All Products
Search
Document Center

Microservices Engine:Overview of MSE Ingress gateways

最終更新日:Nov 15, 2024

An Ingress is an API object that provides Layer-7 load balancing to manage external access to services in a Kubernetes cluster. To provide better support for scenarios where cloud-native applications are deployed, Alibaba Cloud provides Microservices Engine (MSE) Ingress gateways that are developed based on deep integration and optimization of MSE cloud-native gateways and Container Service for Kubernetes (ACK). MSE Ingress gateways help you manage ingress traffic of clusters in an efficient manner. This topic describes the basic concepts, features, and usage notes of MSE Ingress gateways. This topic also describes how an MSE Ingress gateway works and how to install MSE Ingress Controller.

Basic concepts

In a Kubernetes cluster, an Ingress functions as an access point that exposes services in the cluster. The Ingress distributes most of the traffic that is destined for the services in the cluster. An Ingress is a Kubernetes resource that manages external access to the services in a Kubernetes cluster. You can configure routing rules for an Ingress to route traffic to backend pods of different services in the Kubernetes cluster.

Kubernetes Ingress resources allow you to configure only the rules for routing HTTP traffic. Advanced features such as load balancing algorithms and session affinity cannot be configured. The advanced features require support from NGINX Ingress gateways or MSE Ingress gateways.

MSE Ingress gateways are developed based on MSE cloud-native gateways and provide a more powerful method to manage ingress traffic. MSE Ingress gateways are compatible with NGINX Ingress gateways and are compatible with more than 50 annotations defined in NGINX Ingress gateways. MSE Ingress gateways are suitable for more than 90% of scenarios of NGINX Ingress gateways. MSE Ingress gateways support canary releases of multiple service versions at the same time and provide flexible service governance capabilities and comprehensive security protection. MSE Ingress gateways can meet requirements for traffic governance in scenarios in which a large number of cloud-native distributed applications are used.

Features

For more information about the features of MSE Ingress gateways, see the following topics:

Usage notes

Kubernetes services such as Container Service for Kubernetes (ACK) managed clusters, ACK Serverless clusters, and Container Compute Service (ACS) clusters can use MSE Ingress gateways to route external traffic to services in a Kubernetes cluster. This way, Layer-7 load balancing is implemented. You must deploy MSE Ingress Controller in your Kubernetes cluster. MSE Ingress Controller is used to listen to resources defined in MseIngressConfig CustomResourceDefinitions (CRDs) and dynamically manage the lifecycles, global parameter settings, and listening items of Ingress resources for MSE cloud-native gateways. MSE cloud-native gateways are used to listen to Ingress resources in a Kubernetes cluster and convert the listened Ingress resources into the required traffic governance configurations. This way, cluster services are externally exposed. For more information, see Use MSE Ingress gateways to access services in a container cluster.

Kubernetes Ingress resources support only HTTP traffic management. Advanced features are implemented based on annotations. MSE Ingress gateways are compatible with annotations defined in NGINX Ingress gateways and provide additional annotations to enhance traffic governance and security protection. For more information, see Advanced usage of MSE Ingress.

How an MSE Ingress gateway works

Components

  • MSE Ingress Controller:

    MSE Ingress Controller is not a network data plane, but is a control plane that manages MSE cloud-native gateways and their configurations. MSE Ingress Controller does not process any service requests. MSE Ingress Controller works as a traffic bypass to manage MSE cloud-native gateways that process service requests.

    You must install MSE Ingress Controller in your ACK managed cluster, ACK Serverless cluster, or ACS cluster, use the MseIngressConfig CRDs provided by this component to manage cloud-native gateways based on annotations, and configure Ingress resource listening items for the gateways.

    For more information about how to install MSE Ingress Controller, see Manage the MSE Ingress Controller component.

  • MSE cloud-native gateways:

    MSE cloud-native gateways are created by MSE Ingress Controller based on the MseIngressConfig CRDs that you configured. An MSE cloud-native gateway consists of a control plane and a data plane.

  • Control plane: Listens to resources such as Ingresses, Ingress classes, and services in your cluster. The resource configurations are internally parsed and then sent to the data plane of the gateway in real time.

  • Data plane: Implements traffic governance. The data plane processes external requests based on the governance rules that are sent from the control plane, and routes the requests to the destination backend service.

How it works

MSE Ingress Controller listens to the resource that is defined in an MseIngressConfig CRD in your cluster and dynamically maintains the lifecycle of the cloud-native gateway that corresponds to the resource and the association between the gateway and your cluster in real time.

The control plane of the cloud-native gateway obtains the changes in Ingress resources by using the API server of the associated cluster, and dynamically updates the routing rules of the gateway. After the cloud-native gateway receives a request, the gateway matches the request with an Ingress routing rule and routes the request to the pod that corresponds to the backend service based on the matched routing rule.

The following content describes the relationships among services, Ingresses, Ingress classes, MseIngressConfigs, and MSE Ingress Controller in a Kubernetes cluster.

  • Service: an abstraction of real backend services. One service can represent multiple identical backend services.

  • Ingress: a set of reverse proxy rules. An Ingress specifies the service to which HTTP requests or HTTPS requests are routed. For example, an Ingress routes requests to different services based on the hostnames and URLs in the requests.

  • Ingress class: a description of the Ingress processor. An Ingress class is used to declare the implementation of an Ingress processor in a Kubernetes cluster. The Ingress resources that are associated with the Ingress class are parsed by the Ingress processor. You must associate an MseIngressConfig with the Parameter field of the Ingress class to implement the traffic management rule that is specified in the parsed Ingress resource description.

  • MseIngressConfig: a CRD that is provided by MSE Ingress Controller. An MseIngressConfig CRD provides basic information about a cloud-native gateway.

  • MSE Ingress Controller: a control plane that manages MSE cloud-native gateways and their configurations. MSE Ingress Controller is not a network data plane. MSE Ingress Controller is used to listen to Ingress resources defined in MseIngressConfig CRDs in a cluster and coordinate MSE cloud-native gateways to implement the traffic management rule that is specified in the parsed Ingress resource description.

The following figure shows how MSE Ingress Controller works.

ingress的应用场景

Install MSE Ingress Controller

Note

MSE Ingress Controller can be installed in an ACK managed cluster, ACK Serverless cluster, or ACS cluster.

Method 1: Install the MSE Ingress Controller component when you create an ACK managed cluster, ACK Serverless cluster, or ACS cluster

  • When you create an ACK managed cluster or ACK Serverless cluster, select MSE Ingress for Ingress in the Component Configurations step. For more information about how to create a cluster, see Create an ACK managed cluster and Create an ACK Serverless cluster.

    image

  • When you create an ACS cluster, select MSE Ingress for Ingress in the Component Configurations section. For more information about how to create an ACS cluster, see Create an ACS cluster.

    image

Method 2: Install the MSE Ingress Controller component on the Add-ons page

  1. ACK managed cluster or ACK Serverless cluster

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose Operations > Add-ons.

    ACS cluster

    1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side navigation pane, choose Operations > Add-ons.

  2. On the Add-ons page, enter mse in the search box, and click the search icon. Then, click Install on the MSE Ingress Controller component card.

    image

Method 3: Install the MSE Ingress Controller component on the Ingresses page of your cluster

ACK managed cluster or ACK Serverless cluster

  1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Network > Ingresses.

  3. On the Ingresses page, click Create Ingress in the upper-right corner. In the Create Ingress panel, select MSE Ingress for Gateway Type. Then, install the component as prompted.

    image

ACS cluster

  1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

  2. On the Clusters page, find the cluster that you want to manage and click its ID. In the left-side pane, choose Network > Ingresses.

  3. On the Ingresses page, click Create Ingress in the upper-right corner. In the Create Ingress panel, select MSE Ingress for Gateway Type. Then, install the component as prompted.

    image

Release notes

August 2024

Version

Release date

Description

Impact

1.1.11

2024-08-16

Gateways can be created across regions and virtual private clouds (VPCs). Managed Service for OpenTelemetry is supported.

No impact on workloads

July 2024

Version

Release date

Description

Impact

1.1.10

2024-07-18

Ingress listening of serverless gateways is optimized.

No impact on workloads

June 2024

Version

Release date

Description

Impact

1.1.9

2024-06-28

Alibaba Cloud Container Compute Service (ACS) clusters and cross-zone deployment are supported. Serverless gateway instances can be created.

No impact on workloads

November 2023

Version

Release date

Description

Impact

1.1.7

2023-11-13

The global parameters for creating and reusing MSE cloud-native gateways are adjusted for the installation of the MSE Ingress Controller component.

No impact on workloads

1.1.6

2023-11-07

MSE cloud-native gateways can be created or reused when the MSE Ingress Controller component is installed.

No impact on workloads

August 2023

Version

Release date

Description

Impact

1.1.5

2023-08-28

The authorization logic of the MSE Ingress Controller component is optimized.

No impact on workloads

1.1.4

2023-08-16

  • The MSE Ingress Controller component is unavailable from the application marketplace.

  • The authorization of the MSE Ingress Controller component is supported.

  • The ARM64 architecture is supported.

No impact on workloads

June 2023

Version

Release date

Description

Impact

1.1.3

2023-06-02

  • Region detection is supported for Transport Layer Security (TLS) hardware acceleration.

  • The number of controller replicas is adjusted to 1 to reduce costs.

No impact on workloads

March 2023

Version

Release date

Description

Impact

1.1.2

2023-03-31

The permissions of the MSE Ingress Controller component is restricted.

No impact on workloads

December 2022

Version

Release date

Description

Impact

1.1.0

2022-12-23

The component management feature is provided for the MSE Ingress Controller component.

No impact on workloads