Configuring ALB Ingress Controller

The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.

Available in VPC

You can route traffic by integrating Kubernetes Ingress with Load Balancer through ALB Ingress Controller.

When Ingress is created in the Kubernetes system, ALB Ingress Controller uses the values set at Ingress to create a Load Balancer instance. When an instance is created, the Ingress Rule uses the set service's node port as the port value to create a target group and register it to the instance.

Caution

NAVER Cloud Platform's Load Balancer, created in Kubernetes, is managed by the resources of Kubernetes.
If you edit a Load Balancer directly in the console or via the API, Kubernetes and the Load Balancer may fall out of sync, potentially causing unexpected issues. If you need to change Load Balancer settings, always update the Kubernetes resources instead.
Technical support is not provided for issues caused by direct changes made through the console or API.

Install ALB Ingress Controller

To prepare the ALB Ingress Controller after installing in the cluster:

Install the ALB Ingress Controller by running the command corresponding to each Region:

Note

If the cluster’s hypervisor is KVM, you can use ALB Ingress Controller without installation as it is included by default.
- alb-ingress-controller is created in the kube-system namespace, and necessary ServiceAccount, ClusterRole, ClusterRoleBinding, and IngressClass are created together.
- Korea
```
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub/install.yaml
```
  - In Kubernetes versions below 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub/install.yaml.
- Singapore
```
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub-sg/install.yaml
```
  - In Kubernetes versions below 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub-sg/install.yaml.
- Japan
```
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub-jp/install.yaml
```
  - In Kubernetes versions below 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub-jp/install.yaml.
Check if the ALB Ingress Controller is running normally.

kubectl --kubeconfig=$KUBE_CONFIG get pods -n kube-system -l app.kubernetes.io/name=alb-ingress-controller

Add the spec.ingressClassName: alb field to the resources of Ingress.
- In Kubernetes versions below 1.19, add kubernetes.io/ingress.class: alb annotation.

ALB Ingress Controller setting and annotation

Default ALB Ingress Controller setting

The default setting of the ALB Ingress Controller is as follows:

Service type: NodePort
All services to be exposed through Ingress must be created in the NodePort type.
Default Rule
Default Rule is applied when there is no matching rule, and it can be set in spec.defaultBackend.
You cannot configure rules and use-annotations separately, and a default target group set to Port 80 is created if not configured.
Rule Priority
Priority is determined according to the order of rules defined in Ingress. The priority of the topmost rule is set to 1.

ALB Ingress Controller annotation

You can use annotations in Kubernetes Ingress and service objects to change settings.

Use the required annotations while referring to the following table: All annotations of the ALB Ingress Controller start with alb.ingress.kubernetes.io/.

Annotation	Default	Applicable resource	Description
`alb.ingress.kubernetes.io/listen-ports`	[{"HTTP":80}] (if a certificate number is set, use [{"HTTPS":443}])	Ingress	Listener's protocol and port configuration list. Supported protocols are HTTP and HTTPS.
`alb.ingress.kubernetes.io/description`	Automatically Created By NKS	Ingress	Load Balancer memo
`alb.ingress.kubernetes.io/ssl-certificate-no`	N/A	Ingress	Certificate Manager certificate number to be applied to the listener of which the protocol is HTTPS. Multiple certificates can be registered using a comma as a separator. You can check the certificate number in Resource Manager's nrn. (Example: nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo})
`alb.ingress.kubernetes.io/ssl-min-version`	TLSV10	Ingress	TLS Protocol version - Configurable versions and values TLS v1.0: TLSV10 TLS v1.1: TLSV11 TLS v1.2: TLSV12 TLS v1.3: TLSV13
`alb.ingress.kubernetes.io/enable-http2`	false	Ingress	Whether HTTP/2 of the listener with the HTTPS protocol is enabled.
`alb.ingress.kubernetes.io/cipher-suite-list`	All cipher suites supported by the listener.	Ingress	List of Cipher Suite supported by listener (Example: ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"])
`alb.ingress.kubernetes.io/load-balancer-size`	small	Ingress	Load balancer's load processing performance settings Configurable values: small, medium, large, and xlarge
`alb.ingress.kubernetes.io/idle-timeout`	60	Ingress	Load balancer's Idle Timeout settings
`alb.ingress.kubernetes.io/network-type`	public	Ingress	Load balancer's network-type settings (only used when creating). Private: private, public: public
`alb.ingress.kubernetes.io/public-ip-instance-no`	N/A	Ingress	Public IP instance number
`alb.ingress.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination`	false	Ingress	Whether to preserve public IP when returning a load balancer.
`alb.ingress.kubernetes.io/subnet-id`	`lbSubnetNo` value of `kube-system` `configmap(ncloud-config)`	Ingress	ID value of the dedicated load balancer subnet used to create the load balancer (only used when creating).
`alb.ingress.kubernetes.io/actions.${actionName}`	N/A	Ingress	Settings to use features of listener rules. (See description below.)
`alb.ingress.kubernetes.io/conditions.${conditionName}`	N/A	Ingress	Settings for applying additional conditions to the Ingress rule's host and path conditions. (See description below.)
`alb.ingress.kubernetes.io/enable-access-log`	false	Ingress	Access log collection settings. Requires subscription to the Cloud Log Analytics product.
`alb.ingress.kubernetes.io/load-balancer-name`	N/A	Ingress	Name of the load balancer. Apply only when creating. Naming convention: Must be within 3-30 characters in length with only letters, numbers, and hyphens allowed. Must start with a letter.
`alb.ingress.kubernetes.io/ssl-redirect`	N/A	Ingress	SSL Redirect target port setting
`alb.ingress.kubernetes.io/listener-acl-id.{port}`	N/A	Ingress	ACL ID to be applied to the listener
`alb.ingress.kubernetes.io/algorithm-type`	round-robin	Ingress, Service	Target group's load balancing algorithm settings Configurable values: round-robin, least-connection, and source-ip-hash
`alb.ingress.kubernetes.io/unhealthy-threshold-count`	2	Ingress, Service	Health Check failure threshold.
`alb.ingress.kubernetes.io/healthy-threshold-count`	2	Ingress, Service	Health Check success threshold.
`alb.ingress.kubernetes.io/healthcheck-port`	TargetGroup port	Ingress, Service	Health Check port
`alb.ingress.kubernetes.io/healthcheck-path`	'/'	Ingress, Service	Health Check URL path
`alb.ingress.kubernetes.io/healthcheck-interval-seconds`	30	Ingress, Service	Health Check interval (seconds)
`alb.ingress.kubernetes.io/healthcheck-protocol`	HTTP	Ingress, Service	Health Check protocol HTTP, HTTPS
`alb.ingress.kubernetes.io/backend-protocol`	HTTP	Ingress, Service	Target Group's protocol HTTP, HTTPS
`alb.ingress.kubernetes.io/enable-sticky-session`	false	Ingress, Service	Target Group's Sticky Session settings

alb.ingress.kubernetes.io/actions.${actionName}: Additional functions of the Listener Rule can be set by writing a string in the JSON format according to the actions model. Set the service.name of the rule set to the Ingress you want to use as ${actionName} and set service.port.name as use-annotation to have the annotation applied.

Properties	Type	Description
`type`	string	Define the type of action. Configurable values: `targetGroup` and `redirection`
`targetGroup`	object	Use when an action's type is set to targetGroup.
`targetGroup.targetGroups`	array	List of services to deliver traffic
`targetGroup.targetGroups[n].serviceName`	string	service name
`targetGroup.targetGroups[n].servicePort`	number	service port
`targetGroup.enableStickySession`	boolean	sticky session activation status Default value: false
`redirection`	object	Use when an action's type is set to redirection.
`redirection.host`	string	Default value: #{host}
`redirection.path`	string	Default value: #{path}
`redirection.query`	string	Default value: #{query}
`redirection.port`	string	redirection port
`redirection.protocol`	string	Configurable protocols: HTTP, HTTPS Default value: #{protocol}
`redirection.statusCode`	number	Configurable codes: 301 and 302

alb.ingress.kubernetes.io/conditions.${conditionName}: In addition to the Host and Path conditions defined in Ingress, other conditions can be additionally set by writing a string in the JSON format according to the conditions model. These conditions are applied to the service with the serviceName that matches ${conditionName} in Ingress Rule.

Properties	Type	Description
`field`	string	Define conditions to add. Configurable values `hostHeader`, `pathPattern`, and `httpHeader`
`hostHeader`	object	Use when the condition's field is set to hostHeader.
`hostHeader.values`	array	host list
`hostHeader.values[n]`	string	host value
`pathPattern`	object	Use when the condition's field is set to pathPattern.
`pathPattern.values`	array	path list
`pathPattern.values[n]`	string	path value
`httpHeader`	object	Use when the condition's field is set to httpHeader.
`httpHeader.key`	string	header key value
`httpHeader.values`	array	header value list

Example codes

For detailed example of ALB Ingress Controller, see ALB Ingress Controller use cases.