Available in VPC
You can route traffic by integrating Kubernetes Ingress with Load Balancer through ALB Ingress Controller.
When Ingress is created in the Kubernetes system, ALB Ingress Controller uses the values set at Ingress to create a Load Balancer instance. When an instance is created, the Ingress Rule uses the set service's node port as the port value to create a target group and register it to the instance.
Caution
- NAVER Cloud Platform's Load Balancer, created in Kubernetes, is managed by the resources of Kubernetes.
- If you edit load balancer yourself through the console or APIs, the status synchronization may not be performed normally, causing unexpected issues. If you need to change the load balancer settings, make sure to proceed it by editing the Kubernetes resources.
- Technical support is not provided for any problems occurred from directly changing it through the console or APIs.
Install ALB Ingress Controller
To prepare after installing the ALB Ingress Controller in the cluster, follow these steps:
-
Install the ALB Ingress Controller by executing the command for the following region:
NoteIf the cluster’s hypervisor is KVM, you can use ALB Ingress Controller without installation since it is included by default.
- alb-ingress-controller is created in the kube-system namespace, and necessary ServiceAccount, ClusterRole, ClusterRoleBinding, and IngressClass are created together.
-
Korea
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub/install.yaml- If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub/install.yaml.
-
Singapore
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub-sg/install.yaml- If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub-sg/install.yaml.
-
Japan
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub-jp/install.yaml- If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub-jp/install.yaml.
-
Add the spec.ingressClassName: alb field to the resources of Ingress.
- If the version is older than Kubernetes 1.19, add the kubernetes.io/ingress.class: alb annotation.
ALB Ingress Controller setting and annotation
Default ALB Ingress Controller setting
The following describes the default setting of the ALB Ingress Controller:
- Service type: NodePort
All servers to be exposed through Ingress should be created as NodePort type. - Default Rule
The Default Rule is applied when there is no matching rule, and it can be set in spec.defaultBackend.
You cannot configure rules and use-annotations separately, and a default target group set to Port 80 is created if not set. - Rule Priority
Priority is determined according to the order of rules defined in Ingress. The topmost rule's priority is set to 1.
ALB Ingress Controller annotation
You can use annotations in Kubernetes Ingresses and service objects to change settings.
Use the required annotations while referring to the following table: All annotations of the ALB Ingress Controller start with alb.ingress.kubernetes.io/.
| Annotation | Default | Applicable resource | Description |
|---|---|---|---|
alb.ingress.kubernetes.io/listen-ports |
[{"HTTP":80}] ([{"HTTPS":443}] if a certificate number is set.) | Ingress | Listener's protocol and port configuration list. Available protocol: HTTP and HTTPS |
alb.ingress.kubernetes.io/description |
Automatically Created By NKS | Ingress | Load Balancer memo |
alb.ingress.kubernetes.io/ssl-certificate-no |
N/A | Ingress | The certificate number of the Certificate Manager to be applied to the listener of which the protocol is HTTPS. Multiple certificates can be registered using a comma as a separator. (You can check the certificate number in Resource Manager's nrn.) (Example: nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo}) |
alb.ingress.kubernetes.io/ssl-min-version |
TLSV10 | Ingress | TLS Protocol version - Configurable versions and values TLS v1.0: TLSV10 TLS v1.1: TLSV11 TLS v1.2: TLSV12 TLS v1.3: TLSV13 |
alb.ingress.kubernetes.io/enable-http2 |
false | Ingress | Whether HTTP/2 of the listener with the HTTPS protocol is enabled. |
alb.ingress.kubernetes.io/cipher-suite-list |
All cipher suites supported by the listener | Ingress | List of Cipher Suite supported by listener (Example: ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"]) |
alb.ingress.kubernetes.io/load-balancer-size |
small | Ingress | Load balancer's load processing performance settings Configurable values: SMALL, MEDIUM, LARGE, and XLARGE |
alb.ingress.kubernetes.io/idle-timeout |
60 | Ingress | Load balancer's Idle Timeout settings |
alb.ingress.kubernetes.io/network-type |
public | Ingress | Load balancer's network-type settings (Use only when creating.) Private: private, public: public |
alb.ingress.kubernetes.io/public-ip-instance-no |
N/A | Ingress | Public IP instance number |
alb.ingress.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination |
false | Ingress | Whether to preserve public IP when returning a load balancer. |
alb.ingress.kubernetes.io/subnet-id |
kube-system configmap(ncloud-config)'s lbSubnetNo value |
Ingress | ID of the dedicated subnet for creating load balancers (Use only when creating.) |
alb.ingress.kubernetes.io/actions.${actionName} |
N/A | Ingress | Settings to use features of listener rules (See the following description.) |
alb.ingress.kubernetes.io/conditions.${conditionName} |
N/A | Ingress | Settings for applying additional conditions to the Ingress rule's host and path conditions (See the following description.) |
alb.ingress.kubernetes.io/enable-access-log |
false | Ingress | Access log collection settings (need to apply for a subscription for the Cloud Log Analytics product) |
alb.ingress.kubernetes.io/load-balancer-name |
N/A | Ingress | The name of the load balancer (Apply only when creating.) Naming convention: 3 to 30 characters in length; only English letters/numbers/'-' are allowed; start with an English letter. |
alb.ingress.kubernetes.io/ssl-redirect |
N/A | Ingress | SSL Redirect target port setting |
alb.ingress.kubernetes.io/listener-acl-id.{port} |
N/A | Ingress | ACL ID to be assigned to the listener |
alb.ingress.kubernetes.io/algorithm-type |
round-robin | Ingress, Service | Target group's load balancing algorithm settings Configurable values: round-robin, least-connection, and source-ip-hash |
alb.ingress.kubernetes.io/unhealthy-threshold-count |
2 | Ingress, Service | Health Check failure threshold |
alb.ingress.kubernetes.io/healthy-threshold-count |
2 | Ingress, Service | Health Check success threshold |
alb.ingress.kubernetes.io/healthcheck-port |
TargetGroup port | Ingress, Service | Health Check port |
alb.ingress.kubernetes.io/healthcheck-path |
'/' | Ingress, Service | Health Check URL path |
alb.ingress.kubernetes.io/healthcheck-interval-seconds |
30 | Ingress, Service | Health Check interval (seconds) |
alb.ingress.kubernetes.io/healthcheck-protocol |
HTTP | Ingress, Service | Health Check protocol HTTP, HTTPS |
alb.ingress.kubernetes.io/backend-protocol |
HTTP | Ingress, Service | Target Group's protocol HTTP, HTTPS |
alb.ingress.kubernetes.io/enable-sticky-session |
false | Ingress, Service | Target Group's Sticky Session settings |
alb.ingress.kubernetes.io/actions.${actionName}: additional functions of the Listener Rule can be set by writing a string in the JSON format according to theactionsmodel. Set the service.name of the rule set to the Ingress you want to use as${actionName}and set service.port.name as use-annotation to have the annotation applied.
| Properties | Type | Description |
|---|---|---|
type |
string | Define the type of action. Configurable values: targetGroup and redirection |
targetGroup |
object | Use when an action's type is set to targetGroup. |
targetGroup.targetGroups |
array | List of services to deliver traffic |
targetGroup.targetGroups[n].serviceName |
string | service name |
targetGroup.targetGroups[n].servicePort |
number | service port |
targetGroup.enableStickySession |
boolean | Sticky Session activation status Default value: false |
redirection |
object | Use when an action's type is set to redirection. |
redirection.host |
string | Default value: #{host} |
redirection.path |
string | Default value: #{path} |
redirection.query |
string | Default value: #{query} |
redirection.port |
string | Redirection port Default value: #{port} |
redirection.protocol |
string | Configurable protocols: HTTP and HTTPS Default value: #{protocol} |
redirection.statusCode |
number | Configurable codes: 301 and 302 |
alb.ingress.kubernetes.io/conditions.${conditionName}: in addition to the Host and Path conditions defined in Ingress, other conditions can be additionally set by writing a string in the JSON format according to theconditionsmodel. These conditions are applied to the service with the serviceName that matches the${conditionName}in Ingress Rule.
| Properties | Type | Description |
|---|---|---|
field |
string | Define conditions to add. Available values hostHeader, pathPattern, and httpHeader |
hostHeader |
object | Use when the condition's field is set to hostHeader. |
hostHeader.values |
array | Host list |
hostHeader.values[n] |
string | Host value |
pathPattern |
object | Use when the condition's field is set to pathPattern. |
pathPattern.values |
array | Path list |
pathPattern.values[n] |
string | Path value |
httpHeader |
object | Use when the condition's field is set to httpHeader. |
httpHeader.key |
string | Header key value |
httpHeader.values |
array | Header value list |
Example codes
For more detailed example of ALB Ingress Controller, see ALB Ingress Controller use cases.