Container Service for Kubernetes:ALB Ingress GlobalConfiguration dictionary

Annotation

Description

alb.ingress.kubernetes.io/healthcheck-enabled

Specifies whether to enable health checks for backend server groups. For more information, see Configure health checks.

• true: enables health checks.

• false: disables health checks.

Default value: false.

alb.ingress.kubernetes.io/healthcheck-path

The URL that is used for health checks.

Default value: /.

alb.ingress.kubernetes.io/healthcheck-protocol

The protocol for health checks.

• HTTP

• TCP

Default value: HTTP.

alb.ingress.kubernetes.io/healthcheck-method

The health check method.

This parameter takes effect only when the health check protocol is set to HTTP.

• HEAD

• POST

• GET

Default value: HEAD.

alb.ingress.kubernetes.io/healthcheck-httpcode

The status codes used for health checks. A backend server is considered healthy only when the health check request is successful and one of the specified status codes is returned.

You can select one or more of the following status codes:

• http_2xx

• http_3xx

• http_4xx

• http_5xx

Default value: http_2xx.

alb.ingress.kubernetes.io/healthcheck-timeout-seconds

The health check timeout period in seconds.

Valid values: 1 to 300.

Default value: 5.

alb.ingress.kubernetes.io/healthcheck-interval-seconds

The health check interval in seconds.

Valid values: 1 to 50.

Default value: 2.

alb.ingress.kubernetes.io/healthy-threshold-count

The number of times that a server needs to consecutively pass health checks before it is considered healthy.

Valid values: 2 to 10.

Default value: 3.

alb.ingress.kubernetes.io/unhealthy-threshold-count

The number of times that a server needs to consecutively fail health checks before it is considered unhealthy.

Valid values: 2 to 10.

Default value: 3.

alb.ingress.kubernetes.io/healthcheck-connect-port

The port that is used for health checks.

Default value: 0.

Annotation

Description

alb.ingress.kubernetes.io/ssl-redirect

Specifies whether to redirect HTTP requests (301) to HTTPS requests (443). For more information, see Redirect HTTP requests to HTTPS.

• true: redirects to HTTPS requests.

• false: does not redirect to HTTPS requests.

Default value: false.

Annotation

Description

alb.ingress.kubernetes.io/backend-protocol

The protocol used by backend server groups. For more information, Configure the HTTPS or gRPC protocol.

• http

• https

• grpc

Default value: http.

Annotation

Description

alb.ingress.kubernetes.io/rewrite-target

The path that overwrites the path in requests. For more information, see Configure rewrite rules.

Annotation

Description

alb.ingress.kubernetes.io/listen-ports

The listening ports and protocols of listeners associated with an ALB Ingress. For more information, see Configure custom listening ports.

Examples:

• '[{"HTTP": 80}]' : associates an HTTP listener that listens on port 80.

• '[{"HTTPS": 443}]' : associates an HTTPS listener that listens on port 443.

• '[{"QUIC": 443}]' : associates a QUIC listener that listens on port 443.

• '[{"HTTP": 80}, {"HTTPS": 443}]' : associates an HTTP listener that listens on port 80 and an HTTPS listener that listens on port 443.

• '[{"HTTPS": 443}, {"QUIC": 443}]' : associates an HTTPS listener that listens on port 443 and a QUIC listener that listens on port 443.

Annotation

Description

alb.ingress.kubernetes.io/order

The priority of a forwarding rule. A smaller value indicates a higher priority. For more information, see Configure forwarding rule priorities.

Valid values: 1 to 1000.

Default value: 10.

Annotation

Description

alb.ingress.kubernetes.io/canary

Specifies whether to route requests to the canary. For more information, see Use annotations to perform canary releases.

• true: routes requests to the canary.

• false: does not route requests to the canary.

Default value: false.

alb.ingress.kubernetes.io/canary-by-header

The header of the requests that are routed to the canary.

alb.ingress.kubernetes.io/canary-by-header-value

The value of the header of the requests that are routed to the canary.

alb.ingress.kubernetes.io/canary-by-cookie

The cookie of the requests that are routed to the canary.

Annotation

Description

alb.ingress.kubernetes.io/sticky-session

Specifies whether to enable session persistence. For more information, see Configure session persistence by using annotations.

• true: enables session persistence.

• false: disables session persistence.

Default value: false.

alb.ingress.kubernetes.io/sticky-session-type

The method that is used to handle cookies.

• Insert: inserts cookies. During the first-time visit of a client, the ALB instance adds a cookie to the response.

• Server: rewrites cookies. The ALB instance rewrites cookies based on the user-defined cookie.

Default value: Insert.

alb.ingress.kubernetes.io/cookie-timeout

The session persistence timeout period in seconds.

Valid values: 1 to 86400.

Default value: 1000.

Annotation

Description

alb.ingress.kubernetes.io/backend-scheduler

The load balancing algorithm of backend server groups. For more information, see Specify a load balancing algorithm for backend server groups.

• wrr: weighted round-robin. Backend servers that have higher weights receive more requests than those that have lower weights.

• wlc: weighted least connections. If multiple backend servers have the same weight, requests are forwarded to the backend server with the least connections.

• sch: source IP hashing. Requests from the same source IP address are distributed to the same backend server.

• uch: URL hashing. Requests destined for the same URL are distributed to the same backend server.

Default value: wrr.

alb.ingress.kubernetes.io/backend-scheduler-uch-value

The URL hashing parameter that is available when the load balancing algorithm is uch.

Annotation

Description

alb.ingress.kubernetes.io/enable-cors

Specifies whether to enable CORS. For more information, see Configure CORS.

• true: enables CORS.

• false: disables CORS.

Default value: false.

alb.ingress.kubernetes.io/cors-allow-origin

The origins from which you want to allow cross-domain requests.

Default value: *.

alb.ingress.kubernetes.io/cors-expose-headers

The headers that can be exposed.

alb.ingress.kubernetes.io/cors-allow-methods

The methods of cross-domain requests that are allowed.

You can select one or more of the following methods:

• GET

• POST

• PUT

• DELETE

• HEAD

• OPTIONS

• PATCH

Default value: "GET, PUT, POST, DELETE, PATCH, OPTIONS".

alb.ingress.kubernetes.io/cors-allow-credentials

Specifies whether to carry credentials in requests.

• true: carries credentials in requests.

• false: does not carry credentials in requests.

Default value: true.

alb.ingress.kubernetes.io/cors-max-age

The maximum cache time of preflight requests in the browser. Unit: seconds.

Valid values: -1 to 172800.

Default value: 172800.

alb.ingress.kubernetes.io/cors-allow-headers

The headers of cross-domain requests that are allowed.

Default value: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization".

Annotation

Description

alb.ingress.kubernetes.io/actions.{svcName}

The custom forwarding actions. For more information, see Customize the routing rules of an ALB Ingress.

alb.ingress.kubernetes.io/conditions.{svcName}

The custom forwarding conditions.

alb.ingress.kubernetes.io/rule-direction.{svcName}

The custom forwarding direction.

• Request: The rule takes effect on requests.

• Response: The rule takes effect on responses.

Default value: Request.

Annotation

Description

alb.ingress.kubernetes.io/backend-keepalive

Specifies whether to enable persistent TCP connections. For more information, see Configure persistent TCP connections.

Default value: false.

alb.ingress.kubernetes.io/traffic-limit-qps

QPS throttling.

Valid values: 1 to 100000.

alb.ingress.kubernetes.io/use-regex

Specifies whether regular expressions can be used in the Path field. This annotation is valid only when the path type is Prefix.

Default value: false.

Field

Type

Description

apiVersion

Fixed value

The API version of the object.

Set the value to alibabacloud.com/v1.

kind

Fixed value

Kind indicates the REST resource corresponding to the object.

Set the value to AlbConfig.

metadata

ObjectMeta

The metadata of the object.

For more information, see metadata.

spec

AlbConfigSpec

A list of parameters used to describe the attributes of the ALB instance and its listeners.

status

AlbConfigStatus

The state of the ALB instance is written into the status field after reconcilation. The value of the field indicates the current state of the ALB instance.

Field

Type

Description

config

LoadBalancerSpec

The attributes of the ALB instance.

listeners

ListenerSpec[]

The attributes of the listeners of the ALB instance.

Field

Type

Description

id

string

The ID of the ALB instance. The ALB instance can be reused if an instance ID is specified. If you leave this field empty, the ALB Ingress controller creates an ALB instance. For more information about how to create or reuse an ALB instance, see Create an AlbConfig.

Default value: "".

name

string

The name of the ALB instance.

Default value: A name in the k8s-{namespace}-{name}-{hashCode} format is automatically generated.

addressAllocatedMode

enum

The IP mode of the ALB instance.

• Dynamic: The ALB instance is assigned at least one IP address in each zone. The number of IP addresses automatically increases when more requests are received. This dynamic mode supports up to one million QPS.

• Fixed: The ALB instance is assigned only one IP address in each zone and the IP addresses are static. The fixed mode supports up to 100,000 QPS.

Default value: Dynamic.

addressType

enum

The network type of the IPv4 CIDR block of the ALB instance.

• Internet: Internet. The ALB instance is assigned a public domain name.

• Intranet: internal network.

Default value: Internet.

ipv6AddressType

enum

The network type of the IPv6 CIDR block of the ALB instance. The network type can be different from that of the IPv4 CIDR block of the ALB instance.

• Internet: Internet. The ALB instance is assigned a public domain name.

• Intranet: internal network.

Default value: Intranet.

addressIpVersion

enum

Specifies whether the ALB instance supports dual stack.

• IPv4: Only IPv4 is supported.

• DualStack: IPv4 and IPv6 are supported.

Default value: IPv4.

resourceGroupId

string

The ID of the resource group to which the ALB instance belongs.

Default value: "".

edition

enum

The edition of the ALB instance.

• Standard: standard ALB instance.

• StandardWithWaf: WAF-enabled ALB instance. For more information, see Use WAF-enabled ALB instances to protect applications.

Default value: Standard.

deletionProtectionEnabled

bool

A reserved field. Do not modify this field.

forceOverride

bool

Specifies whether to forcefully overwrite the attributes of the ALB instance in reuse mode.

• true: forcefully overwrites the attributes of the ALB instance in reuse mode.

• false: does not forcefully overwrite the attributes of the ALB instance in reuse mode.

• null: does not forcefully overwrite the attributes of the ALB instance in reuse mode.

Default value: false.

listenerForceOverride

bool

Specifies whether to forcefully overwrite the attributes of the listeners in reuse mode.

• true: forcefully overwrites the attributes of the ALB instance in reuse mode.

• false: does not forcefully overwrite the attributes of the ALB instance in reuse mode.

• null: does not forcefully overwrite the attributes of the listeners in reuse mode.

Default value: null.

zoneMappings

ZoneMapping[]

The zone and elastic IP address (EIP) configuration.

accessLogConfig

AccessLogConfig

The log collection configuration.

billingConfig

BillingConfig

The billing method.

modificationProtectionConfig

ModificationProtectionConfig

The configuration protection setting.

tags

Tag[]

The labels of the ALB instance.

Field

Type

Description

vSwitchId

string

The vSwitch ID. This field is required.

Default value: "".

zoneId

string

The zone of the vSwitch.

Default value: "".

allocationId

string

The ID of the EIP.

Default value: "".

eipType

string

A reserved field. Do not modify this field.

Field

Type

Description

logProject

string

The name of the Simple Log Service (SLS) project.

Default value: "".

logStore

string

The name of the SLS Logstore, which must start with alb_. The SLS Logstore is automatically created If it does not exist. For more information, see Enable Simple Log Service to collect access logs.

Default value: "".

Field

Type

Description

internetBandwidth

int

A reserved field. Do not modify this field.

internetChargeType

string

A reserved field. Do not modify this field.

payType

enum

A reserved field. Do not modify this field.

bandWidthPackageId

string[]

The ID of the associated Internet Shared Bandwidth instance. You cannot disassociate the Internet Shared Bandwidth instance.

Default value: "".

Field

Type

Description

reason

string

A reserved field.

status

string

A reserved field.

Field

Type

Description

key

string

The key of the label.

Default value: "".

value

string

The value of the label.

Default value: "".

Field

Type

Description

gzipEnabled

bool

Specifies whether to enable data compression. For more information, see Configure data compression.

• true: enables data compression.

• false: disables data compression.

• null: enables data compression.

Default value: null.

http2Enabled

bool

Specifies whether to enable HTTP/2.

• true: enables HTTP/2.

• false: disables HTTP/2.

• null: enables HTTP/2.

Default value: null.

port

int

The listening port. This field is required.

Default value: 0.

protocol

enum

The listening protocol. This field is required.

• HTTP

• HTTPS

• QUIC

securityPolicyId

string

The ID of the TLS security policy.

Default value: "".

idleTimeout

int

The timeout period of idle connections in seconds.

Default value: 15.

loadBalancerId

string

A reserved field. Do not modify this field.

description

string

The name of the listener.

By default, a name in the ingress-auto-listener-{port} format is automatically generated.

caEnabled

bool

Specifies whether to enable mutual authentication.

• true: enables mutual authentication.

• false: disables mutual authentication.

Default value: false.

requestTimeout

int

The timeout period of requests in seconds.

Default value: 60.

quicConfig

QuicConfig

The QUICK listener configuration.

defaultActions

Action[]

A reserved field. Do not modify this field.

caCertificates

Certificate[]

The root CA certificate of the listener.

certificates

Certificate[]

The server certificate of the listener.

xForwardedForConfig

XForwardedForConfig

The configuration of the XForward header.

logConfig

LogConfig

The listener log configuration.

aclConfig

AclConfig

The access control configuration.

Field

Type

Description

quicUpgradeEnabled

bool

Specifies whether to enable QUIC upgrade. In scenarios where both QUIC and HTTPS listeners are used, set the quicUpgradeEnabled field to associate QUIC listeners with HTTPS listeners or disassociate QUIC listeners from HTTPS listeners. For more information, see Use QUIC Listener to Support HTTP/3 Protocol.

• true: enables QUIC upgrade. QUIC listeners are associated with HTTPS listeners.

• false: disables QUIC upgrade. QUIC listeners are disassociated from HTTPS listeners.

Default value: false.

quicListenerId

string

HTTPS listeners associated with the QUIC listeners.

Default value: "".

Field

Type

Description

IsDefault

bool

Specifies whether the certificate is a default certificate. For more information, see Configure HTTPS Certificates for Encrypted Communication.

• true: The certificate is a default certificate.

• false: The certificate is not a default certificate.

Default value: false.

CertificateId

string

The ID of the certificate.

Default value: "".

Field

Type

Description

XForwardedForClientCertSubjectDNEnabled

bool

Specifies whether to add the X-Forwarded-Clientcert-subjectdn header field to HTTP requests distributed by the ALB instance to carry information about the holder of the client certificate.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForProtoEnabled

bool

Specifies whether to add the X-Forwarded-Proto header field to HTTP requests distributed by the ALB instance to carry information about the listening protocol of the ALB instance.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForClientCertIssuerDNEnabled

bool

Specifies whether to add the X-Forwarded-Clientcert-issuerdn header field to HTTP requests distributed by the ALB instance to carry information about the issuer of the client certificate.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForSLBIdEnabled

bool

Specifies whether to add the X-Forwarded-For-SLB-ID header field to HTTP requests distributed by the ALB instance to carry the ALB instance ID.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForClientSrcPortEnabled

bool

Specifies whether to add the X-Forwarded-Client-Port header field to HTTP requests distributed by the ALB instance to carry information about the port used by the client.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForClientCertFingerprintEnabled

bool

Specifies whether to add the X-Forwarded-Clientcert-fingerprint header field to HTTP requests distributed by the ALB instance to carry information about fingerprint of the client certificate.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForEnabled

bool

Specifies whether to add the X-Forwarded-For header field to HTTP requests distributed by the ALB instance to carry the client IP address.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForSLBPortEnabled

bool

Specifies whether to add the X-Forwarded-Port header field to HTTP requests distributed by the ALB instance to carry information about the listening ports of the ALB instance.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForClientCertClientVerifyEnabled

bool

Specifies whether to add the X-Forwarded-Clientcert-clientverify header field to HTTP requests distributed by the ALB instance to carry the client certificate verification result.

• true: adds the header field.

• false: does not add the header field.

Default value: false.

XForwardedForClientCertSubjectDNAlias

string

A custom field name. After you specify this field, the name of the X-Forwarded-Clientcert-subjectdn header field added by XForwardedForClientCertSubjectDNEnabled is replaced with the specified name.

This field takes effect only when XForwardedForClientCertSubjectDNEnabled is set to true.

Default value: "".

XForwardedForClientCertClientVerifyAlias

string

A custom field name. After you specify this field, the name of the X-Forwarded-Clientcert-clientverify header field added by XForwardedForClientCertClientVerifyEnabled is replaced with the specified name.

This field takes effect only when XForwardedForClientCertClientVerifyEnabled is set to true.

Default value: "".

XForwardedForClientCertIssuerDNAlias

string

A custom field name. After you specify this field, the name of the X-Forwarded-Clientcert-issuerdn header field added by XForwardedForClientCertIssuerDNEnabled is replaced with the specified name.

This field takes effect only when XForwardedForClientCertIssuerDNEnabled is set to true.

Default value: "".

XForwardedForClientCertFingerprintAlias

string

A custom field name. After you specify this field, the name of the X-Forwarded-Clientcert-fingerprint header field added by XForwardedForClientCertFingerprintEnabled is replaced with the specified name.

This field takes effect only when XForwardedForClientCertFingerprintEnabled is set to true.

Default value: "".

XForwardedForClientSourceIpsEnabled

bool

Specifies whether to allow the ALB instance to retrieve client IP addresses from the X-Forwarded-For header.

• true: Allowed. In this case, the XForwardedForClientSourceIpsTrusted parameter must be configured in a valid format.

• false: Not allowed.

Default value: false.

XForwardedForClientSourceIpsTrusted

string

Specify a trusted proxy IP address.

Enter a valid IP address or CIDR block. Separate multiple values by semicolons (;) without any spaces between them. This only takes effect when XForwardedForClientSourceIpsEnabled is set to true.

• Set the trusted IP address list to 0.0.0.0/0: the ALB instance retrieves the leftmost IP address in the X-Forwarded-For header. The IP address is the source client IP address.

• Set the trusted IP address list in the format of proxy1 IP; proxy2 IP,..: the ALB instance compares the IP addresses in the X-Forwarded-For header from right to left against the trusted IP address list. The first IP address that is not on the trusted IP address list is considered the source client IP address.

Sample Value: 192.168.x.x;192.168.x.x/16.

Field

Type

Description

aclName

string

The name of the network ACL in AclEntry mode. For more information, see Configure network ACLs.

Default value: "".

aclType

enum

The access control mode.

• Black: the blacklist mode, which blocks access from the specified IP addresses.

• White: the whitelist mode, which permits only access from the specified IP addresses.

aclEntries

string[]

The network ACL rules.

Default value: "".

aclIds

string[]

The list of the IDs of existing network ACLs.

Default value: "".

Field

Type

Description

accessLogRecordCustomizedHeadersEnabled

bool

Specifies whether to record custom headers in the access log of the ALB instance.

• true: records custom headers.

• false: does not record custom headers.

Default value: false.

accessLogTracingConfig

AccessLogTracingConfig

The Tracing Analysis configuration. For more information, see Use AlbConfigs to enable Tracing Analysis based on Xtrace.

Field

Type

Description

tracingEnabled

bool

Specifies whether to enable Tracing Analysis.

• true: enables Tracing Analysis.

• false: disables Tracing Analysis.

Default value: false.

tracingSample

int

The sampling rate of Tracing Analysis. Unit: 0.01%.

Valid values: 1 to 10000.

tracingType

enum

The sampling algorithm of Tracing Analysis.

• Zipkin

Field

Output

Description

loadBalancer

LoadBalancerStatus

A reserved field. Do not modify this field.

The status of the ALB instance.

Field

Output

Description

dnsname

string

A reserved field. Do not modify this field.

The DNS address of the ALB instance.

id

string

A reserved field. Do not modify this field.

The ID of the ALB instance.

listeners

ListenerStatus

A reserved field. Do not modify this field.

The listener attributes of the ALB instance.

Field

Output

Description

portAndProtocol

string

A reserved field. Do not modify this field.

The ports and protocols used by listeners.

certificates

AppliedCertificate

A reserved field. Do not modify this field.

The certificates associated with listeners.

Field

Output

Description

certificateId

string

A reserved field. Do not modify this field.

The ID of the certificate.

isDefault

bool

A reserved field. Do not modify this field.

Specifies whether the certificate is a default certificate.