As Higress Enterprise Edition gateways, Microservices Engine (MSE) Ingress gateways are fully compatible with NGINX Ingress gateways. Compared with the performance of open source self-managed Ingress gateways, the performance of MSE Ingress gateways is doubled. MSE Ingress gateways are certified as industry-leading Ingress gateways by the China Academy of Information and Communications Technology (CAICT) based on security maturity. MSE Ingress gateways provide the advantages of low cost, security protection, high integration, and high availability. This topic describes how to use MSE Ingress gateways to access services in Container Service for Kubernetes (ACK) clusters.
For security purposes, MSE Ingress gateways cannot expose services in the kube-system namespace.
Prerequisites
Permissions are granted to MSE Ingress Controller. You can click here to grant permissions.
An ACK cluster in version V1.18 or later is created. For more information about how to create an ACK cluster, see Create an ACK dedicated cluster or Create an ACK managed cluster. If the version of your cluster is earlier than V1.18, upgrade the cluster. For more information about how to upgrade an ACK cluster, see Update an ACK cluster.
Step 1: Install MSE Ingress Controller
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
On the Add-ons page, enter mse in the search box in the upper-right corner, and click Install in the MSE Ingress Controller resource card.
In the dialog box that appears, configure the parameters and click OK.
A pay-as-you-go Professional Edition MSE cloud-native gateway that has two nodes (2 CPU cores and 4 GB of memory) is automatically created. A Standard I (slb.s2.small) Classic Load Balancer (CLB) instance is also created based on the specified network type. You can change the preceding default specifications after the gateway is created.
If you encounter precheck failures when installing the MSE Ingress controller, authorize the MSE Ingress controller to access MSE.
After MSE Ingress Controller is installed, the system automatically creates an MseIngressConfig resource named mse-ingress-pro-{clusterid} and an IngressClass resource named mse.
You can go to the ACK console, and click the name of the cluster. In the left-side navigation pane, choose Workloads > Deployments > Custom Resources. On the Resource Objects tab of the Custom Resources page, enter mse in the search box in the API Group section, and click the search icon to query the gateway status in the MseIngressConfig resource description. If the status changes to Listening after 3 to 5 minutes, the cloud-native gateway is created and is in the Running state. The gateway automatically listens to the Ingress resources whose IngressClass is mse in the cluster.
NoteIn normal cases, the gateway status in MseIngressConfig changes in the following order: Pending > Running > Listening. Status description:
Pending: The cloud-native gateway is being created. You must wait about 3 minutes.
Running: The cloud-native gateway is created and is running.
Listening: The cloud-native gateway is running and listens to Ingress resources in the cluster.
Failed: The cloud-native gateway is in the invalid state. You can view Message in the Status field to identify the cause.
ImportantWhen you create a cluster, an MseIngressConfig resource is automatically created during the installation of MSE Ingress Controller. The lifecycle of the MseIngressConfig resource is associated with the lifecycle of the MSE cloud-native gateway. If you delete an MseIngressConfig resource, the associated MSE cloud-native gateway instance is also deleted. Do not delete MseIngressConfig resources unless otherwise specified.
If the IngressClass resource named mse already exists in the cluster before you install MSE Ingress Controller, an MSE cloud-native gateway and the associated MseIngressConfig resource are not automatically created during the installation of MSE Ingress Controller.
Log on to the MSE console. Confirm that the cloud-native gateway named mse-ingress-pro-{clusterid} is created in the region.
Step 2: Deploy a backend service
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
In the upper-right corner of the Deployments page, click Create from YAML. Use the following YAML code to deploy a deployment named httpbin and a service named httpbin.
apiVersion: apps/v1 kind: Deployment metadata: name: httpbin namespace: default spec: replicas: 1 selector: matchLabels: app: httpbin template: metadata: labels: app: httpbin version: v1 spec: containers: - image: registry.cn-hangzhou.aliyuncs.com/mse-ingress/go-httpbin args: - "--version=v1" imagePullPolicy: Always name: httpbin --- apiVersion: v1 kind: Service metadata: name: httpbin namespace: default spec: ports: - port: 8080 protocol: TCP selector: app: httpbin
Step 3: Configure an MSE Ingress gateway
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
On the Ingresses page, click Create Ingress.
In the Create Ingress dialog box, select MSE Cloud-native Gateway for Gateway Type, configure the services and annotations associated with the backend service, and then click OK.
Set Ingress Class to mse. To configure a route, select Prefix (Prefix-based Match) from the Rule drop-down list, enter
/
in the Path field, and then select httpbin from the Service drop-down list.Log on to the MSE console. Confirm that a route is configured for the cloud-native gateway and the route name contains httpbin.
Step 4: Access the service
Obtain the gateway IP address by using one of the following methods:
Log on to the ACK console. On the Clusters page, click the name of the cluster that you want to manage. In the left-side navigation pane, choose Network > Ingresses to view the Ingress endpoint.
Log on to the MSE console. In the left-side navigation pane, choose Cloud-native Gateway > Gateways. On the Gateways page, click the name of the gateway. On the Overview page of the cloud-native gateway, view the IP address of the CLB instance that is associated with the gateway.
Use web browsers, Postman, or other command-line tools to test traffic.