In addition to Container Service for Kubernetes (ACK) and ACK Serverless, Application Load Balancer (ALB) Ingresses can be used together with Enterprise Distributed Application Service (EDAS), Serverless App Engine (SAE), and self-managed Kubernetes clusters in the cloud to meet your business requirements. This topic describes the basic and advanced features of ALB Ingresses and provides references on how to use ALB Ingresses together with other services.
Basic features
An AlbConfig is a custom resource definition (CRD) object of ACK that is used by the ALB Ingress controller to configure ALB instances and listeners. The following table describes how to install and uninstall the ALB Ingress controller in ACK and ACK Serverless clusters, create and modify AlbConfigs, and enable Simple Log Service.
Item | Feature | Description | References for ACK | References for ACK Serverless |
ALB Ingress Controller | Manage the ALB Ingress controller | ACK provides managed ALB Ingress controllers. You can install an ALB Ingress controller when you create a cluster or install the controller on the Components page after you create a cluster. | ||
Instance management | Create an AlbConfig | An AlbConfig is a CRD object that is used by the ALB Ingress controller to configure ALB instances and listeners. An AlbConfig is used to configure a single ALB instance. If you want to configure multiple ALB instances, you must create multiple AlbConfigs. | ||
Associate an AlbConfig with an Ingress | You can associate an AlbConfig with an Ingress by using an IngressClass. To do this, you must first create an IngressClass. | Use an IngressClass to associate an AlbConfig with an Ingress | ||
Modify an AlbConfig | You can modify the settings of an AlbConfig, such as the name and the vSwitches of the AlbConfig. The new settings take effect immediately after you save the settings. | |||
Enable Simple Log Service to collect access logs | If you want to collect the access logs of ALB Ingresses, configure the Note
| |||
Use an existing ALB instance | If you want to use an existing ALB instance, specify the ID of the ALB instance when you create an AlbConfig. | |||
Use multiple ALB instances | If you want to use multiple ALB instances, specify multiple IngressClasses in the | |||
Delete an ALB instance | An AlbConfig is used to configure an ALB instance. Therefore, you can delete an ALB instance by deleting the corresponding AlbConfig. Before you delete an AlbConfig, you must delete all Ingresses that are associated with the AlbConfig. | |||
Listener management | Specify a certificate for HTTPS connections | You can specify a certificate for an ALB instance by specifying the certificate ID in the | Use an ALB Ingress to configure certificates for an HTTPS listener | Use an ALB Ingress to configure certificates for an HTTPS listener |
Specify a Transport Layer Security (TLS) security policy | When you use an AlbConfig to configure an HTTPS listener, you can specify a TLS security policy. Custom and default TLS security policies are supported. For more information, see TLS security policies. |
Advanced features
An Ingress is an API object that you can use to implement Layer 7 load balancing and manage external access to Services in an ACK cluster. The following table describes how to use ALB Ingresses to forward requests to backend server groups based on domain names and URL paths, redirect requests from HTTP to HTTPS, and perform canary releases.
Feature | Description | References for ACK | References for ACK Serverless |
Forward requests based on domain names | You can create an Ingress with or without a domain name, and then use the Ingress to forward requests. | ||
Forward requests based on URL paths | ALB Ingresses can forward requests based on URL paths. You can use the | ||
Custom forwarding rules | ALB Ingresses allow you to configure custom forwarding rules. A forwarding rule consists of match conditions and actions. ALB Ingresses support the following operations:
Important
| ||
Configure health checks | You can add annotations to ALB Ingresses to configure health checks. Health check parameters include path, protocol, method, httpcode, timeout, interval, and threshold. | ||
Configure automatic certificate discovery | The ALB Ingress controller supports automatic certificate discovery. You must first create a certificate in the Certificate Management Service console. Then, specify the domain name of the certificate in the TLS configurations of the Ingress. This way, the ALB Ingress controller can automatically discover and match the certificate based on the TLS configurations of the Ingress. | Use an ALB Ingress to configure certificates for an HTTPS listener | Use an ALB Ingress to configure certificates for an HTTPS listener |
Configure a redirect from HTTP requests to HTTPS requests | You can configure an ALB Ingress to redirect HTTP requests to HTTPS (port 443) by adding the | ||
Configure the HTTPS or gRPC protocol | ALB Ingresses support the HTTPS or gRPC protocol. To configure HTTPS or gRPC, add the Note You cannot change the backend protocol. If you need to change the protocol, delete and rebuild the Ingress. | ||
Configure rewrite rules | ALB Ingresses support rewrite rules. To configure rewrite rules, add the Note
| ||
Configure custom listening ports | ALB Ingresses allow you to configure custom listening ports to expose multiple ports at the same time. You can use this method to expose both port 80 and port 443 of a Service to the internet. | ||
Configure forwarding rule priorities | You can add an annotation to the configuration of an Ingress to configure the priorities of the forwarding rules of the Ingress. Note The priority of each forwarding rule within a listener is unique. You can use the | ||
Use annotations to perform canary releases | ALB allows you to configure canary releases based on request headers, cookies, and weights to handle complex traffic routing. You can add annotations to configure canary releases. You can add the | ||
Configure session persistence | You can configure session persistence for an ALB Ingress by adding the | ||
Specify a load balancing algorithm for backend server groups | You can specify a load balancing algorithm for backend server groups by adding the | ||
Configure cross-origin resource sharing (CORS) | ALB Ingresses allow you to configure CORS by using annotations. | ||
Configure persistent TCP connections | Each time a traditional load balancer forwards a request to a backend server, it creates a short-lived connection. This action causes unnecessary load on the server and performance bottleneck issues. ALB provides the persistent TCP connection feature, which reduces the amount of resources consumed for establishing network connections and improves forwarding performance. You can add the | ||
Configure QPS throttling | ALB supports QPS throttling based on forwarding rules. You can limit the QPS to a range of 1 to 100000. You can add the | ||
|
|
Integration with other services
Integration with Alibaba Cloud services
Alibaba Cloud service | Feature | Description | References |
WAF | Enable Web Application Firewall (WAF) for an ALB Ingress | Web Application Firewall (WAF) is an all-in-one service that protects your websites and applications. You can use WAF to prevent data breaches, HTTP flood attacks, webshells, and web page tampering. WAF also provides virtual patches. After you enable WAF for an ALB Ingress, network traffic is filtered by WAF before it is routed to ALB listeners. | |
EDAS | Create an ALB Ingress for an application | EDAS supports ALB Ingresses. ALB Ingresses provide enhanced traffic management and are compatible with NGINX Ingresses. This enables ALB Ingresses to process complex routing and automatically discover certificates. | |
SAE | Configure an end-to-end canary release based on Ingress gateways | You can use Ingress gateways to perform end-to-end canary releases for SAE applications. | |
ASM | Integrate Service Mesh (ASM) with ALB by configuring an ALB Ingress | You can configure an ALB Ingress to integrate ASM with ALB. | |
HPA | Integrate Horizontal Pod Autoscaler (HPA) with ALB by configuring an ALB Ingress | HPA is used to automatically scale out pods in Kubernetes clusters. You can integrate HPA with ALB by using ALB Ingresses and enable auto scaling based on queries per second (QPS). | Use ALB Ingresses to enable automatic application scaling based on QPS |
Knative | Enable ACK and ACK Serverless clusters that have Knative installed to access services through ALB | Knative is a Kubernetes-based serverless framework. You can use Knative to expose your ALB Service and perform canary releases based on headers and cookies. |
Integration with open source services
Open source service | Feature | Description | References |
Self-managed Kubernetes clusters in the cloud | Use ALB in self-managed Kubernetes clusters by configuring ALB Ingresses | If you use ECS instances to build a Kubernetes cluster, you can configure an ALB Ingress to route traffic. This enables the cluster to automatically discover the ALB Service and enable load balancing. |