All Products
Search

This Product

    Container Service for Kubernetes:Manage north-south traffic

    Document Center

    Container Service for Kubernetes:Manage north-south traffic

    Last Updated:Nov 25, 2024

    The Application Load Balancer (ALB) multi-cluster gateways provided by Distributed Cloud Container Platform for Kubernetes (ACK One) are the multi-cluster mode of ALB Ingress. The gateways allow you to use features such as active zone-redundancy, traffic load balancing, and header-based traffic routing. This topic describes how to use ALB multi-cluster gateways to manage north-south traffic.

    Prerequisites

    • ALB is activated.

    • The Fleet management feature is enabled. For more information, see Enable multi-cluster management.

    • The ACK One Fleet instance is associated with two ACK clusters that are deployed in the same virtual private cloud (VPC) as the ACK One Fleet instance. For more information, see Manage associated clusters.

    Step 1: Create an ALB multi-cluster gateway by using kubectl on an ACK One Fleet instance

    Create an AlbConfig object on the ACK One Fleet instance to create an ALB multi-cluster gateway, and add the ALB multi-cluster gateway to the associated cluster.

    1. Obtain the IDs of the two vSwitches from the VPC in which the ACK One Fleet instance resides.

    2. Create a file named gateway.yaml and copy the following content to the file:

      Note

      • Replace ${vsw-id1} and ${vsw-id2} with the vSwitch IDs obtained from the preceding step, and replace ${cluster1} and ${cluster2} with the IDs of the associated clusters you want to add.

      • For associated clusters ${cluster1} and ${cluster2}, you must configure the inbound rules of their security group to allow access from all IP addresses and ports of the vSwitch CIDR block.

      apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
  name: ackone-gateway-demo
  annotations:
    # Add associated clusters that are used to handle traffic to the ALB multi-cluster instance. 
    alb.ingress.kubernetes.io/remote-clusters: ${cluster1},${cluster2}
spec:
  config:
    name: one-alb-demo
    addressType: Internet
    addressAllocatedMode: Fixed
    zoneMappings:
    - vSwitchId: ${vsw-id1}
    - vSwitchId: ${vsw-id2}
  listeners:
  - port: 8001
    protocol: HTTP
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
spec:
  controller: ingress.k8s.alibabacloud/alb
  parameters:
    apiGroup: alibabacloud.com
    kind: AlbConfig
    name: ackone-gateway-demo

      The following table describes the parameters.

      Parameter

      Required

      Description

      metadata.name

      Yes

      The name of the AlbConfig.

      metadata.annotations:

      alb.ingress.kubernetes.io/remote-clusters

      Yes

      The list of associated clusters to be added to the ALB multi-cluster gateway. The cluster IDs listed here have been associated with the Fleet instance.

      spec.config.name

      No

      The name of the ALB instance.

      spec.config.addressType

      No

      The network type of the ALB instance. Valid values:

      • Internet (default): Public network. The ALB instance provides services to the Internet and is accessible over the Internet.

        Note

        To allow an ALB instance to provide Internet-facing services, the ALB instance needs to be associated with an elastic IP address (EIP). If you use an Internet-facing ALB instance, you are charged instance fees and bandwidth or data transfer fees for the associated EIPs. For more information, see Pay-as-you-go.

        Intranet: Private network. The ALB instance provides services within a VPC and cannot be accessed over the Internet.

      spec.config.zoneMappings

      Yes

      The IDs of the vSwitches that are associated with the ALB instance. For more information about how to create a vSwitch, see Create and manage a vSwitch.

      Note

      • The specified vSwitches must be deployed in the zones supported by the ALB instance and deployed in the same VPC as the cluster. For more information about regions and zones supported by ALB, refer to Regions and zones in which ALB is available.

      • ALB supports multi-zone deployment. If the current region supports two or more zones, select vSwitches in at least two zones to ensure high availability.

      spec.listeners

      No

      The listener port and protocol of the ALB instance. The example provided in this topic configures an HTTP listener on port 8001.

      A listener defines how ALB receives traffic. We recommend that you retain the listener configuration. Otherwise, you must create a listener before you can use ALB Ingresses.

    3. Run the following command to deploy the gateway.yaml file and create an ALB multi-cluster gateway and an IngressClass: 

      kubectl apply -f gateway.yaml

    4. Run the following command to check whether the ALB multi-cluster gateway is created within 1 to 3 minutes: 

      kubectl get albconfig ackone-gateway-demo

      Expected output:

      NAME      		      ALBID      DNSNAME                               PORT&PROTOCOL   CERTID   AGE
ackone-gateway-demo           alb-xxxx   alb-xxxx.<regionid>.alb.aliyuncs.com                           4d9h

    5. Run the following command to check whether the associated cluster is connected to the gateway: 

      kubectl get albconfig ackone-gateway-demo -ojsonpath='{.status.loadBalancer.subClusters}'

      The expected output is a list of cluster IDs.

    Step 2: Schedule traffic in different scenarios by using Ingress

    You can set the IngressClass of an Ingress to ALB Ingress to create an ALB Ingress and then use traffic management capabilities with different annotations. ALB Ingresses support commonly used annotations of Nginx-Ingress and provide enhanced features for ALB instances. For more information about the configuration of an ALB Ingress, see ALB Ingress GlobalConfiguration dictionary. The following examples describe the use scenarios of multi-cluster traffic management:

    Example 1: Use load balancing to distribute traffic to all backend pods by default

    Distribute traffic to different clusters based on the number of replicas. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/listen-ports: |
     [{"HTTP": 8001}]
  name: alb-ingress
  namespace: demo
spec:
  ingressClassName: alb
  rules:
  - host: alb.ingress.alibaba.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80

    Example 2: Distribute traffic to only the specified cluster

    Use the alb.ingress.kubernetes.io/cluster-weight.{clusterID} annotation to specify a cluster. If the specified cluster does not exist, the system skips the cluster. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/listen-ports: |
     [{"HTTP": 8001}]
    alb.ingress.kubernetes.io/cluster-weight.c63a55242bdb342ed9cbd3ab3b1a9904c: "100"
  name: alb-ingress
  namespace: demo
spec:
  ingressClassName: alb
  rules:
  - host: alb.ingress.alibaba.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80

    Example 3: Distribute traffic that matches the header to the specified cluster

    • Use the aalb.ingress.kubernetes.io/cluster-weight.{clusterID} annotation to specify a cluster. If the specified cluster does not exist, the system skips the cluster.

    • Use the alb.ingress.kubernetes.io/condition.{backend.service.name} annotation to configure request header parameters. You can control traffic routing based on the request header. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/listen-ports: |
     [{"HTTP": 8001}]
    alb.ingress.kubernetes.io/conditions.service1: |
     [{
       "type": "Header",
       "headerConfig": {
          "key":"stage",
           "values": [
              "gray"
           ]
       }
      }]
    alb.ingress.kubernetes.io/cluster-weight.c63a55242bdb342ed9cbd3ab3b1a9904c: "100"
  name: alb-ingress
  namespace: demo
spec:
  ingressClassName: alb
  rules:
  - host: alb.ingress.alibaba.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80

    Example 4: Distribute traffic based on weights

    Use the alb.ingress.kubernetes.io/cluster-weight annotations to distribute traffic to multiple backend services. The sum of the weights must be equal to 100. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/listen-ports: |
     [{"HTTP": 8001}]
    alb.ingress.kubernetes.io/cluster-weight.c63a55242bdb342ed9cbd3ab3b1a9904c: "60"
    alb.ingress.kubernetes.io/cluster-weight.cd174e5d9394b4b4a8728f08d16203793: "40"
  name: alb-ingress
  namespace: demo
spec:
  ingressClassName: alb
  rules:
  - host: alb.ingress.alibaba.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80