All Products
Search
Document Center

Microservices Engine:Use MSE Ingress gateways to access services in ACK clusters and ACS clusters

Last Updated:Dec 12, 2024

As Higress Enterprise Edition gateways, Microservices Engine (MSE) Ingress gateways are compatible with NGINX Ingress gateways. Compared with the performance of open source self-managed Ingress gateways, the performance of MSE Ingress gateways is doubled. MSE Ingress gateways are certified as industry-leading Ingress gateways by the China Academy of Information and Communications Technology (CAICT) based on security maturity. MSE Ingress gateways provide the advantages of low cost, security protection, high integration, and high availability. This topic describes how to use MSE Ingress gateways to access services in Container Service for Kubernetes (ACK) clusters and Container Compute Service (ACS) clusters.

Important

For security purposes, MSE Ingress gateways cannot expose services in the kube-system namespace.

Prerequisites

MSE Ingress Controller is installed in an ACK managed cluster, an ACK Serverless cluster, or an ACS cluster.

  • You are granted permissions to MSE Ingress Controller in your cluster. If your cluster is an ACK managed cluster or ACK Serverless cluster, click the link to grant permissions. If your cluster is an ACS cluster, click the link to grant permissions.

  • A cluster of version V1.18 or later is created. For more information about how to create a cluster, see Create an ACK managed cluster, Create an ACK Serverless cluster, or Create an ACS cluster. If the version of your cluster is earlier than V1.18, upgrade the cluster. For more information about upgrade operations, see Manually upgrade ACK clusters.

Step 1: Install MSE Ingress Controller

  1. ACK managed clusters or ACK Serverless clusters

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Operations > Add-ons.

    ACS clusters

    1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Operations > Add-ons.

  2. On the Add-ons page, enter mse in the search box, and click Install in the MSE Ingress Controller resource card.

    image.png

  3. In the Install MSE Ingress Controller dialog box, configure the parameters and click OK.

    ACK managed clusters or ACK Serverless clusters

    A pay-as-you-go Professional Edition cloud-native gateway is automatically created. The gateway has two nodes, each of which has 2 CPU cores and 4 GB of memory. A Standard I (slb.s2.small) Classic Load Balancer (CLB) instance is also created based on the specified network type. You can change the preceding default specifications after the gateway and CLB instance are created.参数配置.png

    ACS clusters

    A serverless cloud-native gateway is automatically created and a Network Load Balancer (NLB) instance is created based on the specified network type.

    image

  4. If the error message Failed to pass the precheck. appears when you install MSE Ingress Controller, grant permissions to MSE Ingress Controller. If your cluster is an ACK managed cluster or ACK Serverless cluster, click the link to grant permissions. If your cluster is an ACS cluster, click the link to grant permissions.

    查看报告.png

  5. After MSE Ingress Controller is installed, the system automatically creates an MseIngressConfig resource named mse-ingress-pro/serverless-{clusterid} and an IngressClass resource named mse.

    You can go to the ACK console, and click the name of the cluster. In the left-side navigation pane, choose Workloads > Deployments > Custom Resources. On the Resource Objects tab of the Custom Resources page, enter mse in the search box in the API Group section, and click the search icon to query the gateway status in the MseIngressConfig resource description. If the status changes to Listening after 3 to 5 minutes, the cloud-native gateway is created and is in the Running state. The gateway automatically listens to the Ingress resources whose IngressClass is mse in the cluster.image.png

    Note

    In normal cases, the gateway status in MseIngressConfig changes in the following order: Pending > Running > Listening. Status description:

    • Pending: The cloud-native gateway is being created. You must wait about 3 minutes.

    • Running: The cloud-native gateway is created and is running.

    • Listening: The cloud-native gateway is running and listens to Ingress resources in the cluster.

    • Failed: The cloud-native gateway is in the invalid state. You can view Message in the Status field to identify the cause.

    Important
    • When you create a cluster, an MseIngressConfig resource is automatically created during the installation of MSE Ingress Controller. The lifecycle of the MseIngressConfig resource is associated with the lifecycle of the MSE cloud-native gateway. If you delete an MseIngressConfig resource, the associated MSE cloud-native gateway instance is also deleted. Do not delete MseIngressConfig resources unless otherwise specified.

    • If the IngressClass resource named mse already exists in the cluster before you install MSE Ingress Controller, an MSE cloud-native gateway and the associated MseIngressConfig resource are not automatically created during the installation of MSE Ingress Controller.

  6. Log on to the MSE console. Check that a cloud-native gateway named mse-ingress-pro/serverless-{clusterid} is created in the region.

Step 2: Deploy a backend service

  1. ACK managed clusters or ACK Serverless clusters

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Workloads > Deployments.

    ACS clusters

    1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Workloads > Deployments.

  2. On the Deployments page, click Create from YAML. Use the following YAML code to deploy a deployment named httpbin and a service named httpbin.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: httpbin
      namespace: default
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: httpbin
      template:
        metadata:
          labels:
            app: httpbin
            version: v1
        spec:
          containers:
            - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin
              args:
                - "--version=v1"
              imagePullPolicy: Always
              name: httpbin
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: httpbin
      namespace: default
    spec:
      ports:
        - port: 8080
          protocol: TCP
      selector:
        app: httpbin

Step 3: Configure an MSE Ingress gateway

  1. ACK managed clusters or ACK Serverless clusters

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Ingresses.

    ACS clusters

    1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Network > Ingresses.

  2. On the Ingresses page, click Create Ingress.

  3. In the Create Ingress dialog box, select MSE Ingress for Gateway Type, configure the associated backend services and annotations, and then click OK.

    Set Ingress Class to mse. To configure a route, select Prefix (Prefix-based Match) from the Rule drop-down list, enter / in the Path field, and then select httpbin from the Service drop-down list.image.png

  4. Log on to the MSE console. Check that a route is configured for the cloud-native gateway and the route name contains httpbin.

    image.png

Step 4: Access the service

  1. Obtain the gateway IP address by using one of the following methods:

    • ACK managed clusters or ACK Serverless clusters

      1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

      2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Ingresses.

      3. On the Ingresses page, view the Ingress endpoint.

        image.png

      ACS clusters

      1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

      2. On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane of the cluster details page, choose Network > Ingresses.

      3. On the Ingresses page, view the Ingress endpoint.

        image

    • Log on to the MSE console. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway. On the Overview page of the cloud-native gateway, view the IP address of the load balancer instance that is associated with the gateway.

      查看地址.png

  2. Use web browsers, cmd, or other command-line tools to access the path in the format of IP address of the load balancer instance/version and test services.

    image.png

References

For more information about MSE Ingress gateways and how MSE Ingress gateways work, see Overview of MSE Ingress gateways.