type
Select CNAME from the drop-down list.
Hostname
The prefix of your domain name. In this example, www is entered.
DNS Request Source
Select Default.
Record Value
Enter a temporary domain name. In this example, web0.example.net is entered.
TTL
Specify a TTL value for the CNAME record cached on the DNS server. The value is set to 5 seconds in this example.
In this example, Alibaba Cloud DNS Enterprise Ultimate Edition is used. The TTL value is for reference only. You can specify a TTL value based on your business requirements. For more information, see Editions.
On the DNS Settings page, find the A record that points to the IP address of the CLB instance and click Modify in the Actions column.
In the Modify DNS Record panel, modify the Hostname parameter and click OK. In this example, the Hostname parameter is set to web0. The other parameters are not modified.
Step 2: Add a CNAME record for the ALB instance
Run the following command to query the domain name of the ALB instance:
kubectl get albconfig
Expected output:
NAME ALBID DNSNAME PORT&PROTOCOL CERTID AGE alb-demo alb-a8mmh2tqbmrm11**** alb-a8mmh2tqbmrm11****.cn-hangzhou.alb.aliyuncs.com 27s
NoteYou can also log on to the ALB console to view the domain name of the ALB instance. The ALB console provides only the configurations of ALB instances. To modify the configurations, refer to the YAML file.
To create a CNAME record, perform the following steps:
Log on to the Alibaba Cloud DNS console.
On the Domain Name Resolution page, click Add Domain Name.
In the Add Domain Name dialog box, enter a domain name and click OK.
WarningThe domain name associated with the CLB instance is added.
Before you create the CNAME record, you must use a TXT record to verify the ownership of the domain name.
Find the domain name that you want to manage and click DNS Settings in the Actions column.
On the DNS Settings page, click Add Record.
In the Add DNS Record panel, configure the following parameters and click OK.
Parameter
Example
Record Type
Select CNAME from the drop-down list.
Hostname
The prefix of your domain name. In this example, www is entered.
DNS Request Source
Select Default.
Record Value
Enter the CNAME. The CNAME is the domain name of the ALB instance.
TTL
Specify a TTL value for the CNAME record cached on the DNS server. The value is set to 5 seconds in this example.
In this example, Alibaba Cloud DNS Enterprise Ultimate Edition is used. The TTL value is for reference only. You can specify a TTL value based on your business requirements. For more information, see Editions.
NoteNew CNAME records immediately take effect. The time that is required for a modified CNAME record to take effect is determined by the TTL value of the CNAME record in the local DNS cache. The default TTL value is 10 minutes.
If the CNAME record that you want to create conflicts with an existing record, specify another domain name.
Step 3: Set weights and perform a canary release
On the Domain Name Resolution page, click the domain name that you want to manage. On the DNS Settings page, click Weight Settings in the left-side navigation pane.
On the Weighted Round-robin page, click EnableWeight in the Actions column, and then click Set Weight.
To configure weights for different DNS records of the same domain name, the DNS records must be of the same type and have the same hostname and ISP line. The supported types are A, CNAME, and AAAA.
In the Set Weight panel, set the weights of the DNS records of the CLB and ALB instances. Set the weight of the DNS record for the CLB instance to 100. Set the weight of the DNS record for the ALB instance to 0.
Progressively reduce the weight of the DNS record for the CLB instance and progressively increase the weight of the DNS record for the ALB instance. Make sure that your services are not affected.
Log on to the ECS instance on which the pods of the Service are deployed and run the
dig
command multiple times to check the traffic volume.dig www.example.net
The following figure shows the output. The results show that requests are distributed to ALB and CLB based on the weights of the DNS records.
Progressively reduce the weight of the CLB DNS record to 0 and progressively increase the ALB DNS record to 100.
Step 3: Delete redundant resources
After you close all persistent connections on the NGINX Ingress and no traffic is forwarded to the NGINX Ingress, you can release redundant resources after a period of observation.
Delete the NGINX Ingress.
Log on to the ACK console. On the Clusters page, find and click the ACK cluster or ACK Serverless Cluster that you want to manage.
In the left-side navigation pane, choose .
In the upper part of the Ingresses page, select a namespace. Find the NGINX Ingress that you want to delete and choose > Delete in the Actions column.
In the message that appears, click OK.
Uninstall the Nginx Ingress controller.
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
On the Add-ons page, click the Networking tab, find the Nginx Ingress Controller card, and then click Uninstall.
In the message that appears, click OK.