As Higress Enterprise Edition gateways, Microservices Engine (MSE) Ingress gateways are compatible with NGINX Ingress gateways. Compared with the performance of open source self-managed Ingress gateways, the performance of MSE Ingress gateways is doubled. MSE Ingress gateways are certified as industry-leading Ingress gateways by the China Academy of Information and Communications Technology (CAICT) based on security maturity. MSE Ingress gateways provide the advantages of low cost, security protection, high integration, and high availability. This topic describes how to use MSE Ingress gateways to access services in Container Service for Kubernetes (ACK) clusters and Container Compute Service (ACS) clusters.
For security purposes, MSE Ingress gateways cannot expose services in the kube-system namespace.
Prerequisites
MSE Ingress Controller is installed in an ACK managed cluster, an ACK Serverless cluster, or an ACS cluster.
You are granted permissions to MSE Ingress Controller in your cluster. If your cluster is an ACK managed cluster or ACK Serverless cluster, click the link to grant permissions. If your cluster is an ACS cluster, click the link to grant permissions.
A cluster of version V1.18 or later is created. For more information about how to create a cluster, see Create an ACK managed cluster, Create an ACK Serverless cluster, or Create an ACS cluster. If the version of your cluster is earlier than V1.18, upgrade the cluster. For more information about upgrade operations, see Manually upgrade ACK clusters.
Step 1: Install MSE Ingress Controller
ACK managed clusters or ACK Serverless clusters
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose .
ACS clusters
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Operations > Add-ons.
On the Add-ons page, enter
mse
in the search box, and click Install in the MSE Ingress Controller resource card.In the Install MSE Ingress Controller dialog box, configure the parameters and click OK.
ACK managed clusters or ACK Serverless clusters
A pay-as-you-go Professional Edition cloud-native gateway is automatically created. The gateway has two nodes, each of which has 2 CPU cores and 4 GB of memory. A Standard I (slb.s2.small) Classic Load Balancer (CLB) instance is also created based on the specified network type. You can change the preceding default specifications after the gateway and CLB instance are created.
ACS clusters
A serverless cloud-native gateway is automatically created and a Network Load Balancer (NLB) instance is created based on the specified network type.
If the error message Failed to pass the precheck. appears when you install MSE Ingress Controller, grant permissions to MSE Ingress Controller. If your cluster is an ACK managed cluster or ACK Serverless cluster, click the link to grant permissions. If your cluster is an ACS cluster, click the link to grant permissions.
After MSE Ingress Controller is installed, the system automatically creates an MseIngressConfig resource named
mse-ingress-pro/serverless-{clusterid}
and an IngressClass resource named mse.You can go to the ACK console, and click the name of the cluster. In the left-side navigation pane, choose Workloads > Deployments > Custom Resources. On the Resource Objects tab of the Custom Resources page, enter
mse
in the search box in the API Group section, and click the search icon to query the gateway status in theMseIngressConfig
resource description. If the status changes to Listening after 3 to 5 minutes, the cloud-native gateway is created and is in the Running state. The gateway automatically listens to the Ingress resources whose IngressClass is mse in the cluster.NoteIn normal cases, the gateway status in MseIngressConfig changes in the following order: Pending > Running > Listening. Status description:
Pending: The cloud-native gateway is being created. You must wait about 3 minutes.
Running: The cloud-native gateway is created and is running.
Listening: The cloud-native gateway is running and listens to Ingress resources in the cluster.
Failed: The cloud-native gateway is in the invalid state. You can view Message in the Status field to identify the cause.
ImportantWhen you create a cluster, an MseIngressConfig resource is automatically created during the installation of MSE Ingress Controller. The lifecycle of the MseIngressConfig resource is associated with the lifecycle of the MSE cloud-native gateway. If you delete an MseIngressConfig resource, the associated MSE cloud-native gateway instance is also deleted. Do not delete MseIngressConfig resources unless otherwise specified.
If the IngressClass resource named mse already exists in the cluster before you install MSE Ingress Controller, an MSE cloud-native gateway and the associated MseIngressConfig resource are not automatically created during the installation of MSE Ingress Controller.
Log on to the MSE console. Check that a cloud-native gateway named
mse-ingress-pro/serverless-{clusterid}
is created in the region.
Step 2: Deploy a backend service
ACK managed clusters or ACK Serverless clusters
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose .
ACS clusters
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose
.
On the Deployments page, click Create from YAML. Use the following YAML code to deploy a deployment named httpbin and a service named httpbin.
apiVersion: apps/v1 kind: Deployment metadata: name: httpbin namespace: default spec: replicas: 1 selector: matchLabels: app: httpbin template: metadata: labels: app: httpbin version: v1 spec: containers: - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin args: - "--version=v1" imagePullPolicy: Always name: httpbin --- apiVersion: v1 kind: Service metadata: name: httpbin namespace: default spec: ports: - port: 8080 protocol: TCP selector: app: httpbin
Step 3: Configure an MSE Ingress gateway
ACK managed clusters or ACK Serverless clusters
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose .
ACS clusters
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Network > Ingresses.
On the Ingresses page, click Create Ingress.
In the Create Ingress dialog box, select MSE Ingress for Gateway Type, configure the associated backend services and annotations, and then click OK.
Set Ingress Class to mse. To configure a route, select Prefix (Prefix-based Match) from the Rule drop-down list, enter
/
in the Path field, and then select httpbin from the Service drop-down list.Log on to the MSE console. Check that a route is configured for the cloud-native gateway and the route name contains httpbin.
Step 4: Access the service
Obtain the gateway IP address by using one of the following methods:
ACK managed clusters or ACK Serverless clusters
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose .
On the Ingresses page, view the Ingress endpoint.
ACS clusters
Log on to the ACS console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Network > Ingresses.
On the Ingresses page, view the Ingress endpoint.
Log on to the MSE console. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway. On the Overview page of the cloud-native gateway, view the IP address of the load balancer instance that is associated with the gateway.
Use web browsers, cmd, or other command-line tools to access the path in the format of
IP address of the load balancer instance/version
and test services.
References
For more information about MSE Ingress gateways and how MSE Ingress gateways work, see Overview of MSE Ingress gateways.