All Products
Search
Document Center

Container Compute Service:ALB Ingress GlobalConfiguration dictionary

Last Updated:Dec 11, 2024

This topic describes the annotations that are supported by Application Load Balancer (ALB) Ingresses and the usage of AlbConfig fields. You can use the annotations to configure forwarding rules, session persistence, and health checks.

Annotations supported by ALB Ingresses

You can add annotations to ALB Ingresses to configure ALB-relevant settings.

Create a health check task for an address pool

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/healthcheck-enabled

  • true

  • false

false

Specifies whether to enable health checks for backend server groups.

alb.ingress.kubernetes.io/healthcheck-path

string

/

The path to which health check requests are sent.

alb.ingress.kubernetes.io/healthcheck-protocol

  • HTTP

  • TCP

HTTP

The protocol that is used for health checks.

alb.ingress.kubernetes.io/healthcheck-method

  • HEAD

  • POST

  • GET

HEAD

The health check method.

alb.ingress.kubernetes.io/healthcheck-httpcode

http_2xx, http_3xx, http_4xx, and http_5xx

http_2xx

The status codes used for health checks.

You can select one or more of the following status codes: http_2xx, http_3xx, http_4xx, and http_5xx.

alb.ingress.kubernetes.io/healthcheck-timeout-seconds

1~300

5

The health check timeout period in seconds.

alb.ingress.kubernetes.io/healthcheck-interval-seconds

1~50

2

The health check interval.

alb.ingress.kubernetes.io/healthy-threshold-count

2~10

3

The number of times that a server needs to consecutively pass health checks before it is considered healthy.

alb.ingress.kubernetes.io/unhealthy-threshold-count

2~10

3

The number of times that a server needs to consecutively fail health checks before it is considered unhealthy.

alb.ingress.kubernetes.io/healthcheck-connect-port

0~65535

0

The port used for health checks.

If you set the value to 0, the port of a backend server is used for health checks.

Redirect

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/ssl-redirect

  • true

  • false

false

Specifies whether to redirect HTTP requests (301) to HTTPS requests (443).

Backend protocol

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/backend-protocol

  • http

  • https

  • grpc

http

  • The protocols of the backend server groups supported by HTTP listeners are HTTP and HTTPS.

  • The protocols of the backend server groups supported by HTTPS listeners are HTTP, HTTPS, and gRPC.

  • The protocol of the backend server groups supported by QUIC listeners is HTTP.

Rewrite

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/rewrite-target

string

None

The path that overwrites the path in requests.

Listeners

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/listen-ports

  • '[{"HTTP": 80}]'

  • '[{"HTTPS": 443}]'

  • '[{"HTTP": 80},{"HTTPS": 443}]'

  • '[{"QUIC": 443}]'

'[{"HTTP": 80},{"HTTPS": 443}]'

Associates listener ports with protocols.

Priorities

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/order

1~1000

10

The priorities of forwarding rules.

Canary

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/canary

  • true

  • false

false

Specifies whether to route requests to the canary.

alb.ingress.kubernetes.io/canary-by-header

string

None

The header of the requests that are routed to the canary.

alb.ingress.kubernetes.io/canary-by-header-value

string

None

The value of the header of the requests that are routed to the canary.

alb.ingress.kubernetes.io/canary-by-cookie

string

None

The cookie of the requests that are routed to the canary.

alb.ingress.kubernetes.io/canary-weight

string

None

The percentage of requests that are sent to the canary. The value is an integer that ranges from 0 to 100.

Session persistence

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/sticky-session

  • true

  • false

false

Specifies whether to enable session persistence.

alb.ingress.kubernetes.io/sticky-session-type

  • Insert

  • Server

Insert

The method that is used to handle a cookie.

alb.ingress.kubernetes.io/cookie-timeout

1~86400

1000

The session persistence timeout period in seconds.

Load balancing

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/backend-scheduler

  • wrr (weighted round-robin)

  • wlc (weighted least connections)

  • sch (source IP address hash)

  • uch (URI hash)

wrr

The load balancing algorithm.

alb.ingress.kubernetes.io/backend-scheduler-uch-value

string

None

This annotation is available when the load balancing algorithm is set to uch.

Cross-origin resource sharing (CORS)

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/enable-cors

  • true

  • false

false

Specifies whether to enable CORS.

alb.ingress.kubernetes.io/cors-allow-origin

string

*

The origins from which you want to allow cross-domain requests.

alb.ingress.kubernetes.io/cors-expose-headers

stringArray

None

The headers that can be exposed.

alb.ingress.kubernetes.io/cors-allow-methods

Select one or more of the following values:

  • GET

  • POST

  • PUT

  • DELETE

  • HEAD

  • OPTIONS

  • PATCH

"GET, PUT, POST, DELETE, PATCH, OPTIONS"

The methods of cross-domain requests that are allowed.

alb.ingress.kubernetes.io/cors-allow-credentials

  • true

  • false

true

Specifies whether to allow credentials in requests.

alb.ingress.kubernetes.io/cors-max-age

-1 to 172800 (seconds)

172800

The maximum cache time of preflight requests in the browser.

alb.ingress.kubernetes.io/cors-allow-headers

stringArray

"DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization"

The headers of cross-domain requests that are allowed.

Custom forwarding

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/actions.{svcName}

json

None

The custom forwarding actions.

alb.ingress.kubernetes.io/conditions.{svcName}

json

None

The custom forwarding conditions.

alb.ingress.kubernetes.io/rule-direction.{svcName}

  • Request

  • Response

Request

The custom forwarding direction.

Others

Annotation

Valid value

Default value

Description

alb.ingress.kubernetes.io/backend-keepalive

  • true

  • false

false

Specifies whether to enable persistent TCP connections.

alb.ingress.kubernetes.io/traffic-limit-qps

1~100000

None

QPS throttling.

alb.ingress.kubernetes.io/use-regex

  • true

  • false

false

Specifies whether regular expressions can be used in the Path field. This annotation is valid only when the path type is Prefix.

AlbConfig fields

An AlbConfig is a CustomResourceDefinition (CRD) used to describe an ALB instance and its listeners. The following tables describe the relevant fields.

Albconfig

Field

Valid value

Default value

Description

apiVersion

alibabacloud.com/v1

None

The API version of the object.

kind

AlbConfig

None

The REST resource corresponding to the object.

metadata

ObjectMeta

None

The metadata of the object.

For more information, see metadata.

spec

AlbConfigSpec

None

A list of parameters used to describe the attributes of the ALB instance and its listeners.

status

AlbConfigStatus

None

The status of the ALB instance is written to the status field after reconciliation. The value of the field indicates the current status of the ALB instance.

AlbConfigSpec

Field

Valid value

Default value

Description

config

LoadBalancerSpec

None

The attributes of the ALB instance.

listeners

ListenerSpec

None

The attributes of the listeners of the ALB instance.

LoadBalancerSpec

Field

Valid value

Default value

Description

id

string

""

The ID of the ALB instance. The ALB instance can be reused if an instance ID is specified.

name

string

k8s-{namespace}-{name}-{hashCode}

The name of the ALB instance.

addressAllocatedMode

  • Dynamic

  • Fixed

Dynamic

The address mode of the ALB instance.

addressType

  • Internet

  • Intranet

Internet

The network type of the IPv4 CIDR block of the ALB instance.

ipv6AddressType

  • Internet

  • Intranet

Intranet

The network type of the IPv6 CIDR block of the ALB instance.

addressIpVersion

  • IPv4

  • DualStack

IPv4

The version of the protocol.

resourceGroupId

string

Default resource group

The ID of the resource group to which the ALB instance belongs.

edition

  • Standard

  • StandardWithWaf

Standard

The feature version of the ALB instance.

deletionProtectionEnabled

*bool

null

A reserved field. This field is not adjustable.

forceOverride

*bool

false

Specifies whether to forcefully overwrite the attributes of the ALB instance in reuse mode.

listenerForceOverride

*bool

null

Specifies whether to forcefully overwrite the attributes of the listeners in reuse mode.

zoneMappings

ZoneMapping

None

The zone and Elastic IP Address (EIP) configuration.

accessLogConfig

AccessLogConfig

None

The log collection configuration.

billingConfig

BillingConfig

None

The billing method.

modificationProtectionConfig

ModificationProtectionConfig

None

The configuration of the configuration read-only mode.

tags

Tag

None

The tags of the ALB instance.

ZoneMapping

Field

Valid value

Default value

Description

vSwitchId

string

""

Required.

The ID of the vSwitch.

zoneId

string

""

Automatically specified.

The zone of the vSwitch.

allocationId

string

""

The ID of the EIP.

eipType

string

""

A reserved field.

AccessLogConfig

Field

Valid value

Default value

Description

logStore

string

""

The name of the Simple Log Service Logstore.

logProject

string

""

The name of the Simple Log Service project.

BillingConfig

Field

Valid value

Default value

Description

internetBandwidth

int

0

A reserved field.

internetChargeType

string

""

A reserved field.

payType

PostPay

PostPay

The billing method.

bandWidthPackageId

string

""

The ID of the associated Internet Shared Bandwidth instance. You cannot disassociate the Internet Shared Bandwidth instance.

ModificationProtectionConfig

Field

Valid value

Default value

Description

reason

string

""

A reserved field.

status

string

""

A reserved field.

Tag

Field

Valid value

Default value

Description

key

""

""

The key of the label.

value

""

""

The value of the label.

ListenerSpec

Field

Valid value

Default value

Description

gzipEnabled

  • null

  • true

  • false

null

Specifies whether to enable compression.

http2Enabled

  • null

  • true

  • false

null

Specifies whether to use HTTP/2.

port

  • int

  • string

0

Required.

The listening port.

protocol

  • HTTP

  • HTTPS

  • QUIC

""

Required.

The listener protocol.

securityPolicyId

string

""

The ID of the TLS security policy.

idleTimeout

int

60

The idle connection timeout period.

Note

A value of 0 indicates that the default value is used.

loadBalancerId

string

""

A reserved field.

description

string

ingress-auto-listener-{port}

The name of the listener.

caEnabled

bool

false

A reserved field.

requestTimeout

int

60

The timeout period of requests.

quicConfig

QuicConfig

The QUIC listener configuration.

defaultActions

Action

null

A reserved field.

caCertificates

Certificate

null

A reserved field.

certificates

Certificate

null

The server certificate of the listener.

xForwardedForConfig

XForwardedForConfig

None

The configuration of the XForward header.

logConfig

LogConfig

None

A reserved field.

aclConfig

AclConfig

None

The access control configuration.

QuicConfig

Field

Valid value

Default value

Description

quicUpgradeEnabled

bool

false

Specifies whether to enable QUIC upgrades.

quicListenerId

string

""

The QUIC listener.

Certificate

Field

Valid value

Default value

Description

IsDefault

bool

false

Specifies whether the current certificate is the default certificate.

Note

Each service or system can have only one default certificate.

CertificateId

string

""

The ID of the certificate.

XForwardedForConfig

Field

Valid value

Default value

Description

XForwardedForClientCertSubjectDNAlias

string

""

The name of the custom header.

This field is valid only when XForwardedForClientCertSubjectDNEnabled is set to true.

XForwardedForClientCertSubjectDNEnabled

bool

false

Specifies whether to use the X-Forwarded-Clientcert-subjectdn header to retrieve information about the owner of the client certificate.

XForwardedForProtoEnabled

bool

false

Specifies whether to use the X-Forwarded-Proto header to retrieve the listener protocol of the ALB instance.

XForwardedForClientCertIssuerDNEnabled

bool

false

Specifies whether to use the X-Forwarded-Clientcert-issuerdn header to retrieve information about the authority that issues the client certificate.

XForwardedForSLBIdEnabled

bool

false

Specifies whether to use the X-Forwarded-For-SLB-ID header to retrieve the ID of the ALB instance.

XForwardedForClientSrcPortEnabled

bool

false

Specifies whether to use the X-Forwarded-Client-Port header to retrieve the client port.

XForwardedForClientCertFingerprintEnabled

bool

false

Specifies whether to use the X-Forwarded-Clientcert-fingerprint header to retrieve the fingerprint of the client certificate.

XForwardedForEnabled

bool

false

Specifies whether to use the X-Forwarded-For header to retrieve client IP addresses.

XForwardedForSLBPortEnabled

bool

false

Specifies whether to use the X-Forwarded-Port header to retrieve the listener ports of the ALB instance.

XForwardedForClientCertClientVerifyAlias

string

""

The name of the custom header.

This field is valid only when XForwardedForClientCertClientVerifyEnabled is set to true.

XForwardedForClientCertIssuerDNAlias

string

""

The name of the custom header.

This field is valid only when XForwardedForClientCertIssuerDNEnabled is set to true.

XForwardedForClientCertFingerprintAlias

string

""

The name of the custom header.

This field is valid only when XForwardedForClientCertFingerprintEnabled is set to true.

XForwardedForClientCertClientVerifyEnabled

bool

false

Specifies whether to use the X-Forwarded-Clientcert-clientverify header to retrieve the verification result of the client certificate.

AclConfig

Field

Valid value

Default value

Description

aclName

string

None

The name of the network ACL in AclEntry mode.

aclType

  • Black

  • White

""

The type of the network ACL, which can be blacklist or whitelist.

aclEntries

string

null

The ACL rules.

aclIds

stringArray

null

The IDs of existing network ACLs.

AlbConfigStatus

Field

Output

Default value

Description

loadBalancer

LoadBalancerStatus

None

The status of the ALB instance.

LoadBalancerStatus

Field

Output

Default value

Description

dnsname

string

None

The DNS address of the ALB instance.

id

string

None

The ID of the ALB instance.

listeners

ListenerStatus

None

The attributes of the listeners.

ListenerStatus

Field

Output

Example

Description

portAndProtocol

string

80/HTTP

The listener and protocol configuration.

certificates

AppliedCertificate

None

The associated certificates.

AppliedCertificate

Field

Output

Example

Description

certificateId

string

xxxx-cn-hangzhou

The ID of the certificate.

isDefault

bool

true

Specifies whether the certificate is the default certificate.

References