All Products
Search
Document Center

Container Service for Kubernetes:Use MSE Ingresses to access applications in ACK clusters

最終更新日:Jan 11, 2024

As Higress Enterprise Edition gateways, Microservices Engine (MSE) Ingress gateways are fully compatible with NGINX Ingress gateways. Compared with the performance of open source self-managed Ingress gateways, the performance of MSE Ingress gateways is doubled. MSE Ingress gateways are certified as industry-leading Ingress gateways by the China Academy of Information and Communications Technology (CAICT) based on security maturity. MSE Ingress gateways provide the advantages of low cost, security protection, high integration, and high availability. This topic describes how to use MSE Ingress gateways to access services in Container Service for Kubernetes (ACK) clusters.

Important

For security purposes, MSE Ingress gateways cannot expose services in the kube-system namespace.

Prerequisites

  • Permissions are granted to MSE Ingress Controller. You can click here to grant permissions.

  • An ACK cluster in version V1.18 or later is created. For more information about how to create an ACK cluster, see Create an ACK dedicated cluster or Create an ACK managed cluster. If the version of your cluster is earlier than V1.18, upgrade the cluster. For more information about how to upgrade an ACK cluster, see Update an ACK cluster.

Step 1: Install MSE Ingress Controller

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, click the name of the cluster that you want to manage and choose Operations > Add-ons in the left-side navigation pane.

  3. On the Add-ons page, enter mse in the search box in the upper-right corner, and click Install in the MSE Ingress Controller resource card.

  4. In the dialog box that appears, configure the parameters and click OK.

    A pay-as-you-go Professional Edition MSE cloud-native gateway that has two nodes (2 CPU cores and 4 GB of memory) is automatically created. A Standard I (slb.s2.small) Classic Load Balancer (CLB) instance is also created based on the specified network type. You can change the preceding default specifications after the gateway is created.参数配置.png

  5. If you encounter precheck failures when installing the MSE Ingress controller, authorize the MSE Ingress controller to access MSE.

  6. After MSE Ingress Controller is installed, the system automatically creates an MseIngressConfig resource named mse-ingress-pro-{clusterid} and an IngressClass resource named mse.

    You can go to the ACK console, and click the name of the cluster. In the left-side navigation pane, choose Workloads > Deployments > Custom Resources. On the Resource Objects tab of the Custom Resources page, enter mse in the search box in the API Group section, and click the search icon to query the gateway status in the MseIngressConfig resource description. If the status changes to Listening after 3 to 5 minutes, the cloud-native gateway is created and is in the Running state. The gateway automatically listens to the Ingress resources whose IngressClass is mse in the cluster.

    Note

    In normal cases, the gateway status in MseIngressConfig changes in the following order: Pending > Running > Listening. Status description:

    • Pending: The cloud-native gateway is being created. You must wait about 3 minutes.

    • Running: The cloud-native gateway is created and is running.

    • Listening: The cloud-native gateway is running and listens to Ingress resources in the cluster.

    • Failed: The cloud-native gateway is in the invalid state. You can view Message in the Status field to identify the cause.

    Important
    • When you create a cluster, an MseIngressConfig resource is automatically created during the installation of MSE Ingress Controller. The lifecycle of the MseIngressConfig resource is associated with the lifecycle of the MSE cloud-native gateway. If you delete an MseIngressConfig resource, the associated MSE cloud-native gateway instance is also deleted. Do not delete MseIngressConfig resources unless otherwise specified.

    • If the IngressClass resource named mse already exists in the cluster before you install MSE Ingress Controller, an MSE cloud-native gateway and the associated MseIngressConfig resource are not automatically created during the installation of MSE Ingress Controller.

  7. Log on to the MSE console. Confirm that the cloud-native gateway named mse-ingress-pro-{clusterid} is created in the region.

Step 2: Deploy a backend service

  1. On the Clusters page, click the name of the cluster that you want to manage and choose Workloads > Deployments in the left-side navigation pane.

  2. In the upper-right corner of the Deployments page, click Create from YAML. Use the following YAML code to deploy a deployment named httpbin and a service named httpbin.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: httpbin
      namespace: default
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: httpbin
      template:
        metadata:
          labels:
            app: httpbin
            version: v1
        spec:
          containers:
            - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin
              args:
                - "--version=v1"
              imagePullPolicy: Always
              name: httpbin
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: httpbin
      namespace: default
    spec:
      ports:
        - port: 8080
          protocol: TCP
      selector:
        app: httpbin

Step 3: Configure an MSE Ingress gateway

  1. On the Clusters page, click the name of the cluster that you want to manage and choose Network > Ingresses in the left-side navigation pane.

  2. On the Ingresses page, click Create Ingress.

  3. In the Create Ingress dialog box, select MSE Cloud-native Gateway for Gateway Type, configure the services and annotations associated with the backend service, and then click OK.

    Set Ingress Class to mse. To configure a route, select Prefix (Prefix-based Match) from the Rule drop-down list, enter / in the Path field, and then select httpbin from the Service drop-down list.

  4. Log on to the MSE console. Confirm that a route is configured for the cloud-native gateway and the route name contains httpbin.

Step 4: Access the service

  1. Obtain the gateway IP address by using one of the following methods:

    • Log on to the ACK console. On the Clusters page, click the name of the cluster that you want to manage. In the left-side navigation pane, choose Network > Ingresses to view the Ingress endpoint.

    • Log on to the MSE console. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway. On the Overview page of the cloud-native gateway, view the IP address of the CLB instance that is associated with the gateway.

  2. Use web browsers, Postman, or other command-line tools to test traffic.